Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report JSChk2v3o9

Overview

General Information

Sample Name:JSChk2v3o9 (renamed file extension from none to exe)
Analysis ID:391040
MD5:077fccc46159f8ccd79fcd50787db1c9
SHA1:288635e27276ba6da3291d0982a8f0f23ae0065e
SHA256:92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
Tags:DiscordtokenstealerNitroRansomware
Infos:

Most interesting Screenshot:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Modifies existing user documents (likely ransomware behavior)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • JSChk2v3o9.exe (PID: 5996 cmdline: 'C:\Users\user\Desktop\JSChk2v3o9.exe' MD5: 077FCCC46159F8CCD79FCD50787DB1C9)
    • cmd.exe (PID: 3160 cmdline: cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 3176 cmdline: wmic csproduct get uuid MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
  • JSChk2v3o9.exe (PID: 5276 cmdline: 'C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe' MD5: 077FCCC46159F8CCD79FCD50787DB1C9)
  • JSChk2v3o9.exe (PID: 5608 cmdline: 'C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe' MD5: 077FCCC46159F8CCD79FCD50787DB1C9)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeReversingLabs: Detection: 72%
Multi AV Scanner detection for submitted fileShow sources
Source: JSChk2v3o9.exeVirustotal: Detection: 39%Perma Link
Source: JSChk2v3o9.exeReversingLabs: Detection: 72%
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeJoe Sandbox ML: detected
Machine Learning detection for sampleShow sources
Source: JSChk2v3o9.exeJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 54.225.144.221:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: JSChk2v3o9.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: Binary string: C:\Users\coazy\Desktop\Source Codes\Nitro-Ransomware-master\NitroRansomware\obj\Debug\NitroRansomware.pdb source: JSChk2v3o9.exe

Networking:

barindex
May check the online IP address of the machineShow sources
Source: C:\Users\user\Desktop\JSChk2v3o9.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\JSChk2v3o9.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\JSChk2v3o9.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\JSChk2v3o9.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\JSChk2v3o9.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\JSChk2v3o9.exeDNS query: name: api.ipify.org
Source: Joe Sandbox ViewIP Address: 162.159.137.232 162.159.137.232
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownDNS traffic detected: queries for: api.ipify.org
Source: JSChk2v3o9.exe, 00000000.00000002.468556788.000000000265D000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: JSChk2v3o9.exe, 00000000.00000002.471292362.0000000002912000.00000004.00000001.sdmpString found in binary or memory: http://canary.discord.com
Source: JSChk2v3o9.exe, 00000000.00000002.468556788.000000000265D000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: JSChk2v3o9.exe, 00000000.00000002.468556788.000000000265D000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: JSChk2v3o9.exe, 00000000.00000002.468556788.000000000265D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: JSChk2v3o9.exe, 00000000.00000002.468364715.00000000025F1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: JSChk2v3o9.exe, 00000006.00000003.249710277.00000000055B0000.00000004.00000001.sdmpString found in binary or memory: http://www.agfamonotype.
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: JSChk2v3o9.exe, 00000005.00000003.236845670.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: JSChk2v3o9.exe, 00000005.00000003.232631273.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.233055484.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.232909403.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
Source: JSChk2v3o9.exe, 00000005.00000003.233055484.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.combolHx
Source: JSChk2v3o9.exe, 00000005.00000003.232631273.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comcin
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: JSChk2v3o9.exe, 00000005.00000003.232631273.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn
Source: JSChk2v3o9.exe, 00000000.00000002.468556788.000000000265D000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.474304225.00000000067B2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: JSChk2v3o9.exe, 00000005.00000003.240984295.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.240628427.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.239552436.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: JSChk2v3o9.exe, 00000005.00000003.238250346.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/r
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.235233044.0000000005719000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/-cz3
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//-dd
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: JSChk2v3o9.exe, 00000005.00000003.234137534.000000000571A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/9
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/_
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: JSChk2v3o9.exe, 00000005.00000003.234548961.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/A
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/m
Source: JSChk2v3o9.exe, 00000005.00000003.234137534.000000000571A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/m
Source: JSChk2v3o9.exe, 00000005.00000003.233592215.0000000005713000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/p
Source: JSChk2v3o9.exe, 00000005.00000003.234137534.000000000571A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s_tr
Source: JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/sebr
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: JSChk2v3o9.exe, 00000005.00000003.238192124.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.242108983.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: JSChk2v3o9.exe, 00000005.00000003.242108983.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deeg
Source: JSChk2v3o9.exe, 00000005.00000003.238133743.000000000573D000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.depy
Source: JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: JSChk2v3o9.exe, 00000005.00000003.232281468.000000000573C000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnmit
Source: JSChk2v3o9.exe, 00000005.00000003.232281468.000000000573C000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.8y
Source: JSChk2v3o9.exeString found in binary or memory: https://api.ipify.org
Source: JSChk2v3o9.exe, 00000000.00000002.471292362.0000000002912000.00000004.00000001.sdmpString found in binary or memory: https://canary.discord.com
Source: JSChk2v3o9.exeString found in binary or memory: https://canary.discord.com/api/webhooks/832337573137481738/CLEu4D_JA7ZHqWw480anTMj55DiipiCfvTOZKWyxt
Source: JSChk2v3o9.exe, 00000000.00000002.468364715.00000000025F1000.00000004.00000001.sdmpString found in binary or memory: https://canary.discord.com4
Source: JSChk2v3o9.exeString found in binary or memory: https://discord.com/api/v8/entitlements/gift-codes/
Source: JSChk2v3o9.exeString found in binary or memory: https://i.ibb.co/0frTD92/discord-avatar-512.png
Source: JSChk2v3o9.exe, 00000000.00000002.468364715.00000000025F1000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 54.225.144.221:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49715 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands:

barindex
Modifies existing user documents (likely ransomware behavior)Show sources
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile deleted: C:\Users\user\Desktop\EFOYFBOLXA.pngJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile deleted: C:\Users\user\Desktop\BJZFPPWAPT.mp3Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile deleted: C:\Users\user\Desktop\BNAGMGSPLO.mp3Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile deleted: C:\Users\user\Desktop\BJZFPPWAPT.jpgJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile deleted: C:\Users\user\Desktop\BNAGMGSPLO.pdfJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess Stats: CPU usage > 98%
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_0028400B0_2_0028400B
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_003CC9D00_2_003CC9D0
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_003C64200_2_003C6420
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_003CC9C10_2_003CC9C1
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_003C3BC40_2_003C3BC4
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_00A48A640_2_00A48A64
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_00A49D680_2_00A49D68
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_024A62200_2_024A6220
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_024A4CD80_2_024A4CD8
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_024A62160_2_024A6216
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_003D400B5_2_003D400B
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_00C2D38C5_2_00C2D38C
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_00C2D3805_2_00C2D380
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_00C2F8705_2_00C2F870
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_00C2B9245_2_00C2B924
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_00C2DE2B5_2_00C2DE2B
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_06D855085_2_06D85508
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_06D842E45_2_06D842E4
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_07180B205_2_07180B20
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_071891C85_2_071891C8
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_07189F085_2_07189F08
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_0718A3D05_2_0718A3D0
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_001F400B6_2_001F400B
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_00BCEDE06_2_00BCEDE0
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_00BCD38C6_2_00BCD38C
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_00BCD3806_2_00BCD380
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_00BCF8706_2_00BCF870
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_00BCB9246_2_00BCB924
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_00BCDE1E6_2_00BCDE1E
Source: JSChk2v3o9.exe, 00000000.00000000.196402054.0000000000292000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNitroRansomware.exe@ vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000000.00000002.474076507.0000000005B30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000000.00000002.474339807.0000000005D70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000005.00000002.468130787.0000000002751000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000005.00000002.485447609.0000000009060000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000005.00000002.485488769.0000000009070000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000005.00000000.218135179.00000000003E2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNitroRansomware.exe@ vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000005.00000002.474456143.0000000006D00000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000006.00000002.475835341.0000000007060000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000006.00000000.239140916.0000000000202000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNitroRansomware.exe@ vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000006.00000002.467906220.0000000002751000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, 00000006.00000002.475079420.0000000006F20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs JSChk2v3o9.exe
Source: JSChk2v3o9.exeBinary or memory string: OriginalFilenameNitroRansomware.exe@ vs JSChk2v3o9.exe
Source: JSChk2v3o9.exe, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: JSChk2v3o9.exe.0.dr, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: 0.0.JSChk2v3o9.exe.280000.0.unpack, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: 0.2.JSChk2v3o9.exe.280000.0.unpack, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: 5.2.JSChk2v3o9.exe.3d0000.0.unpack, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: 5.0.JSChk2v3o9.exe.3d0000.0.unpack, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: 6.2.JSChk2v3o9.exe.1f0000.0.unpack, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: 6.0.JSChk2v3o9.exe.1f0000.0.unpack, Crypto.csCryptographic APIs: 'CreateDecryptor'
Source: classification engineClassification label: mal72.rans.troj.winEXE@8/57@7/2
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile created: C:\Users\user\Documents\BJZFPPWAPT.jpg.givemenitroJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_01
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile created: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeJump to behavior
Source: JSChk2v3o9.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\JSChk2v3o9.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Users\user\Pictures\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: JSChk2v3o9.exeVirustotal: Detection: 39%
Source: JSChk2v3o9.exeReversingLabs: Detection: 72%
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile read: C:\Users\user\Desktop\JSChk2v3o9.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\JSChk2v3o9.exe 'C:\Users\user\Desktop\JSChk2v3o9.exe'
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get uuid
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe 'C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe 'C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe'
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: JSChk2v3o9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: JSChk2v3o9.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: JSChk2v3o9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\coazy\Desktop\Source Codes\Nitro-Ransomware-master\NitroRansomware\obj\Debug\NitroRansomware.pdb source: JSChk2v3o9.exe
Source: JSChk2v3o9.exeStatic PE information: 0xF38C7D80 [Thu Jun 25 11:37:36 2099 UTC]
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_0028A6EF push esp; iretd 0_2_0028A70C
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_0028243E push eax; ret 0_2_0028243F
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_002822CA push eax; ret 0_2_002822CB
Source: C:\Users\user\Desktop\JSChk2v3o9.exeCode function: 0_2_0028A70D push esp; iretd 0_2_0028A70C
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_003D243E push eax; ret 5_2_003D243F
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_003DA6EF push esp; iretd 5_2_003DA70C
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_003DA70D push esp; iretd 5_2_003DA70C
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_003D22CA push eax; ret 5_2_003D22CB
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_05083340 pushfd ; ret 5_2_05083341
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_06D8F6E0 pushad ; iretd 5_2_06D8F6E1
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_06D8EE18 pushad ; retf 5_2_06D8EE19
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_06D8EE1A push esp; retf 5_2_06D8EE21
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_06D861F8 push 38050763h; iretd 5_2_06D861FD
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_07188A70 push eax; mov dword ptr [esp], edx5_2_07188A84
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 5_2_07185830 push es; ret 5_2_071858B0
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_001FA70D push esp; iretd 6_2_001FA70C
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_001F22CA push eax; ret 6_2_001F22CB
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_001F243E push eax; ret 6_2_001F243F
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeCode function: 6_2_001FA6EF push esp; iretd 6_2_001FA70C
Source: C:\Users\user\Desktop\JSChk2v3o9.exeFile created: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeJump to dropped file
Source: C:\Users\user\Desktop\JSChk2v3o9.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NRJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NRJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeWindow / User API: threadDelayed 7561Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeWindow / User API: threadDelayed 1594Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeWindow / User API: threadDelayed 6505Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeWindow / User API: threadDelayed 2883Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeWindow / User API: threadDelayed 6949Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeWindow / User API: threadDelayed 2377Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -4611686018427385s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99875s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99766s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99656s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99547s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99437s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99328s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99219s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99109s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -98891s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -98781s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -98672s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -98562s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -98453s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -199906s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99843s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99703s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99593s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99484s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99375s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99265s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99906s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99796s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99687s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99578s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99468s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99844s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99734s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99625s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99515s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99406s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99297s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99187s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99938s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exe TID: 5416Thread sleep time: -99813s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe TID: 3176Thread sleep count: 311 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe TID: 5960Thread sleep count: 38 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe TID: 5960Thread sleep time: -35048813740048126s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe TID: 5976Thread sleep count: 6505 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe TID: 5976Thread sleep count: 2883 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe TID: 4840Thread sleep time: -32281802128991695s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99875Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99766Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99656Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99547Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99437Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99328Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99219Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99109Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99000Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 98891Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 98781Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 98672Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 98562Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 98453Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99953Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99843Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99703Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99593Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99484Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99375Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99265Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99906Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99796Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99687Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99578Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99468Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99844Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99734Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99625Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99515Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99406Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99297Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99187Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99938Jump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeThread delayed: delay time: 99813Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: JSChk2v3o9.exe, 00000000.00000002.474339807.0000000005D70000.00000002.00000001.sdmp, WMIC.exe, 00000004.00000002.201339533.0000000000A20000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: JSChk2v3o9.exe, 00000000.00000002.474339807.0000000005D70000.00000002.00000001.sdmp, WMIC.exe, 00000004.00000002.201339533.0000000000A20000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: JSChk2v3o9.exe, 00000000.00000002.474339807.0000000005D70000.00000002.00000001.sdmp, WMIC.exe, 00000004.00000002.201339533.0000000000A20000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: JSChk2v3o9.exe, 00000000.00000002.474339807.0000000005D70000.00000002.00000001.sdmp, WMIC.exe, 00000004.00000002.201339533.0000000000A20000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: JSChk2v3o9.exe, 00000000.00000002.468002239.0000000000FB0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.467632462.00000000010D0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.467075225.0000000000F80000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: JSChk2v3o9.exe, 00000000.00000002.468002239.0000000000FB0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.467632462.00000000010D0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.467075225.0000000000F80000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: JSChk2v3o9.exe, 00000000.00000002.468002239.0000000000FB0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.467632462.00000000010D0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.467075225.0000000000F80000.00000002.00000001.sdmpBinary or memory string: Progman
Source: JSChk2v3o9.exe, 00000000.00000002.468002239.0000000000FB0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.467632462.00000000010D0000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.467075225.0000000000F80000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\JSChk2v3o9.exeQueries volume information: C:\Users\user\Desktop\JSChk2v3o9.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\JSChk2v3o9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1Registry Run Keys / Startup Folder1Process Injection12Masquerading1OS Credential DumpingSecurity Software Discovery111Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Disable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection12NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsTimestomp1DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
JSChk2v3o9.exe40%VirustotalBrowse
JSChk2v3o9.exe72%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
JSChk2v3o9.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe72%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
canary.discord.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.jiyu-kobo.co.jp/jp/A0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.carterandcone.comcin0%Avira URL Cloudsafe
http://www.zhongyicts.com.cnmit0%Avira URL Cloudsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
https://canary.discord.com/api/webhooks/832337573137481738/CLEu4D_JA7ZHqWw480anTMj55DiipiCfvTOZKWyxt0%Avira URL Cloudsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
https://discord.com/api/v8/entitlements/gift-codes/0%Avira URL Cloudsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://canary.discord.com0%Avira URL Cloudsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/90%URL Reputationsafe
http://www.jiyu-kobo.co.jp/90%URL Reputationsafe
http://www.jiyu-kobo.co.jp/90%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/m0%Avira URL Cloudsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.zhongyicts.com.cno.8y0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/s_tr0%Avira URL Cloudsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.de0%URL Reputationsafe
http://www.urwpp.de0%URL Reputationsafe
http://www.urwpp.de0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
https://canary.discord.com40%Avira URL Cloudsafe
http://www.agfamonotype.0%URL Reputationsafe
http://www.agfamonotype.0%URL Reputationsafe
http://www.agfamonotype.0%URL Reputationsafe
https://canary.discord.com0%Avira URL Cloudsafe
http://www.carterandcone.combolHx0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp//-dd0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.carterandcone.comn0%URL Reputationsafe
http://www.carterandcone.comn0%URL Reputationsafe
http://www.carterandcone.comn0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/-cz30%Avira URL Cloudsafe
http://www.urwpp.deeg0%Avira URL Cloudsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/sebr0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/m0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/m0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/m0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.urwpp.depy0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/_0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/_0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/_0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
elb097307-934924932.us-east-1.elb.amazonaws.com
54.225.144.221
truefalse
    		high
    canary.discord.com
    		162.159.137.232
    		truefalseunknown
    api.ipify.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.fontbureau.com/designersGJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
        		high
        http://www.jiyu-kobo.co.jp/jp/AJSChk2v3o9.exe, 00000005.00000003.234548961.0000000005719000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.fontbureau.com/designers/?JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
          		high
          http://www.founder.com.cn/cn/bTheJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.carterandcone.comcinJSChk2v3o9.exe, 00000005.00000003.232631273.000000000573D000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fontbureau.com/designers?JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
            		high
            http://www.zhongyicts.com.cnmitJSChk2v3o9.exe, 00000005.00000003.232281468.000000000573C000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.tiro.comJSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://canary.discord.com/api/webhooks/832337573137481738/CLEu4D_JA7ZHqWw480anTMj55DiipiCfvTOZKWyxtJSChk2v3o9.exefalse
            • Avira URL Cloud: safe
            		unknown
            http://www.fontbureau.com/designersJSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
              		high
              http://www.goodfont.co.krJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://discord.com/api/v8/entitlements/gift-codes/JSChk2v3o9.exefalse
              • Avira URL Cloud: safe
              		unknown
              http://www.carterandcone.comJSChk2v3o9.exe, 00000005.00000003.232631273.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.233055484.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.232909403.000000000573D000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://canary.discord.comJSChk2v3o9.exe, 00000000.00000002.471292362.0000000002912000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.sajatypeworks.comJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.jiyu-kobo.co.jp/9JSChk2v3o9.exe, 00000005.00000003.234137534.000000000571A000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.typography.netDJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.founder.com.cn/cn/cTheJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.galapagosdesign.com/staff/dennis.htmJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://api.ipify.orgJSChk2v3o9.exefalse
                		high
                http://fontfabrik.comJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/8JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/mJSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.galapagosdesign.com/DPleaseJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.zhongyicts.com.cno.8yJSChk2v3o9.exe, 00000005.00000003.232281468.000000000573C000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		low
                https://i.ibb.co/0frTD92/discord-avatar-512.pngJSChk2v3o9.exefalse
                  		high
                  http://www.jiyu-kobo.co.jp/s_trJSChk2v3o9.exe, 00000005.00000003.234137534.000000000571A000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ascendercorp.com/typedesigners.htmlJSChk2v3o9.exe, 00000005.00000003.236845670.000000000573D000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fonts.comJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                    		high
                    http://www.sandoll.co.krJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.urwpp.deDPleaseJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.urwpp.deJSChk2v3o9.exe, 00000005.00000003.238192124.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.242108983.000000000573D000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.zhongyicts.com.cnJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameJSChk2v3o9.exe, 00000000.00000002.468364715.00000000025F1000.00000004.00000001.sdmpfalse
                      		high
                      http://www.sakkal.comJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://canary.discord.com4JSChk2v3o9.exe, 00000000.00000002.468364715.00000000025F1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.0JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.474304225.00000000067B2000.00000004.00000001.sdmpfalse
                          		high
                          http://www.agfamonotype.JSChk2v3o9.exe, 00000006.00000003.249710277.00000000055B0000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://canary.discord.comJSChk2v3o9.exe, 00000000.00000002.471292362.0000000002912000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.carterandcone.combolHxJSChk2v3o9.exe, 00000005.00000003.233055484.000000000573D000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.com/designers/rJSChk2v3o9.exe, 00000005.00000003.238250346.000000000573D000.00000004.00000001.sdmpfalse
                            		high
                            http://www.jiyu-kobo.co.jp//-ddJSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/jp/JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comnJSChk2v3o9.exe, 00000005.00000003.232631273.000000000573D000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comlJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/-cz3JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.urwpp.deegJSChk2v3o9.exe, 00000005.00000003.242108983.000000000573D000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cnJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlJSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.239552436.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/cabarga.htmlJSChk2v3o9.exe, 00000005.00000003.240984295.000000000573D000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.240628427.000000000573D000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/sebrJSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/pJSChk2v3o9.exe, 00000005.00000003.233592215.0000000005713000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/mJSChk2v3o9.exe, 00000005.00000003.234137534.000000000571A000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000003.235233044.0000000005719000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers8JSChk2v3o9.exe, 00000000.00000002.478794721.0000000007250000.00000002.00000001.sdmp, JSChk2v3o9.exe, 00000005.00000002.474015828.0000000006922000.00000004.00000001.sdmp, JSChk2v3o9.exe, 00000006.00000002.473202130.0000000005690000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.urwpp.depyJSChk2v3o9.exe, 00000005.00000003.238133743.000000000573D000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/_JSChk2v3o9.exe, 00000005.00000003.236378383.0000000005719000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    162.159.137.232
                                    		canary.discord.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    54.225.144.221
                                    		elb097307-934924932.us-east-1.elb.amazonaws.comUnited States
                                    		14618AMAZON-AESUSfalse

                                    General Information

                                    Joe Sandbox Version:31.0.0 Emerald
                                    Analysis ID:391040
                                    Start date:18.04.2021
                                    Start time:03:20:34
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 10m 14s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:JSChk2v3o9 (renamed file extension from none to exe)
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:31
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal72.rans.troj.winEXE@8/57@7/2
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 0.2% (good quality ratio 0.1%)
                                    • Quality average: 40.7%
                                    • Quality standard deviation: 34.6%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 315
                                    • Number of non-executed functions: 5
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                    • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 104.42.151.234, 23.218.208.56, 8.241.82.254, 8.241.80.126, 8.253.145.121, 8.253.145.120, 8.238.85.126, 20.190.160.133, 20.190.160.70, 20.190.160.74, 20.190.160.130, 20.190.160.3, 20.190.160.131, 20.190.160.7, 20.190.160.5, 20.50.102.62, 92.122.213.194, 92.122.213.247, 20.54.26.129, 2.17.179.193, 84.53.167.113
                                    • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, cdn.onenote.net.edgekey.net, login.live.com, wildcard.weather.microsoft.com.edgekey.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, cdn.onenote.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, login.msa.msidentity.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, e1553.dspg.akamaiedge.net, skypedataprdcolwus16.cloudapp.net
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    03:21:21API Interceptor1x Sleep call for process: WMIC.exe modified
                                    03:21:21AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NR "C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe"
                                    03:21:23API Interceptor48x Sleep call for process: JSChk2v3o9.exe modified
                                    03:21:29AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NR "C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe"

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    162.159.137.232Glock Clicker 2.0 Cracked by Back @mobleaks (2).exeGet hashmaliciousBrowse
                                      BIb5AQZOu9.exeGet hashmaliciousBrowse
                                        egwbnzACBa.exeGet hashmaliciousBrowse
                                          N8MwnxcRDv.exeGet hashmaliciousBrowse
                                            SecuriteInfo.com.Trojan.DownLoader36.32796.17922.exeGet hashmaliciousBrowse
                                              0p8ufnbnaG.exeGet hashmaliciousBrowse
                                                December SOA.exeGet hashmaliciousBrowse
                                                  0I2ddZZKv7.exeGet hashmaliciousBrowse
                                                    Pago Fecha 2021.xlsGet hashmaliciousBrowse
                                                      Swift_28960_Ziraat_Bankasi_5A186F_IMG.exeGet hashmaliciousBrowse
                                                        order-33738.exeGet hashmaliciousBrowse
                                                          Scan 1217 2020 pdf.exeGet hashmaliciousBrowse
                                                            RFQ Valves 664KU.exeGet hashmaliciousBrowse
                                                              43K4aWCHQl.exeGet hashmaliciousBrowse
                                                                VfkWXczemB.exeGet hashmaliciousBrowse
                                                                  Td8XH0P3TG.exeGet hashmaliciousBrowse
                                                                    nmbaHA0V6t.exeGet hashmaliciousBrowse
                                                                      RbN4Izv0Sa.exeGet hashmaliciousBrowse
                                                                        2817299128.pdf.exeGet hashmaliciousBrowse
                                                                          PL_BL_SMK14122020.exeGet hashmaliciousBrowse
                                                                            54.225.144.221EARTH SUMMTMAR21-V01VC.exeGet hashmaliciousBrowse

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              elb097307-934924932.us-east-1.elb.amazonaws.comK7is14GW1m.exeGet hashmaliciousBrowse
                                                                              • 54.235.83.248
                                                                              EARTH SUMMT#U2013MAR21-V01VC.exeGet hashmaliciousBrowse
                                                                              • 54.243.121.36
                                                                              EARTH SUMMTMAR21-V01VC.exeGet hashmaliciousBrowse
                                                                              • 54.225.144.221
                                                                              wermgr.dllGet hashmaliciousBrowse
                                                                              • 54.225.157.230
                                                                              0413_7089427210993.docGet hashmaliciousBrowse
                                                                              • 50.19.96.218
                                                                              plumbus.rik.dllGet hashmaliciousBrowse
                                                                              • 54.225.157.230
                                                                              Quot_466378-09.exeGet hashmaliciousBrowse
                                                                              • 54.225.165.85
                                                                              MTCC169.DLLGet hashmaliciousBrowse
                                                                              • 54.225.222.160
                                                                              yHm3PFVYHK.exeGet hashmaliciousBrowse
                                                                              • 54.221.253.252
                                                                              C++ Dropper.exeGet hashmaliciousBrowse
                                                                              • 50.19.96.218
                                                                              IntegraL.exeGet hashmaliciousBrowse
                                                                              • 23.21.252.4
                                                                              UbhjHs1ak0.exeGet hashmaliciousBrowse
                                                                              • 50.19.252.36
                                                                              wininit.dllGet hashmaliciousBrowse
                                                                              • 50.19.252.36
                                                                              0408_391585988029.docGet hashmaliciousBrowse
                                                                              • 54.221.253.252
                                                                              msals.pumpl.dllGet hashmaliciousBrowse
                                                                              • 54.235.83.248
                                                                              frox0cheats.exeGet hashmaliciousBrowse
                                                                              • 54.225.222.160
                                                                              Lucky_Execute.exeGet hashmaliciousBrowse
                                                                              • 23.21.140.41
                                                                              Lucky Execute.exeGet hashmaliciousBrowse
                                                                              • 54.225.222.160
                                                                              0208_54741869750132.docGet hashmaliciousBrowse
                                                                              • 23.21.140.41
                                                                              X2xf6Qzl46.exeGet hashmaliciousBrowse
                                                                              • 107.22.233.72
                                                                              canary.discord.comSWW8Mmeq6o.exeGet hashmaliciousBrowse
                                                                              • 162.159.135.232
                                                                              2.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              558d9db9309b918e.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232

                                                                              ASN

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              CLOUDFLARENETUSK7is14GW1m.exeGet hashmaliciousBrowse
                                                                              • 162.159.128.233
                                                                              02ca4397da55b3175aaa1ad2c99981e792f66151.exeGet hashmaliciousBrowse
                                                                              • 1.2.3.1
                                                                              02ca4397da55b3175aaa1ad2c99981e792f66151.exeGet hashmaliciousBrowse
                                                                              • 1.2.3.1
                                                                              SecuriteInfo.com.Trojan.GenericKD.36723138.25861.exeGet hashmaliciousBrowse
                                                                              • 172.67.188.154
                                                                              KdLJVb0Aoi.dllGet hashmaliciousBrowse
                                                                              • 104.20.185.68
                                                                              Jpsq8xSzdT.dllGet hashmaliciousBrowse
                                                                              • 104.20.184.68
                                                                              riqZtDR8j7.exeGet hashmaliciousBrowse
                                                                              • 104.22.18.188
                                                                              iIEubyMSNa.exeGet hashmaliciousBrowse
                                                                              • 104.22.19.188
                                                                              7yZsRpugG2.exeGet hashmaliciousBrowse
                                                                              • 104.17.62.50
                                                                              R31iR6jQNF.exeGet hashmaliciousBrowse
                                                                              • 104.21.9.70
                                                                              New Purchase Order - VINEY2104A.exeGet hashmaliciousBrowse
                                                                              • 104.21.19.200
                                                                              36n6PEjkoB.dllGet hashmaliciousBrowse
                                                                              • 104.20.185.68
                                                                              eaxwRxe5h5.exeGet hashmaliciousBrowse
                                                                              • 104.21.84.3
                                                                              MrZgDMb8ns.dllGet hashmaliciousBrowse
                                                                              • 104.20.184.68
                                                                              INV No. RDPLI2021-2111030.exeGet hashmaliciousBrowse
                                                                              • 104.21.19.200
                                                                              Invoice.exeGet hashmaliciousBrowse
                                                                              • 23.227.38.74
                                                                              SecuriteInfo.com.Trojan.InjectNET.14.5311.exeGet hashmaliciousBrowse
                                                                              • 104.22.19.188
                                                                              presupuesto.xlsxGet hashmaliciousBrowse
                                                                              • 172.67.83.132
                                                                              CM264RSB.exeGet hashmaliciousBrowse
                                                                              • 172.67.188.154
                                                                              APRemittanceAdvice.xlsxGet hashmaliciousBrowse
                                                                              • 104.16.19.94
                                                                              AMAZON-AESUSK7is14GW1m.exeGet hashmaliciousBrowse
                                                                              • 54.235.83.248
                                                                              SWIFT COPY.exeGet hashmaliciousBrowse
                                                                              • 52.20.218.92
                                                                              NALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              NALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              NALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              %5cHR%5cNALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              %5cHR%5cNALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              NALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              NALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              %5cHR%5cNALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              NALC-salaries.xlsGet hashmaliciousBrowse
                                                                              • 52.1.52.89
                                                                              1905.xlsGet hashmaliciousBrowse
                                                                              • 50.17.5.224
                                                                              1905.xlsGet hashmaliciousBrowse
                                                                              • 50.17.5.224
                                                                              APRemittanceAdvice.xlsxGet hashmaliciousBrowse
                                                                              • 54.225.136.92
                                                                              422d646c28b4fda4b6291e868342895495b714cba7638.exeGet hashmaliciousBrowse
                                                                              • 50.17.5.224
                                                                              o52k2obPCG.exeGet hashmaliciousBrowse
                                                                              • 54.85.86.211
                                                                              q3uHPdoxWP.exeGet hashmaliciousBrowse
                                                                              • 54.85.86.211
                                                                              yy.exeGet hashmaliciousBrowse
                                                                              • 3.223.115.185
                                                                              uNttFPI36y.exeGet hashmaliciousBrowse
                                                                              • 54.85.86.211
                                                                              RE New order.exeGet hashmaliciousBrowse
                                                                              • 3.223.115.185

                                                                              JA3 Fingerprints

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              3b5074b1b5d032e5620f69f9f700ff0eK7is14GW1m.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              R31iR6jQNF.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              yaMZjaSubi.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              jjuXajqhzA.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              VWR KOLLUK FATURA.pdf.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              aRcixe5jHg.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              4Mryt9pMEh.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              8xu9hkheiK.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              nXNRMcqZLE.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              EARTH SUMMT#U2013MAR21-V01VC.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              EARTH SUMMTMAR21-V01VC.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              DnHPSRX61u.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              yc8vPq193g.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              mGkmu5i85e.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              x86.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              SecuriteInfo.com.Trojan.PackedNET.658.8528.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              00909000870.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              Sirus.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              MoCbYQzKyg.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221
                                                                              00909000870.exeGet hashmaliciousBrowse
                                                                              • 162.159.137.232
                                                                              • 54.225.144.221

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):62976
                                                                              Entropy (8bit):5.361445985547347
                                                                              Encrypted:false
                                                                              SSDEEP:768:SKsMqCXfVcW42vM9ZkiANIUe2YLDwUzc80gmq3oP/oDY:SKse4qM9ZkiAPOr/0O8/o8
                                                                              MD5:077FCCC46159F8CCD79FCD50787DB1C9
                                                                              SHA1:288635E27276BA6DA3291D0982A8F0F23AE0065E
                                                                              SHA-256:92190C9789485A0D96BCED7040080F0AE35C02898C3D31A65D50ECD659B80F09
                                                                              SHA-512:6028A1B66EA3E6BAAE6C11005596C6A6FFF982D132AD23C502BF57C5D0995829F983963BA451142F2780214DA6C8588E8F83B2972D289367300094FEE9CEBE74
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 72%
                                                                              Reputation:low
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............"...0.................. ... ....@.. .......................`............`.....................................O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........J...B..............}...........................................0..............(.......+L......~....o.........,0.~....r...p.(....o.....~.....o......~....(.........X....i2...(.........+...........(.........X.......i2.......~......o....o........*....................0..............(.......+P......(......,<.~....r...p.(....o.........o....~....o....Yo....~....(.........X....i2...(.........+...........(.........X.......i2.......~......o....o........*....................0..
                                                                              C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe:Zone.Identifier
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:true
                                                                              Reputation:high, very likely benign file
                                                                              Preview: [ZoneTransfer]....ZoneId=0
                                                                              C:\Users\user\AppData\Local\Temp\NR_decrypt.txt
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:modified
                                                                              Size (bytes):22
                                                                              Entropy (8bit):4.1523912776298655
                                                                              Encrypted:false
                                                                              SSDEEP:3:a6RGszvHvn:aYDPn
                                                                              MD5:8D86069D299EE90B1ADFDF58D63736DB
                                                                              SHA1:EF2AF989559D1BA12274E11C9077EAD1B35A99C9
                                                                              SHA-256:F41F9F1843B90C67A3B250C97D520A8EEEA3FB81E5484E8F6EDEA1F02E343DE6
                                                                              SHA-512:809AED5575A62C371A607E96D4E6EBDE798824C9A9BF5CD9D5D696E1B585DC01A0D760D4F30FE4FB1E838434C3B73551C673E9A94BAEEDB969DDB3E615317E33
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: ZGVmYXVsdHBhc3N3b3Jk..
                                                                              C:\Users\user\AppData\Roaming\wallpaper.png
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
                                                                              Category:dropped
                                                                              Size (bytes):15192
                                                                              Entropy (8bit):4.825136919429309
                                                                              Encrypted:false
                                                                              SSDEEP:192:MeScrMN2ZF5J8/7GjkooqvbPUGwUvDvc8hZ:1F0yjhPUGwUvDvc8D
                                                                              MD5:732679D55B9AA27712B5F0C064BB3700
                                                                              SHA1:DDC8BF08BCE6BBDDA01632F817C7F8E4F809D3E3
                                                                              SHA-256:D65AEB0789686F44734AF59ABBC06689F4D26118BA7D02F8496F63C4F72E6826
                                                                              SHA-512:35169A91D818EE11ECE3D39A4FD5778CAD71D1DF6E0660FFCFABA273CB08A1F55323FA78CA391F142138FE363D93AA84729F9093D80414ADD12315348FCAE6FA
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: .PNG........IHDR.......8........C....gAMA......a...;.IDATx^..y..u}..y.IN....d".2.T.hUT.Vl.ZJ..eF..k[-...PJ.]*B.i..........(.W..$........a....||}.z-.>....{.~O..;........O|.0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.........!..................B.........!.`.........0......@......... ..........B.
                                                                              C:\Users\user\Desktop\BJZFPPWAPT.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.804944534575102
                                                                              Encrypted:false
                                                                              SSDEEP:24:puNodwctC94rZW3ZF33VQQRNjdMA25s0uRMs98EPsJW7Uw:sNI04YZFnVHvjKe0kMs98BYgw
                                                                              MD5:CE4E7CAE42E9E64AA69A581CC17D4F2A
                                                                              SHA1:5E396BE5C844F0379FCBBA6772C9ECD9513100C2
                                                                              SHA-256:F847B03CA2A6E696ABAC4120B8EDC86F8BFC26FCC5E52AFA41CFAD2076716F33
                                                                              SHA-512:EF2DFFC1A8E8AF16CD60555378DFC4D578A32C34FD0905576E6757CD7BF204FD7C434F2E47070E3DB2D60DD34981BC9C459B25F2C3318AE9080E06CFF959151F
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: ..........b$Q.|.~.........}.........q..< .q.......+.j.vR...M.......N&....P..R...V..R..:.Z.nV...Q.P.m..(.a...w3T<_"....Z7....*.hxa..[.O*...5T....<v...p.@.b...h.vn..G...%,.v..S...xg.[...K..p.v.x....^.O...#.B..t...[...4^.%..YCI.+T..d.~*.v|......H.....5..G.C.@.....OD.Vm.x....a5.+#...a3..:...Ze.C..9a...e.C.N...G.}...sWQ....'.........'..'W......_>..an6E5c...Qa|.CS*...<1.k..n......B..xL..BW...5m..x.....<.d:...o....m......oGk.]v.....p..Zc.H..DH..5.7l.......b._.L.p.ore..\..I...jx...I.F.&...T..z....qk....4...V..9v2..<..jd..ro..x.52.?K.W>.!..~.l.q..4!N..z..Y .d.....b%.......+.g.j.p/p.+.{C...d.\....{.js:.Dj~.8r............;...l+.@.f....,9.5..9...).J}.F.. w.B............."[...=..u...rE......EX.....D.r].. .B...s........$..!]T8I,%.^C-.6.....2K..G4..............C......f?c..CQ......W....'........W..#.M...R.A._....}t..??72.?,........d<..B4H.s.82{N.I..7.?;....>(.._.y.%cG.".._.1.O....T`..Y........."gc.4.x9.Br.tg...M.c..!.o'.wQQ......;.N3.J.5.'.+d"...b..
                                                                              C:\Users\user\Desktop\BJZFPPWAPT.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.823706786383363
                                                                              Encrypted:false
                                                                              SSDEEP:24:kTa96ZNqjDXlss15Y/eDITu9wJf7lk1xcqP0pSdVoC7W9wD:l96/qjf16eF9wJf7lkss0gVRy9wD
                                                                              MD5:2E7F6157C39D4CF08EEB53E4D589A535
                                                                              SHA1:FE4F0D9ED5E369224C246CFCF0678F5B62F15CCD
                                                                              SHA-256:CB5FDC6A1FF45DC7377DB22CF79E15CD822270B76DB59FECF7F1055F8A0165F7
                                                                              SHA-512:9470EC7C60F372AEEF847324E8BC8FE3C990FAA9158C05B49B327771E855B1ED6DE9351E642F618971B9996D36CE399E028903B70659B637453BF7F546E9FCC5
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: %.....(.....M..>.....A...j:.....D...a..?.]............Y.z....jba.{..6!>.t...;..H.........>s.Vl... .3.3...~......UTs.L...0.....4.(.%..|?%e/xn.(c..4D./n.....yL.p...B......l.]........#.[;/8...o.....f.Q.C.....gb..i.z...T>s..[3%.v|........'..A.P,.z........m.A..L.|.FS..........<'....<;S;\..z"g.T........+....n.......2(f.HJ?3..Q..ul.}N.ze..$.!i..*s..kPst(6...|..t...\.JLj...?...7@...yZ.x.S.R.....`|....L.&._..|./+....!..9.m.&...,.......%X....8.&Xv..59.....GD.=....Sm.`.G%.{'.....u...'%..vY$.`.A..+.h...h.T[.s/...iu..M..q=@._(.5#.x...LQ").;...B..I.v<...R|.7.m..k.K..9B.....G.;..4.d...I.C=..q./..*[..#L/.....:...o..n...n....y.7p.x..Xh....P`..2.<].b.B".YR..C..).CI...y8...*.N.....^...q.....453.....eH........C:.M.Q..@t......+|..M..lE........h;.V.(.D..j.....Tu..Cr....f...%:...).vq......;G...\....1..o9..w.RRn..1p....z..H.:.c.n..8w...b..Kn...."...v..A.7..r0.c5M.f.....z.D...{.h....o...H.[.jd.*5...ky..k....~..6.....cu-^^.....j.m....m.?.R;.....},.$R...7!U...VT2...y
                                                                              C:\Users\user\Desktop\BNAGMGSPLO.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.803385343484927
                                                                              Encrypted:false
                                                                              SSDEEP:24:LhmipWMeVuwkUFAi3j95DS9wy+ZCJ/y8tXYcpBzGxDxZB80W:FVpWMerkUWi3J5DS7+Zw/PRpBzSj8r
                                                                              MD5:3AD25CBD99AD3344245537A1D4668861
                                                                              SHA1:9E22253929560742835748EEE51F4668149EB5C1
                                                                              SHA-256:3B26868812148A3019A0672C44B0E3A249655FBAEB826D7FAB64C81C74B1A0C2
                                                                              SHA-512:F915BD73D7583FAC6021E17FAB3088509A94A71B5F3A3F775F89CCBB2F4C94E436F3EB1E587723DDC5610023C296DC93235CE15174B23D349BFDEBF0B37169E7
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: .....p{.....$c.O.YsbE(.Y..{C.#...3...V.!.T.....c...p......./O&&n.cSJ...f..!-.I...a.T....dNg^.....A....3..$k.......M+.-.v......fmB..0......o).&o..2.r.E.../.G..."C.|..%.DpF.q..........]V.W...H.........../^.?u....z.CS@....IL.\.G...u.}.4..P.NI.XY.....+.<_.r...n.U[.......(...1..8...+Y+.5...)!.G...F.g...D..\...P....3Gf....Df*,UC....@....X....}.r.)..t.}..utD....3.E.".....x@.5.J.)]&jz....b..iHC......z&.U...3..F...214.:.6.Ix}..x....+....8.....>.,......^.,..C&.'..@.u1.9Q...e.A......}'...V..(....Ip..M..h1.-;..a..H..e....G.L0...v....Q.~1...@.W`....k..^<k/if#..[.... ]M....e...5....;....4..8.&...fz.z.@.W..t.....5.~..`..i....<{.T.b2....wzZ..+G.y^...bK..Q.i.1..v}A~uo......0.uF/...=....v..%.J.Mi.....3,....98.k.......Z.[v..=h.s...5.=...}.c.=t5.z..7.z...?.....nG.O..\E.>.x)....P.W.:..:._.D.N]...1..A.........$*.MB!..<=>2}.......@..Q..$G.&......".ix.p.}N{.j...uHU..p.cs..N4..k<;C.].....:.T.C...7...v.[N.J...x........#r..@..V.^?..1."5..;.....AK..O..LidQ.L[..
                                                                              C:\Users\user\Desktop\BNAGMGSPLO.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.845902082952889
                                                                              Encrypted:false
                                                                              SSDEEP:24:kv0UaMC1WSDv/B5reDPoHW6ERv/t4HpS6aYG1QEPOkYF:dWSDvXrebmExuHE/YG1QEPO5F
                                                                              MD5:5E570EADC57D6362BCD0B4E6F55F39C2
                                                                              SHA1:3C0128C53F38F6338BC75D145E490AE7560AB5D9
                                                                              SHA-256:5E0A702C216E5A6E7A822FAF6B71B41911EBC17D5A361CAD7614F212F56387DC
                                                                              SHA-512:FAE6BA595F946646BE67A46FC0BB45183272DC55FA59FC90885392BEFA87C9C1B2F48F2A5FB128FA8D1F98C2511C14D0D5100AEAA52E2CE5E3AD9A33AC10C858
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: ..z..i~>.RrM0..C..|...xf .Z.{"..i.(...:..>....P;.1.\...DM.......6......i_.!$&...........L._.G.....K....Z'.........C..6o..?'|....yf...9yA4....I/...~...F ...i.(w..3C5!..E...w.k2.E .t...........3 .ca......hVD.`..;...z. .-C.`.+...../.~.,Y.5.d_J]8.p..^qeg..L!...b.ET.../).....X.16....a..(.8........]......8..AJ.....'..w.0.:7...[._<....T.^....$m\R.M.).....m^<.`...7.......5..j6<B.{.V.:. .i~....X.K....$.}..x.c(.w..0Q..'QH}$.Of....j./....~.Gm....~.e^......!. . ."9.e5Yu8../...@...7./.....WK.0..6Eh..%5.f-..Ls..x.....k....\....f.....5..a.lf]..MY(.m.........U.]..M...cAo...S,.z7...E.8.F.S./..r.i...q....v|..".6ay].....$.&'.`...-...@.R..7.7..9s.=..........+...o,..E.ru>[.X......m]....5...g...b.>9....aH..}=...I.........2U..!.....K..K.........*,.e[lB.a.d_......"d..^....8..0..y...I.&...X.$*%.yy)...}.Up|N..<..rU.jA.....Vs.0....R.(|.Ax.@?..........g.?...k.......E.F.l...p.?.}..yw...X....<..I.6...QF.)..9c.^!C.'..%m..5.......X}.......ND.z.u..b....Qz:*m..O......N...
                                                                              C:\Users\user\Desktop\BNAGMGSPLO.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8057479631035935
                                                                              Encrypted:false
                                                                              SSDEEP:24:D2CuwEETaCROrDJyS63gGqUzC0DyC5NXsDIHXv9BZK727:DDJaCROrDJl6wxszDZNH3VLv7
                                                                              MD5:FCFE58F304ACD688DE598AE5DF905B97
                                                                              SHA1:9B8DD679B64ADB594AC85261D645B63D62837F28
                                                                              SHA-256:C099192B0C6198788062791F8FE484A24C6C257852E2F10138B03D1353EE60F9
                                                                              SHA-512:206C8DFFD5E7945D349B72A167B6526D2DB528A04B22827BC2497C203869055F49190F2332BE71B9B5B6B4D9B5AF23DBCA59220301C1BBDD57BB7D92A997802E
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: ...S...`).SM.GJ9..X.>...S.....:...-..|R..!...d....1.....O..'6.a7......zzER...;n.....\C:.......XG.1.>.F<4..@~...m.6......w....e.-..E.h$..?.c<..?a.~.,.R....N.9..:.G.1a.m\....c`9.SJ.w.....l..g..o..-W......z...M......)w.V......o.E}.q..%.+.Lr..M...$.........C..V....Q]".J(d..........A...j...o.M.p.{...Wn?._%...e......J4.e.....B.wD....!.}.K......v..,..n...#{..i....."i.c.K...D..Nm..n..j...3.....&%........8..(....jyo........-$ .>..@<......._../....h.=!.O.tP.PM~<..........L..a....>ku..t|...u..\{...uT;..G..J..k.5.<._!...H..Q....@C.M..HD,c%s.A.. :RN|...n.3.j...?...6..].}....}..Y..9.._..d.)F.$O.J.....6.&......0...C...T..Za.K.....7..:....5..jf..uk.p@./iNCmd.....u...3...'o.z..).P:..bqK7..[.r....B...j.i..........\p.....?l...0.Z.b8}t..R.........JY...r..V..wna....u>.R.....O.....pN..1..y......M.|G..:....v=7....}...J..!..+.......O.dC.. .....ADhS....................]._.....pA./*..y.J............&..65.........:;p..h....jQ..4.+.H.. p.....k4..@..'...cc.QD......
                                                                              C:\Users\user\Desktop\EEGWXUHVUG.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.796043898246316
                                                                              Encrypted:false
                                                                              SSDEEP:24:WVcGqGqjYX8Bc6mhUxpFptYFTHB0CJAQUupXCnCbsdAzm:scGqZjYXGcEjSTeSAQ3pGCwj
                                                                              MD5:CE1E24821730E36453A06E9DE2219D50
                                                                              SHA1:8C49B0969E73BB8736D17BF03C63A2956E49C06E
                                                                              SHA-256:0BAE0CABE4F588838C52F898388EBA227440AF836A38E63CD8F806910617194C
                                                                              SHA-512:0B0F6FA53E52500D0B52916D9D15075554713B3D684DEE6A48D353F78EEBA7D3BE0744E05632D2CFEBC4474D5E712B769E8BE65275A67A2839C8453355BC3007
                                                                              Malicious:false
                                                                              Preview: .'..`..M.Qb.6.hpRd......T.H.yP.A.%.)....,.M.#......E.?..<7A.1.....-.p>@.....:~]!VL..*.........Q.....p~.@B....t.$.K.G..nT.yGh.R...x=8.........&.C..\~....A.u...s.D2._.m.`..]_o..m. .SF0...c.E..|.NS\....V..6\..u...tZ......(_.@.H.h..A2!.q.A8.J.UWc=.....6.`.u...:D.......`0..Q...@.I.IfU..5#.......sz.....ady+.t.[....._..X....I......A..........1.0.C.$Ff..-z.t"i>o7..]........$.....Ms..}....t)?Kj.l....M..v...m..l..x..h.......X.b.9d&.{)89.yu..gC.V.:.S....\|V...J."...,.R]|.../......}...a.1.Lz.H..v#..>h.9n.*.Z...j.1u5.f..9.n...5k...-.b.\....u..13.;.....M./Vb.n]._..\..F.D.J.\..N.n...\.O..b.A.H@........:.........Y..=R......`...k.*....g=;..X!...g...u..{..g.."[b.X3d.-...;F.&Y...Y.s.qM....bFQ.....w..t..5..~........<M....}..M.....7..Hw..6%..K..%.?!FI..)!P....Z..[$.....w..=..3U...[N.v.<2..../:....<.oQ+....2'/.......G].....P.....#T.I.Y.M(I..S....C.....m..5.".".9..6.1...W...a...8.......f..h...w.L_...@..@.pZ...F.i..;..$x..R.....\.^P.6.....l.=.{....L....0.
                                                                              C:\Users\user\Desktop\EFOYFBOLXA.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.826671635030792
                                                                              Encrypted:false
                                                                              SSDEEP:24:zTdKDVInc8KMiyMI4YzaMWOWLjhcqWyewitwyyoRWwD:zT8VInnKMiy4YzUv/Wtwvy1TD
                                                                              MD5:422429D49850064BE858640DE7577D8E
                                                                              SHA1:CBCB88CB2031EBFCE125192C3C01996367CD18F2
                                                                              SHA-256:A389FEF0838C60136319117073C3EC51CF0B44A49FDB95F4E216EE0AD23C011C
                                                                              SHA-512:782AA076FBDBDBBD746A2FA952BEF8B11A71EFB946C9F7C64A136666F82419755BB38AD901E2EB573BB492E08739203F01B004884C0E56D91D06EF0183D3871C
                                                                              Malicious:false
                                                                              Preview: ..^..^yl..:....@u*...B9....B..-.7-..b.........Z4.......3..Ib.4..o.....N.!..<h.zI.m.......zX.......C....)>....A....O?...v.kQt.F..R.G.HF.Q..i.~.D.P..U...... ;.-!...@..&...#s..Y{....IX./.GIk]...[".~...*........;AG..+[..o....;7....%w,f..(....b...N.......q.2.}.K...{P.Ktt.L....v..D...ht<Bx)l_......B.f~!..@..-"!.p.c....L...Q.5B:...1.A..7.4f.]EI.%\G.......RJ/.......7.x....W..;..}N...GB0..7.X..Z.\.`.-.V.....f...Hu..bg..l".Y.=../e...P..}6...u.......Y.*R... .T.Au....P.3....'....5z|7G...ki...&.nX.@..~..*.;.j_+..,..e..B.D.."M.4zy,.4.]....T...8.a...eP..|M...,.7f.......V...8....CAW......&_gJ2vP..'Y"....L......k..X.E.z...vd.....Dv,.#....N!.Lrs.>..2..{.g.h1....\rh.|....t`p.....}.QH.cV..n....4..d..*..W.3.^i. ..W.....2.i......&,k..m.U. ....".d*...;.W.7Ub4q3..z0.E.....u>2......v..M.8....Y|....A. .n..X..{...5.&.-L.'..n,...b...W."..|^.|...1'./...6..?..E........4.6z.._N..>do.I&A.47.y..W.wi|..Br.P..S.....;U.:q.\...f..U..A,^WX.(,.e...".J+.+,.....F\."C.i}.*........O.'Q.19.?
                                                                              C:\Users\user\Desktop\EOWRVPQCCS.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.819823627640381
                                                                              Encrypted:false
                                                                              SSDEEP:24:NEgk/SPYIT5IZkj72v7QoARQetRzMIWpJN8ObzTHJ:NBk/SwIT5O4+jTezzMIWpJy0p
                                                                              MD5:B09157D0124201CE7AF943BE66564974
                                                                              SHA1:BC8CBD174802A3957A03108AC3CC7BAE6A7E568E
                                                                              SHA-256:ABEEC2AD53B0B7B048AD6C27B28136FF3BB8E5A7F199C71B8CB2540BB53A260E
                                                                              SHA-512:08F325915948039C2FC0105E6AEAFF392A9B146E13A32E4E5835FC365ABA08266CECDB6A624B0293A269A1121B9DB92C5426E78EBA077F5EABB4493D3AB4BA71
                                                                              Malicious:false
                                                                              Preview: !*.c...k..>I.\'......9d. .......H8.......i.2..\......i..j0....a.X\.H.g...YDG.x."..=..-.#..u.s...g~..H...g....j....s."=.<.jN..5.o_./..r_/.U...(..wl<\.$..[{.X=..~.....{.".E.(..+f.,.A...o........!.....f|..0v..K+.C.....~....f...&....)......&M|zX......\"..Rd:|j+.....O;25.........|/...qTR.../...V.G..M...o......KS...F.T.,..r....(:......7.......cVr.N4..F.....|.:.!\..:...nN.......*...M......P..J....."..NP.8h....#.$.t.x......J.@<".U....Ypt8...OCR.Hzw...7....$>.v$..,.C......tF...?6MH...6.....d.....S.ph..@......5..I..../.U.....4...O......5.G.-&.......,..%\...x..........?\.?H&.".=i....Z..o,....dHQ%=n.l...+..K...h!".v.z.@.........&I..~.@....+3...5...$.e.x3.h.b.l...x...]2......`....,....@d..../._+....?sg...w6Lk...j..M..E..........fg.m,..hh....`...1.J....Gy...h9..D5.6..5m..{i.Z,.,D5.@2.w.st.....C.......V+....Gw...:..g....v...c.E*/..D.xT..%....Aq@l.._..@~b.....2..O....:.u...GG5..).W....T...1..].)P?...uL.t...Lj.6.zQ..."R9F..8....vR....
                                                                              C:\Users\user\Desktop\EWZCVGNOWT.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8087543922805835
                                                                              Encrypted:false
                                                                              SSDEEP:24:6737sbBLB216XbfnXGF8uI5YF92coG6ao:C4hM1y/X5I92x5
                                                                              MD5:A2789502EA82FAF741C77F07DC627055
                                                                              SHA1:A0FAADD599493429D410F153497447B0D1D91ED3
                                                                              SHA-256:F89A2DC60CC85DC8C764DDA1238902D4F02F35EA1AB6BC98B1BEFBC007E47A54
                                                                              SHA-512:EE3B30C37AD6E89CCB9A17F43696C62E829F8684A83728635080EF7A97ED8D7E10338CA78F4AF47DC7DA6D567297F05D76CF9BE2D4FE5EA5D6D8B37E8B2E4545
                                                                              Malicious:false
                                                                              Preview: )....v..zi .p.,5...5%.:.i....O.:..S..2....""0B........h.........P.n}.............O.m(.:...........%.. .........P.n[........;.NH.a..=P.s..b.h{._...;Y.<_..T.U....|..z...._.5.k......N.`m....]./.s_:..>.H:.............6:.....~..1.).]{.0.:.*..]d.......b.....|..3.j[z(.....V/..b..n.....C.W.~..M..e..^..,...<...|..9NM.R....R....D.I.;.J4.t.....[..."#ii...E".^.C..X...4.}..orK}.....,.....e.......w.&^c{.\.s....0je...Z.R^/;A1.V.x..HPUk.....o.d.W..!k...'.1.<^.=}.=....z.o2V...n..Q...J e.-'<.q. ....7}M(....{..E..g+T....O..W9.....E...U...L../..Y..8.m...+.....T.........V...s.mf. K..O.RWS../V....J..U.u).s?.._.zv..Y...g5a ......;..1&.d.bl....{M..D.q..9.AY..q..W........../.~OL...j(K.}v..-B..R.Wv.X...,.H.....b..G..M..........@...?w.. ..T.O....2h..x..........=.f..;...n...R..I.9=..q..}5...v{..-C..J....J.0YB`?.......Tu.H....+TS..#(.T?#..Wb..`.D&.../.gg....E/.K....l.....a.wNH_\.w.X..os..h!.7U.r...)...2..w.X?......;{....'..l..fkb]N..z.~..+V..j.j<q.|...*.b..
                                                                              C:\Users\user\Desktop\Excel 2016.lnk.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):2704
                                                                              Entropy (8bit):7.932824118935873
                                                                              Encrypted:false
                                                                              SSDEEP:48:/U+OArEtZRC4+4sn916QTqcJVl9PlBpEtn38H+525Ws7ZuoF3fzpUn1eUFo:/XOAI3xs916Q2cJV/PlBpser5WcuOPzt
                                                                              MD5:0D1470E716EE5456CFF38E0AFFE83DB0
                                                                              SHA1:D2C9988576E0EB35CF8C55829BC81D5BFECAB2AC
                                                                              SHA-256:8AABEC723427BFB4F86433051D954B59EBEC1E8D7D7FB6A21BE4557C81F63E92
                                                                              SHA-512:B6DFD0F0F849E3D77DC5DD309D9E2474014220A7206E6AAF9E03C03B270A3014D702B0B4297E160D53E47BE160C47B8A0336EF2A702ACBF207569EE571E3AADC
                                                                              Malicious:false
                                                                              Preview: ..F..i.....^..`.3-.............*F.........Bju..<z+....].%.1.......\.u..CS....C.f.|$.s9}..$J\...][.2..l..F.@.....F.qj...@#.f{..M.c.v..H6.$v*.... kE2\..kB"..~.J.8b!..b.g.\7.J.....U.-...[.iw....= ..4A......].....^.B.rgS..R..p...:2.v0..@"..8,..i...(.W.......hg.l...!...Q..k......C/.s..#Z.2...F^.v..!..(..88B.nv.R..............B.+a.Hu.....W]...b.......a..Gluy_.q.).Mfl|>.No.(Z....C-. ....Qp^....x........n1!JY./....3.......A.l.~....R..`..E..."P).)..K..y.."6.?.dh."...`......Y..Z..YS@J..+.l?.....>.lf}{..p.?.B.D._e@..#9........~..|e.X.xq.Qz>..z..d..0N...5<.D"..F.'}....B..];J....O...M.p.l2....U....W.<$. ..14.)..}..?.W.'..}X.%T3..._..5Q..g *A)..4TJE..."......8&.G..Y.M..ih.k..\..YSR....(.z..E:.uK....j-.H.K~...FVC..&..D...A..%/.hL.E.+...:...i...0.)8W..tF.....J.O.._`..U.r.....B.....3W..pV@ `+..)i.f..O....Fg.[..}n.of...|6..8..$..i..G......n.7._....h!..Q.~.;..E.&y..2..n.d...U.O...j=V.....3..h.-..5.!...f..~......~..zA=..Y.+.Y... j.u..6T.E...2.%3[...!....a.
                                                                              C:\Users\user\Desktop\JSChk2v3o9.exe.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):32
                                                                              Entropy (8bit):5.0
                                                                              Encrypted:false
                                                                              SSDEEP:3:7ddtVmrgG8K2F:mgm2F
                                                                              MD5:FAB0B0C1905EA0C8A77CDDE55B9BDBA4
                                                                              SHA1:B0811456B8029C2ECC1EBD389EDD5DFB23EAA0A4
                                                                              SHA-256:9A47C129F098B8D9E124424BE28E9597486BC48D850A282EAE66C772E3E9C574
                                                                              SHA-512:A8028EB5FCD62996EB41D8C9298973AD1C708587B2A88221B356AA3BB37B28596F0DC07205E5879A50B8E6ECD472E56A4338C611E7FF37FE9A63F2E3C5A83A0A
                                                                              Malicious:true
                                                                              Preview: ,.V.8.4.<...B$:01..).i[.w...bO.`
                                                                              C:\Users\user\Desktop\desktop.ini.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):320
                                                                              Entropy (8bit):7.40792238229822
                                                                              Encrypted:false
                                                                              SSDEEP:6:lWgEhP6SkM6zbtNnHHCBCUzBWF+/SZpK1cuu74EbYAt23Vx:AiRj/3HHCx/HWuu7dbhax
                                                                              MD5:C786B21F05FB6078764AA6DEE2232F9A
                                                                              SHA1:E0469D4D07AD790EBBC3ECDC24F6704F2EB2119F
                                                                              SHA-256:4A5F135C3CF2A6981B87B0F4BD3E92212C6B5F60B3660465A4C07271CA7B47BF
                                                                              SHA-512:4C94546A8A49B4013BFAEFFD76862A37D4924DE1E695CA897B6F544984BF328A6F4E2DEAAD3E7BCDCE426D3692D21718DC41181B5DED0D72F2ABA732A873B172
                                                                              Malicious:false
                                                                              Preview: C.I..\<.-.$....H..s1..).AZ&......w..7><...~.k.V...OjE....._._){...c.V.nB;... C.r..y..6.m06Bx`.1.m.c..@d..qI..v.zO.._DY\.....VP=.Y.6..7....z.Z...l3?.|...B..:..4&-....X.u...J?=&.LJ...sM.5/[..;.'.w#t.!./#.....9...<.!.3D..M.CR....f.....V..../"..q..R.|.........%x..}...*...%..8-....Q......L.Z..+..\#....z.
                                                                              C:\Users\user\Documents\BJZFPPWAPT.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.820000248270958
                                                                              Encrypted:false
                                                                              SSDEEP:24:cnm1bT7YGMzgzCO9cYUjWXdWu8bk5kWhhnyzQCV/KqoDVPQ//PYsb:jBYHzSWWXdWdVWhVyE845o/Z
                                                                              MD5:915A55618575864F2F26DC1500417A55
                                                                              SHA1:67AFC19B54978C1D14974B85805C33D1B1E9704A
                                                                              SHA-256:3593C09D0AD0092A305A885889F2BA371940D7C712D0C49FAEA0B80EF8668487
                                                                              SHA-512:21324FBD21B045475A6C141D0D68E8C97884D2873A5AD152F6A69BCA8CC410C1E85DAD7C0B809AD3D1CFB8AD564766576C8DF10E52DB8FA514D42AC1DE8B5B36
                                                                              Malicious:false
                                                                              Preview: ..4..^..0Z...!>Sr(...'..<J'G.F.$.........+.<ia?^.... ...+4.|..:PZ. ..j...x`....t`.Z..n3.j.:LP|.Q........|j..r....%.B.......:*..o..!.gk0.#.FB,.p.0g./..k;.;P.v.+...=r.C.s..._.lw^.g.q&.N:.1Q..N!..$3.....X...B.;g'.!$...5..G..OY..hB..5~...(5.....e.|...:.<....0R..f~.&.2.&@./d%.qi.-FyN... .3.U.....>.T.~gOD|.Q<.CQ#........j.M+..xo...C".Z{SE|y.1....e.......UD9..d8........}.#.%q...9!!u....eA..o..- ..g.R....y.4Y.'...^..B.......Q...'.!.s.U...Z...Ns}.....'.m.....T.......j&..\.0'+.4./#t.D"..4.S.&~. X.R.:..`..K.]..._..K..3....T...K-.i.E{.A.Q6.8..x... .H.....z...e.K.p..>he..5x..S..C...V...b..xx....../..d$.Oh.N#.d.._.!....Ot..f#z.n2..ze..+'.8>.y@.F..N....}.Lw~.R.H.).tF.`2.7..8.....:4h2..H........o.>..@........H....Z..rg...7D.P.E:.Ul.......6.s..7d.-, ..Z.....X0Z..;....'.w.S..K...>...7.Y.....}t......8j.,nl..8....[.;._.u}..Z.X.Q.....nq........1.|E..0.....~....+}=.w...,L.?.7.X.G..#...B.}.........%.....{..@...u1.T....`7.f,.9.y.....e]4@....(f[..'..^Zx5.#S.J.)..
                                                                              C:\Users\user\Documents\BJZFPPWAPT.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.81781643926708
                                                                              Encrypted:false
                                                                              SSDEEP:24:1YhSSN9a0fvBlalm5mWif9PNfhYAP8iNEWuK4K0CS6TSLOFBzrlMxfVMea1W:1YkSbrXBl6449lfhRP88kFrQQUrlsVM2
                                                                              MD5:F660BE1F1AF8BAD1863D92A9AA889D1D
                                                                              SHA1:10B436F929702900C24B021DAA29F3EA057D7C4F
                                                                              SHA-256:9407DD3C7ACB599305E7B5A83322E72949D33FB7D39998F081BB004FED823BC2
                                                                              SHA-512:3AECCE23D879DCAE43398856B1BFE7122DB9A4E3FC0F4FFD603E596A466E0657DD5CB0B03ECC49EF951FADCC4A9EB9C184FB9BA03B06576BC0AEB320B2813D73
                                                                              Malicious:false
                                                                              Preview: .O. ..p6.i.^.L.b&an.5.......Y.pu.1/MT.B&.UpC....g..`......>...~%Lv....e.}..J......I.E.f.m...`...iOb..a=...66.....t...@R.J.x.$g...<.].Zt9.!YU.7...C).6[K..o..@LSA".oi.(..[..Q.gn..!q...X...2)....6.sC<.~..#.6.^..........k...{(.w..^l....z...(;.]..^E.Y...P.hb.~.%.T.w.SvGW...a...e...._....t....(HN.r.Aj.iqv...^./....V.D.....h1XO..7.4..Hht.t.....:{{.....,v..1.....(..Ofv.$...........YO..Z=<...b.i.......w..4....%rb...:..;._l..;@k.fu@.?*@@5...h.n.....^_P.S.VV...g0..k...y....K.l..0S..i.t.z.S....q.`s..@%..k^.../....Ld^h+.FJ5[.i5...... ....................>...kq..Y.a.9.v...$......*~..a.b<n.X]0.L.v0..'....~..M..A...S.R....i*....?..jp..5.`.M...g<y.Mj....!...S..f..u.._..p..0...$T..D.;.H.U'3S)....._...X..O.d.....IQE...-|H....I..<Q9w.C...6@.1..h.}.^..>.0p..g..y.15(..(0.Si.J. ..n....G#..5Ko...l.F6....9?...Q....R..9f"..W(.]G.Q3..P.'...i....3.;.....!..)."[..2..M,.8#:.T.....w.C...].uA..x{... ....)..jB.....G..3..WFm.+.O...c%...@O."..[./.p.......>).~.3eC~.(>....S.../j.....wu..
                                                                              C:\Users\user\Documents\BNAGMGSPLO.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.815782606096522
                                                                              Encrypted:false
                                                                              SSDEEP:24:I65i451OdojV2yj/xChCfGd5SVxJVqiF+bFlqbGVAMyMrYd9GRR+pMUbbn:I65t5GoBJ5oEXJVDWNygYyRR+Vn
                                                                              MD5:7F2F3113A0398C68E67A312785E986D2
                                                                              SHA1:8EA5A099FCF9B7A497C2194A59C93B79E523BF21
                                                                              SHA-256:6EAFA936E2C392F57E8467130211736500FF9EA34E941CBF1A27C516ADC9B75B
                                                                              SHA-512:99BD2631EE3849F08050CE4F1DEE8C2672DEBCCC1A3CB233860E4F9A3E0DDE41C058DBF3FEF7F67809BDBCF86FD64768F7FA98EBEFEED7AF38A1C1ABEF7B8C26
                                                                              Malicious:false
                                                                              Preview: \.....v=..$.U.]..F.v.).u.e.R[+...!.|./6e.6.QN.._^q..\....Qp...o...~.&:-..XdN.S.G3.e..c.4..|.-.R$...B.A....`.B...!..1.in.....t9YKz..[.ZFf$`.@].].g..4.t.....B*pW.z...u.i."O.q.9...........<..X5,....0..sp. .C...]p.ei\:.r....\h[..0:..o(p....d%.2..Ir.$Y../".&(.1...#... ..Y..b..E.....o......B|#|.. \...h.....'....j...u=Q..\..I\.h..../I.M.j.9..s"t.5(..Y<../B...._..e.X......{.T.!...}.@..9e@c...xOFA....}.(u......XK..z..:.7D..[.XV:.....I...;J......Wb.A."...cj!....(.....q..J.)].fGl}.....0.b.2....c.z..c>.+.9.X...Vw.u.F"V.m.Fo......Ij..p...L...b...:.]...Em....9O.3....?.9......S}...H.../...n$_....z....'%....{9.%..wln..0Lt?I....\..@SO.*Nck...`.....1Ia_...d-..8.A.,.7.....m...2...]~...JX.......l.._.g,.$.5..U..@i....d...0e.,......V.9..O.\.g.?.G.........pR.....9S..j_y.....X.i>.....n.7%.......M...,.CV.`.n%..x..RAh...]...-......,._.......'.=....T........i..`z...rs.Rd:.a....x...|.-..0..g.O0p.PGC..B....'....Q..../(; ..Oc.b.q..[..}.X...g.o..]3-(..8.2)!.g..t..
                                                                              C:\Users\user\Documents\BNAGMGSPLO.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.821945784484151
                                                                              Encrypted:false
                                                                              SSDEEP:24:GtaDRIY0nQdvT3vCgKQZVUDRWhvkkjRZi6HqUeY/:G0DqXsr3vCgKGSQrboUf
                                                                              MD5:6C66D0183F4A308E2DC05B5E46E401F8
                                                                              SHA1:FA8EA3378CE7BE72FF30A5B011C808525B5B4EB8
                                                                              SHA-256:092D369593029337DE920E07C2632E5F1436E55E839F5333D22B41795F77FFD7
                                                                              SHA-512:4D192340F0DAB69CB5D34D92990EFF654853F83B18FA582D43FCC1DD6CD5591950FB3FA45DF0A89CCA18BC2223AB6456C6F2F0A2E29AD34B61CC693557A96455
                                                                              Malicious:false
                                                                              Preview: .@Y7...J3...e.K.&.[R~+Uv9..._T..y..R.K......SdW.[..D._.M.B...+[...J...k..Jq....h......!i..I].|*....u..Q.....:...&86.....!L..u...'....#....]v.V.L.(.n...k..W\..lq.;.S..& ...o.....f8B..%..|.*;z\...+ cv...`..ba....O...V.z^nrH.7...h.a.y..,=..CW....ka.................=.$.<..^...p>..)..g..?.4..&.Uz.L..#...u.^m@Z..-.^.<..n..J......g.D..4.......9.i.Q..x..q.6.........^*T.{.T....=..5.RS.....po......|,.g...2.AF....crAuC......s..........B.I:g.q....W.i..;mmV..$.;)....~..^..Q.vK.)..z.3(.s]?.....B.....3A.A.$.>2(.M..Qiz.ra..lIU..|.9.~9....0.szw....Xh..=>_^....a.4.r{jnS.4....H}h....T.N..%..8..TQuU.(z..K..h./.'.3..M......Z.2..tvl..8.,B..{|.H.....(../H...F..(g.........K;y....V.i.Q..l.....sQ....?jQ.....LP..jX.X]j(.j.\.......Y.d.fr(...{i.G...T}"....T..x..(E5.O...<D._b..>S.*-.@..^Tu..R.A.,{......Q.j...\..A..c........V.P._IY}r..{:...V..r.._*..i..7.........N..s....T.rk.s....z.Yf..R.X.-.S.......z...5.;..)....iP.(>_[..a......)1.T...9.=.$..ZH5%T......q...*
                                                                              C:\Users\user\Documents\BNAGMGSPLO.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.829041408407588
                                                                              Encrypted:false
                                                                              SSDEEP:24:r+Mnx0Ct48JAgq7DptIQNrLSA/APNW/xVFjxPuVLj+h:iMx0CtPJA142BAlwxVhJuah
                                                                              MD5:D65B22CB93CF1F1A6CDB584A44771625
                                                                              SHA1:BD01CD2A8CE16B04BA3C6F60621B4EA0E0E29F7E
                                                                              SHA-256:FE5C564B4F7C351574E30E3881FAC2A18FF22B9A8E87C3E6AFE9201154B6DA5B
                                                                              SHA-512:50BC24EEE5C6AD61C893D9FBAA040B0CE9B86E1116F4CE9081927E4378D0DED79BF6F48656712D9829B2FD43B626F79D7FB22DF2EAE0CD4530B1DAC867F4AD24
                                                                              Malicious:false
                                                                              Preview: ...".g#.1...).}.e.r.S`.z!..7..s._.C.?....D u.U&..........M.i......P....H.>.?...A.6.S.A....c...1..]..0.d)...RZ..[..Xo.;Q.M.$..z1y[...9.Ju.5......(YH..~m...JS.3:u.U.68.....U...........F"8.a.e,..W...A4.Qy...1.u...unG.Rg...".O..(.gN..&U..q.....p._o..!.j..@o..l..,....^AC...X.]..b;.\............m.{..z..R'.S..gG.....r.l.i..c..Q.)U..i...4h.Er.......t.W.@./..I._'[N..~.F......d(+..B'_s.i.Y_r/...jg;.P..pfi}.B_..G.FZ....+..+d...m.<AT..l}3(.....O..~....s..,.}.-..[3.i..j.{je.....J.....v....Z.E+......S..S.W-.....A.`{..e.8k.>...HlGY.&..L...lv...V..0W..h,.&N../....8..y5Xb=..!.........k[P..H>..G...J.....D.a&..[4^C..(.x.{(..".I...S...I.j,....'.'..cu..G.C..5l.z.6.ZZ3~....m|...a.]....."..../.....rT...b.j....7.P.S.q9...*.k.a...0w.lCH.......+.b._..'....=%4_.p3....]..!b.z....b..0.._.K..~=.q..n;.'.%...%9m.=_..k:Fo.h..gE]E`<.h$4]s.P..{.d.!..>..5..n.....qQ.`mO.8...v.(.Fo...\.....3....._Mw.K...X.x*...&.V.V.E&.....w..l.bV?..}z.2.T..F.|.z..$/.QtP2.J..aQt3...%g..^+l\.
                                                                              C:\Users\user\Documents\EEGWXUHVUG.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.808914670251547
                                                                              Encrypted:false
                                                                              SSDEEP:24:P/7hkWBBoJIcnggj9gCeOUBemEkTGfbwlvObIhkYxi3rR0XL:PhBBcIvzUUBevkCfbwxFyYxBXL
                                                                              MD5:AE640BAA8F0D04A2D6265A8C4A717F19
                                                                              SHA1:40E34DDFBEC5229D556B6F7C4118AAD074E4C8B8
                                                                              SHA-256:7175ADCBBADFACF0A18FFCA9FC3868FE1B98E06676E927757532EAD32249ECE6
                                                                              SHA-512:6B8D4B3ECAEAF3FD10CC2BF346B1CF611ABA988E69F12BB5AAB7A228AF865AB63BAC1607CBCDF34AE4BE3D66A9673A1307D027B61BAD8B3A841307D129AE7AEE
                                                                              Malicious:false
                                                                              Preview: .[.u#.7.IZ.U..P9.ci.N..J.Al......I...9..ZL.I.97.A__-...K...._.9.....Z....R..!Z.K....L.2..+t.......u.....e.%.H...O...._.Vi'...N./`.. .9.I..pIz.....Yy;,%u&.?L.ty.N`.B....$#k....|ED.|.V.G.+...w.J..SM.y.S_...T..p...&.........I....SIWh.x........:.W..E.Y.........{..5a;..;..e."n.u.L.O.U..6`..../..5M...\.................7.....L..D...|~/Eq.^;\...m......h.?..|.t....2(.* ....`.._.....U.....Jq.41q..LW..........5.*.1*T..[.....4].....~5.W...e....v'Y[w.q..6Y:4[.....-)9.p...*./.!......sR..rp7..W....*NU;../..'..6z.=^Bz..I.HG(.o..~....j..2."..../.PAc....z....d%.j:.;..rk.!.PYe..R.....m....R.0'h.z....[.."..:..V.i....J......s..u.......[T.._{u.xa..b.V....t......&..i..z)+.i....0.....].]l.veC..@$.C...t.u.....p.P.J.7......G..c./...x.!.Rj.MiZ.yZ/....-/r.=..]..{.D"..........(Z.>%.../..RK......]..$%.."..r..!.,.v...k.5....T.1....@...f...5...x..!...$.Tb....kW k.;.....Y.&.J.q,.U..t..;..O....\k.=h...4.....i .I...A.....yo..f.0.&...6).Cf.w....a8..L#.x..7..@~S.*.....M
                                                                              C:\Users\user\Documents\EFOYFBOLXA.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8266448784232505
                                                                              Encrypted:false
                                                                              SSDEEP:24:dmqSxMgFNiDS1LJDH0PrO6ekKhnAanDHKoXVvXs2:cpMgFNaS18imKhAsJC2
                                                                              MD5:A5F488D81D1F8A5AD2958D7A0B1AC74C
                                                                              SHA1:E16139EDE6D34075B9A982263B00C043F4755B82
                                                                              SHA-256:F9C6E93B7925A05E420A18C4C09B6769479E5609317043B399D1F112398012D2
                                                                              SHA-512:F1C6013E88A69490BD701AB030421985895C896FC55B67A3D8FA62E03358DB1B8F990F3760E4AE1577BA720D82C799D55BA7855E4644A04F848F2F9D176E40A7
                                                                              Malicious:false
                                                                              Preview: I.*.f...g.l........X..%.a..0....6.._..{.c5.f..n...B.S|........$.....|...g..S.#.6,:`....n..'..Yi./...Q..A.......y<........^......^....B.@.T...|.i}.2.jJ......2F.\...._;.Q.9.TI...>w2.}.s.?zLZg...~..?.'.v=......B..@...t~.58&.J./...7{.eL.........u.d..D......&F4LSa.QF..L..w......n[..N..=..L.....xP.'.H..tv....KE'Lc..|.@...^..6.R........?.R......6A....ftI.|<.v.j.4...^...t....'..-,...A.O/....7A.........1.._..<.zC...d.........E...|.W..n..Xi{....y.......oQ,...J<....J?3.....c.gfhk.....8...t.....N....G...a#.x...r...U.....J...B..%.P.I....L..h.8...v8,."b.ouK5.k.:.y.V-....q.gz....U.<&.;RFfsQ........@Q.c...T.....4s...^"..a...z...b..D.l..\qS.....L..v....C,....*E.\O|..E.(...UT._.E....4..D....+....X........T.....p..g..o..N.RX^[.y....d./u....X...3._.1N>..@....'WuIk....O.m..].l8\.dU.R..f.i.&.=tcXAZ)....\..5q_Nq...q*...gT.7...._h'.%..d..._.......u...cgXi.}.~.X.t.I.(7s.Y.+QU]....5......f..(...X?.G.\4..(.....1P;..O.<.D.6.|.H~<.d...m.:d..L.@...[X.
                                                                              C:\Users\user\Documents\EOWRVPQCCS.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.814280764740657
                                                                              Encrypted:false
                                                                              SSDEEP:24:7sDYl/CGDyII67SOSlsa3xFv+WklZVyCZSn:7vbf3o3nvdk/sz
                                                                              MD5:A59F4F162FAF43B8FF1FBBFD92960E1E
                                                                              SHA1:7190DEE2F5760173DC14F87C30D052F399CE92E0
                                                                              SHA-256:9DF003F5ABD467D0C11652F44B1AB46E9276E2AC90962941C74D911D1B4727DC
                                                                              SHA-512:CBAC8AB7628AB915A68CAAA7984E32C817EEF3B54F802EC36ECACB383729C9C045C7C9D926932627491974A1D418A0F554341199F2DB8044EE8E3941A72D7590
                                                                              Malicious:false
                                                                              Preview: .#O.<.8...9...C2.9..<.~.3..s.6 .h...=.....D...../m.@.15h...g.x.fJQ.../..'O'..Bf..... .U7k.Y..".9.FNW...8..:.q.|...........c.E8...Z....5f.D....b.ER..)!.H.+#.&:.5.@...l.@;.P..83E..H....N.w.}j.{...-_."-G...P.|8.'c..r.e.G.P........^..7C|.)-+'.<M%lp .......L..9;fKk.b....$.a5.J.........Vm......v..:...7o....#...:Y.....[.CH|/'..[..'..[..*P..?c..G..../.<6.o[_....A....R^.'on..!._.@.o.b.k(j.@.SgG#.C...n".8..K.8*./..... ....J.....p.|.FW...Ox.q....B"......a..r} Q..Q..A.26....*....M.C......?Y...GJ.DKTeKU..U(.d......oo...8.._<..3..K...L.d...i..c.nwt..}.^.4V._jR3.....(.?.CtVQ...}...$.g.0....}..Fc.s.B.[.!....~\....f.0..D..WT).5rS..?%L.>...k.P.......Xu......H6T..!m"*....g:=.T..N......,..G.ag..wv7....`$o.P .B.=ID.._..q....& .a........ZD..q...k.J..VtG..4?d....+U.b8.7w...b..&h.#.Ra.l.h...[...Fz..ch...*U.L.9..<,..o......>d.Cbt..Iu...x<\LY....[......#..E}.3.PVE..R......@.Ya...e.....Q...-.w..u.u......*.......Jj...W.........W....W...9..p...T].......}i.H.t.....
                                                                              C:\Users\user\Documents\EWZCVGNOWT.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.814111738553984
                                                                              Encrypted:false
                                                                              SSDEEP:24:60gzWbBt6Q34zXg0kegC2l2Td18gd0/1HIADLy1u5upsbGOyXnPp:gzWdt6BdUCGGdZUpDssMnx
                                                                              MD5:A53D5BA223C5F6C02DC7B4A2049F5BF9
                                                                              SHA1:6F8311BA7967E2A1F5F71AEAA4D6063176B11831
                                                                              SHA-256:BDF2F1ECCF7F9F45169D243665CFD2D19FCDFD06870B6D33698AAE5ECE5823F1
                                                                              SHA-512:4F776E391DFF620BF507AC1F83163B6CFDCD85DD8AA14B8A64B18ABE062E1127F5B0BE2795D3AE9E05CE451BE42BDF6A6F3D12BF27642075701143425CF285B8
                                                                              Malicious:false
                                                                              Preview: ..e..7...xIo.....5U..CtH{..+w....;.........w6,..s!UM.kPD.@.Q<!>g.W.7......faA...>.......-m.@.....;T/M...FK.)..K3......z..r}.~.(Vj.4..K...K.T-.x.=...,K.:.....^..N.r....G...W.A..K)......*_...|...G.n.~..bZK...0V./...?.S.cM_..../.....,..hth.l;.rF\.R....+.;e.....V1L..uz.......J.x&....X...../!...~....D~.....n.......^Y.=..Qu..o).:..".UK..K..@.."....q....V.w.4....n.k...)...@..X....y$.......|.b[{.........'.[..U0n........0.f.................V<'b.....`.I.1W^....GT.+.........l.0B.....%..../.c.y.fE.l...Z}...8.[......u.R).cJ....;#....bM6.u4....{I.b..~jt_...6b...N.i.)..B.Qu.....Kv.........N..z..q..W...B..#]9s....k..P?0....~e..+-.{\..u.G....j....z......F....H.\...........tG...`).{..i.or.f.D8....A9r...9.G....3.i..l.M.m(....O.(.o.Bo.'fI..2Xy..>.[...".{..c.SS...qQS;C.L. &.o.E..'.#.U..c....l.$....XQ........s.....L....r.U.j'.<RP4.&..3....`.O.rR..*....../Y..;.D.b..(u...E....m.H;:=!..Jo...9.S.K6......s..w....;,+(.0k~i....."D..\...._.)o....N)...
                                                                              C:\Users\user\Documents\NVWZAPQSQL.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.7974762130542565
                                                                              Encrypted:false
                                                                              SSDEEP:24:QKxGMBql4Vie4BTkoMX54568mpcHLcEUM4SKaPjZ89kdXdi9:FxdS4Vqx5fboEUM4j2Z898XdK
                                                                              MD5:31951BCCCABCC1FA0FD1F536AC895A72
                                                                              SHA1:9B7B500465CFB226CC11F07335293868A9E123EA
                                                                              SHA-256:3338ECE39994558684BCC4DF1A4B54190C1E239ED09655AB1D010CE1A1BD233A
                                                                              SHA-512:3D43A64E96F536C1BF4A81BA501EA2D746F5C540C64585EB5FD2500966B467CC5FEFD6B2B3DC01A61A17DD667F58BCC274E24C5C0E84D4902DE3697FC83DE3E2
                                                                              Malicious:false
                                                                              Preview: P.\..&....!:...b......r....d..@.d^.......z..q.@gO...........H.t....L........7....},.IP.:.~rR.....lC...{f...Tf.q&...f".....O........[.-.=."k|@...z../.A[8W...6.+...G0..N;..r-!.7,.Ho.OV..3.....x...zq...f8..........KYTO..7.[y..eu..=5....../...V.`.a..u. ~.........W..f.......B.CEZ7..l...=..k:d.c.Q.....0.....f"..>.....M...]tjP.!`D.Rf.`.0W..:u.$..(.T....%.X..U.X.Pun....mi..D.p'.Ou....sTZ.....Q.$..!&e....1l.>..\.g.?.....x.m..K#jFGj...VQ..Y].9A@G,r.v...e.t...vt.d..1....afr...0..2.qdLS...2.U.3..r.^.....&h....F_H./Xo|f. .M.5!I.=.....V.....W(.}...![vT*.......IB...L.H..P~....h..y...,<.u..zv*).z...l>.{..e{$...mw...S.6...E...j|.."...n......k...\WtK7..]..9P..P..P.*t6................$.x4.N...l......h......G;;...2}X.g..N.2Y.w..u.m...LYf..1...I.F.....=...}R.^('.N. s6F....D..!.cKW..P...;$G_...."....V.....xm..j<.T....D>.88{..5..i6.Z.{.k.=9i\>.8.\.<I.....Oay.fNWlX;..E=.9.........j./.r..=Ye.@...5.M.....>._...TS...,......yU...b.=.......E....?.8..j.:|....f...~....@.
                                                                              C:\Users\user\Documents\PIVFAGEAAV.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.836213429740624
                                                                              Encrypted:false
                                                                              SSDEEP:24:bqiX/xqs302hHIpb67KFGQG0xQ2jr981wWd91HUicc/Sw:+iXx30cokKOuQ2jrSwWJHHc6
                                                                              MD5:8C33FAC8B553571CBD4A5897D0B3A45A
                                                                              SHA1:F6189334145364B8AB669DC384B1E459B77EBE80
                                                                              SHA-256:12482FA1C1917C0CA9E57F2EA9233ABCF34F343A92306E3522F1707F7928B49D
                                                                              SHA-512:62C713B72750BC178BE7270E3467390A8208416D158C838D533F35BC97F3AF09B98E44A0D89A1F2775735649C543CC1F0AAB9CC731422683396BD581FEB21853
                                                                              Malicious:false
                                                                              Preview: Wl.1.W..=.j=Q?...s..2..H...=..N...L...e|..G....8..Y...2.G.?@..(O..YC"M...e..#.._.t/&..W...;..-.i"ld.uD8......~.q.G.G...y..U.g.o.{\..z...u........u7...*...R+2.....'...j...@..m..'.'}..FcE..B.|CB.:..w....^A..s..@.7.u..#...I.-.ie..8....)..~38.A?..0^...T...%..."..r...D&.......l.=0..f.}w..l&....eif.........Z.......].sB5.\&s$K..\.0..25..`....c.)[".KD..H.b.L....o"....U...WU.V'#.-|.T.j*7....0.[...$'S...B..hA.....[N.ut....x..X....KU..da6..]..d.|)].../S..q.i.rw..7r_........##...p.......G..[.._.q.9.:E.....|S..,3s..#......,........Wy...rD.<....6.....L........Mh....y5....y.ye..J.CJJA;.....B..,k.A."...0.M...-..\.1~U...d.....b..3.6I.n....-...,q.U..XU_T.e@....i.@...H.c)Q..*.k.....9.&z4w....L......V0..ZV..*.y........C..j.f.^..O.g...A...=SV...q.v......w/5.f[..)D.."y...9.....=-.;..3.........Y..;.G.....^y.(9qQ..[.2R..%...u..({a.*g.!.M.^m.Dh...]L.kI..~)...k|.z..;+P.3..q.m........G.....v..`&.r.... ..C..G`K..+...C.....B..v+..J.x>t.bR.2.......1....v...1
                                                                              C:\Users\user\Documents\PWCCAWLGRE.docx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.830027372012746
                                                                              Encrypted:false
                                                                              SSDEEP:24:SbOOxUzH6sGmgO4F/dv1JEvfMGtqtNxfRObw+hMvNbqumnF7:EdazdS1dGnMGtsr+ib/mF7
                                                                              MD5:85074504DB71701D2193CED4183C01FB
                                                                              SHA1:A7C7331DE5E09461ACDEDFA9C3B548903AAB92E8
                                                                              SHA-256:5570870D222EEB40AA8F82840EC59D111BD187ED59B76F50E767FBF63B7FD6D5
                                                                              SHA-512:6C7E77367A35F6E7B29348DAD3CBDF1BA458E2EFB141C452853DBDB0F2876A126307343ABF5F2276567DD122920AF93FDDE5A9CFDA75DB8ABDC375DD0B42B7D1
                                                                              Malicious:false
                                                                              Preview: >.`..?...C..8m8...6O.GHB..L.V.L.,.8..rfU.#d.2.UU.:q.9.)..........^.6.I3...J--4.3.......W..<:.q..u.a..7.2...r..L.fy...IsBEZ..f...pF.1...y.l.].u..G.....,-.........P.0..;a....t...{..V..."...^..U9..`......F'(.*.jE..H.@.YH...o.PuZ.|..@Ev..b^..H..s..m.6..j.+..M...cN.Pm.M....l.,7.,eO..e<.....Y..'..K...].....O..`M....*>..f.......D.Tyv]>{...8bL&.L...9...-...SJ.........c.?C..%.T.}U...nD.N........Q.\{...p....#Q8.qll..I....El.xt7....<P..d).z..M...u!.8Q.....g.!.dYx...<~..A.......`J.:u...f.h...?%-).(/..Y@Gw"#1.D...(....m!!.h...E3..W....?X..v..[..C...E..l....9..$V.}.60|m.....-.L7..u...........Z.2.Q..9.........Rp\..yG...b&...U.s0.R...A.<.Cj..E{.*.Hc.#.\f.WH..S7.b..2...{.\...d|D..L......X.,.......Y.H...3..K53d.B......y%.t.A."]...Y...;>...`.6......ap.x...]..v.4.?h@.;..OY.....Z.....8...@A....d=.M.....v4......!cG.&.nZ.......^^;[K..B.(Oy.a..y...3_..\...'._..~N.!@..a.....w.cH..~:w.Rv'....;.2bj(%SrW.....H....}.3..c..<oX`.x....5.'.O...iKagU...f.K..WSGgQK.en..
                                                                              C:\Users\user\Documents\PWCCAWLGRE.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8410441449661805
                                                                              Encrypted:false
                                                                              SSDEEP:24:S9y5cLxnDN/dFJZBD6sb3muJ1VvZJT6QHwkQ8HAAj92SPAGqQS:SS4nl3BMuXVRtAkDHAK2AjDS
                                                                              MD5:CE6FC407060AC4C84B0D21EB5E180FC3
                                                                              SHA1:DEC35B53CCFCF7A03E2E62B0EE13B76F8D30681D
                                                                              SHA-256:CD2DE4ACD6C823FB59B174D05A77E394C4B6C9B4870396A48D71F94C53507AA0
                                                                              SHA-512:981D00E6268253C8F1D7F821C3DE1003D41528F6D696C4AC903949407F2F840DE72F3D587FF85871FC4BC0784D49FAECEC93F6A49C1E420B4C9FD7E2790038D2
                                                                              Malicious:false
                                                                              Preview: .a.^8d;.%(.'.]..{.....L.*.n?..Q...m.n....g..J..c.......%x.x..rW2s\.1.06i./.f.w.'.Zr......R.J..U...E.k.c...R..q....{..}......X.... .6...T@..I.M...d...T...@A'..w.#....x..DErGO.j.;.....Z.f4..........'/...........'GDR..n-..Y...P.Vb.V..v/.x........H.V....^.^....4..Y..).....T;....g..h'. ...+I..'..J..O...DGw..,..6...Z.......w.-d.....E.....)L[.log...pU..@ww..Y%...<...?..G...........B......;...x.@N.g....!..5X...{....%...]@.PP2.ob..'.F."....`Nd..*..E...&j...m......1..hg. ...E..,.1...U.h.D]K|!ik..M+..ML....U..~.^.3.X...7D..m.'/z.v......U*..)..S.lV...\..~bZ.....8.f`J...)..3 P.=......9O..B@.^......XJ:.!i..}..06.....0.|.e...)..[E..V....Cuf..L..(4=.-.em h.z.\;M...f.T..v.FDn....|. ..&..t.VM.H.P.Y.Fn...!=...Y.h...t.3.~..iW.Z...6$...L..'..........>Nys.i.Oi..K..D.YW.H..Q...yS7fR.A.5.3r..xlM..9..b.qg[.O..D.HZ.I_.<%a.1..v..)......<.!.....^........._).|.Mu..b..y..Y.[A....ampa.\..B..?+0.^Hq....&7....z.t-......d.V../.vE.........j%d..%.........GS.%.d]Q...-]_...a.
                                                                              C:\Users\user\Documents\PWCCAWLGRE\BJZFPPWAPT.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8020869543017755
                                                                              Encrypted:false
                                                                              SSDEEP:24:6uwr4FodkwgQ40Y0ulVL+8VH8Y57WLsZgHlS0cET:6NQodoP0u+89/1GFS0cET
                                                                              MD5:95575817D20382FF02A56F384072983E
                                                                              SHA1:8FC1DA78E4BBB9464A956E1A8AEF0248B4157F4B
                                                                              SHA-256:2531E289B2C752B57278573426EBEE39A29469C39822CBBCABEC37CC1DC599FB
                                                                              SHA-512:E46A8BD6ED710DDE0D1BFE7E7F3DD4E9EC39D8CC3B61F9A0A40D8C8E05E4F8FE65ABA69EE1AB876F379B33F391DBEE685917C7D41A227EC7EFE9F6C7CCB554B3
                                                                              Malicious:false
                                                                              Preview: .0.}.P.^M.-..g.@........P.M.b....i..^.L.j...9.......DpDR5.....O.;.[.u/.B9.m....K.../.0P.....1.[......P.4...'.&.Z........#...T.Z.../.CA.W.;.5.|*.......a..0`Oe._...........D.....w.~[.y1P+P-.c..e.....;.x......7.yK7....p>g.}..+.....Z..8...m...@.4`...4.y.C.f%Z...P.W.U.u.5.W.7:]....&.u.Be.....B......e.E.M.*k9..q_........*.'7.yv.M..ct!.1_..].Tp.#.{.......Q>+]u.k.5z.y.i.E..yVT.z.{.A.O.....RQ.............IB.@md.ZJ.0.D|..>...o....k]E..p../.....#......=..9....:GE...'...2Np...@.U..8..?.M...n....l..Z....U....<.`..t]....U../.V..x.Z...4/..c.et..f.q.b.V.C+...G.d.U...m..t....nM....,.t._:...0l.....r.N.R'...HPQ...gU.1.)...O":..|..3.x.e.6...q..4..qO..J......34.80.... ....1....]...z.,....j7...w..&.kJE5.,}...[...6.......L`.e...-s.s-X83S...(.1o.w.....hj.0......3.PO.4nu..E9SZp..!=i...g.y...O;.sP......(.E...SSS0.P.].z....m...n.....M.......+.Y6...G#.H...v.Q..9.H.2.Bx,.9B..ucB....C..6-7m...<g(.`...=..fgI...CO..|.....k..X.x)I.]*. .]....#@....i.q...|.C$..Q..x......C..W
                                                                              C:\Users\user\Documents\PWCCAWLGRE\BNAGMGSPLO.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.805491916812133
                                                                              Encrypted:false
                                                                              SSDEEP:24:s+seSQHj5diLkERsVWphKRLEyvtVcTlOyB3I/EXqUItPQq:h9j7izWYoEyvtV0lO2YMXGtP7
                                                                              MD5:92EA87769FFD9E8B793E291BA054396E
                                                                              SHA1:7EC8EF296A3AC9A07C1A67B8D2039514A45CEFFE
                                                                              SHA-256:5F8D1BAD319AF6A27BEC81B722376D3E672089073B75FD7FE82A213BA16ECD3E
                                                                              SHA-512:5E0EA69BC440D6839F8039C35AE800EA3B9EC2091E16C21798C8CBCADD209E5B8C621E52530092CD32CA0CA2F41054322D4F8287D91C20E334AAFBF94606CF13
                                                                              Malicious:false
                                                                              Preview: .)...b...Uzu..u...F.v...b.o.t.../..h-S(_.#.9.....N-E.......y..?.....rG..G:O...D..k.<......`N.....plo.S.....4..i.,@...;....wJ.. .!....".0....[..S...+js.......)..G.A...?...$.......g...b....cvB....S....#..-.##6..MU..DgCg...].6w...!@.?<.p.....A<.........v...[".w._..K.E..E...G.....(..Lr.r.T05.]Z..Uf.B..r..Ob M.n.l...bc..l..].........qS.&c$&..!....,.:v..#.......?.`..a.:W.....T..2..nH..v`...)9...A7.p8...-.N-...e.@.'.Bv6&,...c.S..7..K*..ZrS.o.z9.......:.KO..^.H.c~...9.sJ/v.k..Q....Q.!..._.2.'.2.q....;.9.3........cX...gd......f.....,e.z..&.c.t.S.q..<n.....^wkv.f.zv.............s.....gNh...|{..X3.r..R.Z>....r.....s{".mR.<.'......L.J......8.'J...OJEgC>.i...z. C[..FI.!...M.4E..:M....re)....9n.@....v...(.....3..XOJ..R.P9Mai.[yq.A...^h...v......!.....+.).......B.#.....}...1..}........+53.....:.SX....A.b.)....fD.Bz....!.....U].T..,.q.r._.[V.HwZ.P%.f.....`c.. ....4....=.."^9oz.....bV.[p.Xl.".+=T..h.g.k.f.}{........0.A_X....L..w.H[."L$[.[,.2.......'-._B...
                                                                              C:\Users\user\Documents\PWCCAWLGRE\EOWRVPQCCS.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.816237960843341
                                                                              Encrypted:false
                                                                              SSDEEP:24:wZDJMOY4wsTOhfl3LcZ5nRs2RHjDUkmew3:wZDiMwLloZ5a25Ikvw3
                                                                              MD5:27DC30F6B62015FC3DD51318D656B9C0
                                                                              SHA1:EFFF033BF14055E01AA1522782ACCBAB10007B1C
                                                                              SHA-256:2C54486A9D9F5B611B18E2B42E2E38B66177BF959289CB98EF8F0C3EF13C012B
                                                                              SHA-512:CC092E283225306E747BCCEB14013158D8329C3CDB2DFC96B00CF7606B4A34D5B9A17A7C4640168ADAE1E2452A2928C4146B0D461182C4D4C80246EA639023C4
                                                                              Malicious:false
                                                                              Preview: .\Y.6B..j.).}.DK...........%.....ve`...9.j...i.#e....PF.m...u...........V..^........<c.1..+.q.5..+..S)..Y....k..*..R.%...H5..^..RZFN..h..l.$.W3L...*..8htq...Z'..gz..g....{j....le4._z71z 2O......_Q_d;.,.\(..%.....%..m.T..). ..<..u\...E......P.b.m+...P.;z..$L........14D..h.}-+.n....U....x...g...{4.lb..-@v..h.H...y2....5......T6...../g.....#...p.0.`.a...qj.D.k..n.._..e...7f`.#..'I...>`4.....Iv.@...../]...!..{u.~.i,PDjq`..v...~.....Z../.,xH.....xo7...]..M5...<..I..^#v"6.t.....>;.8:..o..s.V._hB...6....B...1.J"wHea}.C..{..)F..R0^..v...Q;....%B.rD<..I..8.s...Y......$.5d..J....@......FUx.0.R.5..#.~6.tQ.lv. .K..E.L.Gd;...s...!r.."I...._~*.2......*Z.|.:..X.................r..B...U..Uh....:C..>V<O.........x..+........u&(|....W%.*.[..`0.<9.}.}...Q.B.r.(F.Ni.W...N..C....w.<..W-.~#k..U..9.....QA0....&P.i(..+.....[....iM.y..d.......{...g.....\...q..9.+.x|.....E.q.E.l<wknxD.".{L..=...g..pW...q!H..2<X."L..=r.LR.X6......&..)t.h.,;......
                                                                              C:\Users\user\Documents\PWCCAWLGRE\EWZCVGNOWT.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.812498590621535
                                                                              Encrypted:false
                                                                              SSDEEP:24:gHjCtYbNj9mXT39ojCeYCJ8M17D7usEbMwvib8ghvp0s:6WHXTa2e8Mx/utbMB8ql
                                                                              MD5:E4586192AF1079EBA7CC4C40AD682EBE
                                                                              SHA1:BC1D001253C450D48CE559D46B3682B0C77F7D31
                                                                              SHA-256:A16B1CB06274BADECC793923DFE73DE01DB80C6A541EC1D9D229EA1A8CC36102
                                                                              SHA-512:9A4B7313D68F56375EB3112C66B2BAE03F3513B0A8782355A9050092F70AA498780B23378A51444ED94E4C4B347EF6470304702550C761E167CCB6CBD31F5487
                                                                              Malicious:false
                                                                              Preview: .........-...3O:....o..Y......l....fYf.b!..j....r..c..L...<.<L..B.r.u..x.H.a...^.l..;....9.@t F...ce.p...D'.....~.....+.(>...m...}..X{x.2.~.ws.....w.(......]..X...:..j..M.....w.q.....;...........KA......1..6......"`.Ea^.`$L9gL.4qp|.<m.<&.I..9.|....O......0W|..K..|HJF!..0..x..........N,.>y..v..zfRV .4...u.%.........q../._....^..>b..A..Z..C...P.8..M.|HD_|w..%X..Tv..p...../5.,.V..HV.f%.=.p....<.V>K...CZPT.;....f2y...P..P......fE......!W....d.X.....(5D.^....h..[..h...xlS..=:...\..,.4.r.ny4qqH.v.)._!...Q.5..J.....g.../u.7..@..b...Z...I..0y...'....[o{P.I)..e.,..#[.....1..#.....Y...O..,9....zEB.L..'~X.y.V1....V..M.......T..p-`I...1....}.....Kt.Op-../0...Q.`..XK..g4.pDR.x......P.p..b#M.c{..... .S..^...y}I.Y...`H.WL."$...F.`..O9XBiFH.L.>..M.......P$../Fe.i..f^.).u..._{.v.D.sQ".2.xF.#...9.......n.@q7.....{.U.M.W..G'=/.....l{.k"............c=Y..........Y.ZOh..{.}?...:Fy.....+:..}I.0.V...1k,>..Q........f5.,.w9.1..E.].F..,..P..KM...$.P.......y.C.r.K~..
                                                                              C:\Users\user\Documents\PWCCAWLGRE\NVWZAPQSQL.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.816449196227152
                                                                              Encrypted:false
                                                                              SSDEEP:24:xtjvbqx4RwKN+FBm0uez+O1iiXqqL/Z0pOLJcGP2pwqRkUB0PosE8nsf:bjjxiKguezt1iDqF0pumG+pwqv6u8sf
                                                                              MD5:C2C726F96D3D915BF27A4B89E5D89B25
                                                                              SHA1:7ACCA2AAE0BFB9116F6C21FB9D422E14B7CCC7FD
                                                                              SHA-256:E4CA78B7D5A229D9F35A7034020675A3C29C938D7EBA34FF82820E9BF93257A5
                                                                              SHA-512:39F7C8AF3F936A571D2C6EFE97F72E5F33A4F6E2DABC408185CCC53A028824619A9677C623E8E53D8987F124AD8B615B87D2981891DBFF9AAAA22098A8DE3231
                                                                              Malicious:false
                                                                              Preview: .i.#..P..K....8.-.E._......5"..c....+...&.!...-.....L....+.]D.LI.v....%..V;.;AW...)....(..3/&.ED5.I.J..>s..:..U...-:\(.H.>..'.l..~..6A....Y..U.a....;.;.:R.....vH....x...k..n.N-)..i....1.^.....d_..8.Z.P.....8.#ry|..r.....Zy......x.c....mj.D.T'.*....)../@.vrR8(......;.F.~.&.^.r..nh......#.,.....X<_..h....-z..%.5.6.q..?&..#I.#6.e.... %..\.....s.....].:......b.y...&.cU.?k.........}..K...<LHa.....t...r....G...E_0..;..E-....k..a!..;.....N21D...OW&v .i.8..h.k9.....z..w.4`.pt...~[...(6.s~:?.....v@t2... ..cm...`..N..+.n+$.6..J@.%b..X ...Z~..d! ..X.y......a...."...-....<....$.7.........H.o\`.ox...t.B._X...z..J.X...F..%........2;N..?c.f....uN..6..u...4.>.....dM...E!..x<".s..P..._.eRB.....X'...&ll.B...;.$...o.f..f.....T.R.Z..W...km...z.j...0.c&p_2.........M.Q.........5.. Z7...k.!g...ic..p-.....F..7-_...:J>..H.. .,....."(v....x|.$.*.)...].w.=...wx..U...C...}...f0../&".V....b..l...7v..~...=).&['........".Z.........p..'.+ppnCS.I..O..=...>.....:@.)Tg..
                                                                              C:\Users\user\Documents\PWCCAWLGRE\PWCCAWLGRE.docx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.832161676974551
                                                                              Encrypted:false
                                                                              SSDEEP:24:rl/ISsgqlvH/mMLe2zb//0m6q/S6tYQD6BopDsJLwSq1LUmD:rNylPuQeob/MySlQmBkOvq1RD
                                                                              MD5:84929F9857DB67482AB25F0FD51F0FA9
                                                                              SHA1:53EA185A88977021A7E2A61164A6DBCFCEE34B2E
                                                                              SHA-256:640AC8EC9EB50C5A812FE34BBB3302D0F1983F26CB306F7E20795B7790D20648
                                                                              SHA-512:1C110D89606FD5EF2ACA71B34B65080048FC933E3AF758A51A3545FEB9363BB3B954432518C8FDE571612B293B696845B4FFCE8A00E9234D772092B3AD67C1E9
                                                                              Malicious:false
                                                                              Preview: ..sR%=..@.D.b..c9a..%. "\Y...`.[LV......N.Yv....;a.(...*Yf...T....:.....D|:[..../...E.~z..\.8....W..6.Q...9>..Y**......8im..} &Z.S_.~3.....ew.oX..l,.L..l.q{n.Y?..v...2....c..V&...:vK.......G...D.Z.`....{..?.U.I.Nt\..g....l=..1!+.p...4I.#..).b.-Y...0.*...}..{..TB.....M0.B].....r...._t........L.?>.....-M..+b.P....<...J..Ved..+.)..I.~.:-i..%...3...V...m.cG..C[.7..7..l:.0E.7%..+C..M.......%.......%.....X..>.\6.....+.6.:.-.r=.+z......... &....i.h....V.,....p..x.F........".T^...S..t...bR.Z.S......' .....4N....w....z3?V.t.....i|>.2....-{_NGW.z.?..."0t"!..H]..a..E.G...ul....`..p.....KA,...Z.`R.(......q. .....:[z.B...u...$P...x..vC?...!N^.#.P.I.....*-...y.....{...Z....DQl.3[.Q.u..j..o.......l....)W......OM...5.{f.s$.U}w.K.~..".C.;..A......`l.f...8..uAW:.*I..xd..k...I}Pa7.m"..*..[.G.......@......).p.=TtRY6ZE....G..^y.3.5..Q..xLQ6P....v..:.|..%}..K...3..R....i....zC2?gi.5-g,.4,v>..l....^..y.N/.2.6a..-...N...0/..Ml..m..Z...z......~.e.j.7Y.,~~.I1
                                                                              C:\Users\user\Documents\QCFWYSKMHA.docx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:COM executable for DOS
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8412701127613795
                                                                              Encrypted:false
                                                                              SSDEEP:24:WDlDYaSjfDMS8MloIt9tJIdTZ+Z7lSw19vpQxcCUTq5UU1MtM7/:WvSTAslo+vU+Zww3dCZUU1T
                                                                              MD5:E4EBB90EEA093C03818F45BE6BD70AD8
                                                                              SHA1:A015714F50419E2C5421BE55A037269FA0FE5241
                                                                              SHA-256:F85D05A5A69C261872796AA9782590E79E988B7F601EC11804552DE74AD8EC2E
                                                                              SHA-512:20DBBEF4FF9527329EAF33E1BFD38E5EBD3D5E37B1639E6D41063CF5ECC9FEDE21B5BF188B506FA4F8F1920790F268EA81A1B42CA563B6A59F70520F8618AB2F
                                                                              Malicious:false
                                                                              Preview: ..T.U.@.r......C`p8.2.. z:.w..*U!x....0......0.l.;U;_>;...T..f...N......>x....i^...u....g.7.k.V4#CTW^.....a.L..._...E....)...kEn..R8o...B.....{!G`j.`.....O~Dv*O.B.w7..O.X"%.Jv5...u..1d......Q.u..wRH...{../.".+.w..$.W8.....!0 ...v.....(..h....E...M.p.....Le.Z.k.......G........&_...z...X.K...X....4...My...V...31.|e..cE.IV....R...G..4...r.....g[.e..^.D4\.B..... ..Y=........e..........>....<yI.7|w............by#...-.u..YT3[.D.`y..n.b....D".E.....a.G:>..,.u..X....i........p|=...U.U+gyE.n0R.#.{& MM.2..i..9Jq.}e....h.L..c.9...`.....P.w.j{.I.u.".C...X<....%~....<X!..2sG2".."V.|.^_p.f.9..m.CjZ..FvR.'!.2^....a.\..c.8.!.%.....WN.x.-.......d.v.Y.lR..B[....k.B+...]?i....1..c(..s.@I.9.w......2.D..}..b<..... ..Ds..-^.....O.....6.Yi8M?=.Md...k.@f.b..6.<.J.._N..&.W..k]..N.J.c.|.*......|.Y;....O......r.rnG.. .PemI.S.0M.E..JX..Zwd:.=kr...k.a[.y.j...Y..D.J"....*..S..$1...[...........(X`]#.K9..Aq.....R....@f\.U_...W...L..o!...$$^...=.[...kA..0@*w...]...a.#.
                                                                              C:\Users\user\Documents\QCFWYSKMHA.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.821944727517408
                                                                              Encrypted:false
                                                                              SSDEEP:24:cN3tXmc6LsQ6MPjNOp9v0jmjvrAzUKibk3tPrQ7hzH:q3tXL3NMPJOpXANNruH
                                                                              MD5:2F2A3E1008F562342BEF870E41B3C610
                                                                              SHA1:12E832B885C6B8956F4A1F2B4FBA1202A89AA6DA
                                                                              SHA-256:2300110E10D021ED8914EEBC06D937075E7A1A3E03965B75155A9BD7F8ED2A98
                                                                              SHA-512:282593CD6662FECF045A01E056091BA75FAC8A42B8153F923928E359FFDDAC687A50BA8D5525B23A98CA19672F08B4331990DF191542FAE94AE08DDB1D2065C8
                                                                              Malicious:false
                                                                              Preview: >..Z....2.......2.Bt.;D....G..#...5....2X6....A..e.j.^.....tF..a........%.o}...8$.}4.o.-.}.a...LG......^.!f...F....h.].N.....0.$..U:s..wWf....5.j...aw.................+D....r...h.........>b..u.7.kHM...-..v..O..w_.%k.n.].r.T.WKLG{..4.VI...52.P>.=.c'1..F.,....8N.....n<b..zC)....?.......N..."......{.?....T#o.2SE.~..|9.!I.p..Q..x;......"..k4,.12..Jvvs..%._.T..a..h....\....G..C2..d.....9..{...G.....}P=.8.D5.].......A..%9J.E.[....J...Au5..:...._....2...5r..w. 2Gn.......f.=.L3..4.1,Em..UN.V...O.....`?....7.H......q.....s.N?.L,.D7..K...*>....Z.!.}....J&......|...G.5608.....g.g.K..%P#...k.a".;.......Sml.puS.OP....7....<....~x.w.....c../Q......%....h$t]..2R.&?...dE.>f....w.#.....l.G.w..,3..c6.e....35W.p.....H...n2..4..........\. ..S.....M#...5.....^....=.Dz......"....KM...J........R.A2b.....].....k. ..6LP.cWA64.obyBT.Z...rja.26.^R... c.*.....z+....f:...V.X.y.N.4...'.:.S.-~..|'..Js..&.q..f..p...q...( L.Ln....w..!.u.7..s......=..qY.[.U.&
                                                                              C:\Users\user\Documents\QCFWYSKMHA\BJZFPPWAPT.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.813271528145213
                                                                              Encrypted:false
                                                                              SSDEEP:24:7sJ0aQ6K+Aq3slaOZ3zaCXsop/Fzy46J0ga2h4r2cOygJOJP9ko4t:7w0aQ6KPq3uFlzaC1I/0g7NrPi9kHt
                                                                              MD5:DC4CBB70CD53623ADE8AFA2193BB1DC7
                                                                              SHA1:F46C7A56D3D7F82A3640D56967AC025A94F5E294
                                                                              SHA-256:74A6E2EC7AD00F41E43C11017545707777B562C103F71143D7887448CC54FB12
                                                                              SHA-512:B9ACC7A44781D4AAFE750CBE07763C92964E594F108DA683D72C9B0D9BB13F05484F47955CD79518F151003F1BC3206C428112368FD1D2B5872B40D4ED681625
                                                                              Malicious:false
                                                                              Preview: .'.."....5G...0..n.]7.....Y......jH...^...%6c.=~.2..m..s.=.J..C.:9.....!.>.z...6...tQ...\aT._e...`..#......@}.OK......]>H.XT..@.t....X....X..x .. ....Q.....z./)F,..Fr$A.k.c.....$_`.9.S.".....s.......Ys7vb..(....Sf...?..]...........t.Xz.l.[.?.i9n.b{......s.g.v..f...P......K5$...h..HZ..r.F.5.X|.,A..u.M....P..<...1....fqAz.8N.;6.....B...........hH.r......z.eV..<.3.np...lA.....:.v.j...?.i...............l..w.'.".Bm.B..U..Yte...=.(...iA0*C)..*H!Z..M.&..)x#-...X..:0.]/p&tU....ps.|.N;..$..i..../k.._.s.?..G.B/........K.m......w...}Wv7.z`/.....-c.>!.o+uE..q.S. .Z....63..RN..E....(.V.Z.LRO.,......)B.1r.yP..;..w.ja.B../~Kir....k.iS.w^.W88.>.._..^.....(...U.(...W@...........=S`P.`.. .b....7.jQp.+.OI.....o(.....'..]&..Ni.HH..>..t....@........h.Sy..%..'.........W.N.p^v..Y......K8m.X..H,o{..K..e.C..?<....bQ.Bs..U..............#x....rZ"....%$Uu.l..E.8.......H8..'09...6..t..........>>g..C.t8...U`Uw~.u^.TT..........)...j.4B...........P.....Qc.Lqz4...w(..W
                                                                              C:\Users\user\Documents\QCFWYSKMHA\BNAGMGSPLO.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.795319809832779
                                                                              Encrypted:false
                                                                              SSDEEP:24:Y5/dchg3Nc5a3XSIv1aCQWJ3S2fkn1FNfdonN:aahSi5YX/1xjJi28n1FNWnN
                                                                              MD5:CE52BCC018C87CB3D7C3E6B9ED331380
                                                                              SHA1:EB72805A80303A0E481B40B8D3F310FED886AC22
                                                                              SHA-256:3C41813CE8A6977884BD5CF25BA8F30BD3364894C9B6DF0EE4AD4CB40964FDAA
                                                                              SHA-512:FAF84A52E7475F5760A8E85401656DE531BA52F0B0E298034D8FA16F62BD2E52F1AE8DD46B882B2489F9D390AA9BBB8B53957C278CAECF8D26DC20758C1F9DAD
                                                                              Malicious:false
                                                                              Preview: Ps.#M..o~.B/:.LC...I...C..#.s.M....{.M..a....Q....S.IO....Ls...../.G$...C..P...........VKi....?oL...|".....K..d...*..w.../Yqc.........n@.\{.Q...%ss...u.'.^Wa..u..9...k../.b:..Y..2.6.)iD.^....Aly...W.^U.?H.].Vtq.tA...>.....]R.Zn....?.Y2l...f..`.....d.........^..6...`.....7.i...B.....cW`...G:L..7@8+...Si..y..1i.Z.. J.`a%b..UJ.....)..........GQ.....Y..$..d...l..>n.......u..i.\.U.K...h.Zgu.2bAz0.......c6&I*.C........>B.p....Mell.CR.k..&..r.yX........,.k...6.o.)..`Yk. .....D.....m^....s._79..WumP.B.R...W.Oy...Lyn<.8.UNK[`............|y.jW.h+..g.HQ...K."V.'..l.k0n..........9T...E...'y..........t..@A.0Y8.;Z....w.y....`..8....F....s.uK:...h..U.....fo..........Dqi..,,.._3.F..K"~x|0..{c.rw.7P..s..[...@...%{......&W4.7.k.18\../..=.....jku......eb.K...].......%....[BM...l7.......@#)...6.)....$UD....j.M..Y.=W..XY@3g....x...;R...B..%..M[.........;Y.)5........#..c....t....Um..77.J..]su.Q.... .QN.....8.!..O..7..>..t%.2..4{.4"t..7..+.M.\O.=..|../\...$.A..G-
                                                                              C:\Users\user\Documents\QCFWYSKMHA\EEGWXUHVUG.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.828477548184365
                                                                              Encrypted:false
                                                                              SSDEEP:24:N3HdVETeJS/pRFBC7QK0uJgj+tJg7roi4SQ1la:FbQeMDN+tJwH4Xa
                                                                              MD5:8AB2609C1A596021BA8B1EC2091AFFD1
                                                                              SHA1:1C6FC280F2DB2489CC60C0F0C4AD9B32136DEF1B
                                                                              SHA-256:05D5E3860A3C2635A0032CAD4C6C61AB9030142B352E4FEF488EF840E884F99C
                                                                              SHA-512:BF0BBD6F8C5B4E066DA7E9DA149C293099942316D5E6A8EFA9B6ABF9B589A1C9B842FF30DF14A84A3CBEE16F8C68818D215E20065D23DC4E67C4EFFDEFD594F9
                                                                              Malicious:false
                                                                              Preview: z...ME._.R0v.u^..4.G.._.FH.q...v..B.5..?.....b\".$r*..+.<S...z...I.1.b.GT.!.SA.).T..B..P.u..s...N...pK..!.R.w...QVv..j...lj.\.._......HFT...*..K....+>g...p.>0....@.........='.xk...m..q.$uP.K}..l........Hg....(.....^..,..(.J../T.i.B-.OL.@.....bY..50...."..I.ZE.F.Vo....l......b.......P.J.&.R@.Z..Q.<Rw.w.t.!.sd....1-...z..Q.sn./C.w\(H.s.#.n;.`...i...#f...{.OA..O..x!.m.)T..pa.Ci.'....|..>K-...c...Lc.....9..6Z....+^.r^......V.5..&.G...;..o..a.`)++W.#..'M.?.".V\8.....-w...LX..n.......x...j...F.2p{\..%.ej..........e~..%@......]g..6d....!T.N..E.j>.h.......@KI-.^*...|.....G9...-.Zr.1QS>!...p..Tc..t....)z....^8iQ5..U.....o..%..V..1....c..o...q.7'...p...+..|.}...vTj.!G.mv..K....9y....?..B/.....i7.l...R........5G!.*..t...,..g.m].7.B.X`.LkJ.....O."..1..h,..X&5.B.."......XN........<.1...J>.O......{.+R....|aj.q.|]./n,N..r.D{...$./_W..$.6Ei..C...H[UV.=...........H...:.i..B#.i.....s<.>....2.........uoV..k$...."...W!...>.+..7...K..}..('..)......
                                                                              C:\Users\user\Documents\QCFWYSKMHA\EFOYFBOLXA.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.832596010414211
                                                                              Encrypted:false
                                                                              SSDEEP:24:IK3/urOyCTU60siqsPFhxky4J1vCYCNx0zaGs5VoQ3dQ:IAuroTU6PiqUhY1KYCNx0zSG
                                                                              MD5:A58983902638AA219ADE1BEFD324EC4A
                                                                              SHA1:D04DCD4705861674C7D4A4DB355E9190D8CB6F57
                                                                              SHA-256:DD96E3E7B498278E466F40DE58597A57F4F33E8D134519B68A5BF93B569A914E
                                                                              SHA-512:9015470E8D258D971D66A541DC2E73C11E93A5564B5548B5D5BEAF1908DB9E3EC9774F352596572E10EAD4ED1ED87924323CCDF8CBBCB53A445959C3250259B9
                                                                              Malicious:false
                                                                              Preview: J............!..x(..&M!..)..k.*.C....Cd..h.=......O...oQY)...7....X..N...[.16e..$...[........z......l...I..f.0.h.........y`.....r.:..(.el..t?[...v..Uo7.q.OB-'QA..".=%.T..G..R.4e.w.F._M3.M.l..k..!{.O..l.'.k..`L2{K*.s3V...n....<.^.......J.....|..k....ak...]$.c].E!R....m..M...h|.....Y..}....dlC....!r|.w.="....^..X......."X#.j.?.?.X...>?...d *.9X........)4...x..D.%..t.s..Wb...g...!R....q8.r.=..0.q...9GB.h..B4....D.i..^3..m.g"..&a::m..`....a..C........S.:.....9RO..#&.....V8.b..;|1...0e.V.H...U.H9..r\(.U<.<c.....$.nPT.:..sq}Wo..7..r7...6.a.<.:...v.G.....?.l....].:N......)V^...b...if2...F.~UA.m'..<.5n.Q:U!..d..*@p0F....E.gP.*...Z..@.c.G.ye....P....}..9...;.K...MQ..`nG..[@U..X....o....g.N...nS..G.?.?.%Q..~nM.'KO].....b.5W....x.......}/.....). |.e.3...B.$.5.H.2....[o5..}.M.o6....o...w..x..h.T^q...-.........7..".l.[3....sr..0ubxsw.33.=/.....]..`-...a.s.PC.7M:..Z.>...(..._...8%?uM.gy&.C5.r.*./.n`f...9...;,}7......D.E-by.4.K.z.X.Tx.;.e"....&q).*........kgI...c5a
                                                                              C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.840470415551146
                                                                              Encrypted:false
                                                                              SSDEEP:24:Ek3ihWjZvVm/HJOqyq6qJUrzlbzWWGDjs1wKwZP2YkrXF8J5PYbvj/UadxuE4X:EGjPmvJJxSbDQOYkrXmPY82xu
                                                                              MD5:579262F2569CC4C24F79A0F95DA82995
                                                                              SHA1:228A1CECD3EA69BD54D5DD69DCA333E1536E49F9
                                                                              SHA-256:217E975B2B67E5893CACC151CCF496A1F98D702163D16B88B96D09405D875A3B
                                                                              SHA-512:A51BF073D36FBAB9344F1451B6CDC0FED3EFCA313F42E83A193278B18D00873C01BB39006B9D75CC9799C0C84E6B0EBE20BF688801301D9E885520F5326C299E
                                                                              Malicious:false
                                                                              Preview: ...b;...&.....D.1..3...n...'.s.....H...J..O5...f .4R..UZ...?...b..njc/K..>..23J0..t.;........k_...7..t'...;...bZ.&Sf...RB#......a..3.l.L..Ur...k9w...K.m71.{..S2....H......@.................|E.n....&....A......E..(<...e..06.E..:q:^.[V.g.... c.3'L..C.jT80....N.L .........xD.C.{=.. K..FF.(.3[L.f...hj...l...r.....UUu.}-.Q.....RT.F......8...qZ.Tqh.Y..."..{.2.D6tm..BHF.....k.TN..K(...`n...=...|.y.4..`.w+.U....~.........:x.}..y..y_z....%.yp.....=M.0[s.J~...@.....*..a.........)....9f..w....)...\.fb.].7......zC..Ij...{X..b.ZK.t=..N`J9G..p...YC..ntij..P.h...%....Oc..0a.'fQ.W........t..yK...,...!R1.b...5~w9..qm+.v^~h..........%B.....j..........Z[W...[..F...[...?.".O....8P...D.V........s..6...c.x~..\..H....I.T.(..B.-F..Ub.M...&...<.._.......{...E./..7&/......F.FQ_...V(<..):j.|R.R.c#...L..d.zP-.v0q......)....[G...(.gb.RME.b/.70'...X..%3/.........|.b...$..d4.2.a.v.k./.i.....P.S.P..].U...%..c....Yz...JjWy.c=n;.vh..cpa.~aC...8..o.<2....wm.$.ke.S...
                                                                              C:\Users\user\Documents\QCFWYSKMHA\SUAVTZKNFL.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.845861158345114
                                                                              Encrypted:false
                                                                              SSDEEP:24:tiZits1jcBOkvoh5OHFn0PjqdZ3t/xRDn8yOMNQ1J+:siSqZgitdpJQmQ1I
                                                                              MD5:C80E8065CD5D33E7501CE06CDED1A2A3
                                                                              SHA1:D67CB98AD5D8360095940812B13A2FA6F99A2DE4
                                                                              SHA-256:F483C51F0A6FB2CB8C4BC6B10B750FC6A1093CC6A56FFA2BD4E3B083DA17CE36
                                                                              SHA-512:3C17E8BB661704F75B8A48FDEBD269F80B5AD2C7FD5A864D29CB2E15A8283083AC5453F6554F3A23DD250BF865C77D8E89C25796D52D4ED153547EB74F026DFC
                                                                              Malicious:false
                                                                              Preview: J.+....d..G...o....s.....[.=..u&......". .Z......)A.qz..tY..N:u.u$......j..t.r.B.\...G...Z..nm0..w.~.b.2Xj.a..Xh..=.....p.....g'...in..4h..:.b...5....9....a0..*.BH.V.w.2..]...o....\.[.{.O+.'...l,.<.z.v......O..th........a.d.....}.Y.1Sw.2.d.s.\y..i.{M............@D...G.>.+.aZn.r.*..~.l6......ng<7.~N.....c/6.Z./.~>n.....xwW......G./..+Z..'PWk6.{....u."..5.;.......j.dV.j'..>.j.5.{A.C..>..4.el.t.....i..=.%Q.....#...Y).$..y..H.$._....}3!.P..>&/.....D.?...+T+0eR...........m(P.`._M}..o..-1lk..MLi.f.E..>..d5.6. ......E.../e........6....Q....B:...y.clBS.e..R.~...:&......R...v...((.Z.L9...}.-.O.n~..Uz.z).OW.p.nm.......Pgv4...`.......D.....).|.XQ.9ZQ.8.A.d..Z...@b..]"...V..3..@N_*..'.+.8...=./j.R"c.&.nPMF...W.&.,?.1..G.+..T.a......[X... ..&.'p....ZE..~].c....F........3..Yj..|...'p.U\.Y......4^F..LK=W...yNR.y >.....j..{...`../.j.J....~..[.Kx.z....v..h.S.khs...m..;.>....=X...1.*...W.bT..Y3.........=........w....O8C..-..... .."5.m....q.n%.
                                                                              C:\Users\user\Documents\QNCYCDFIJJ.docx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.797717940432727
                                                                              Encrypted:false
                                                                              SSDEEP:24:FAMF0GjmFjzT2xjjtLItyqQmF+RiJsRpXHHc:KCbmFjzaNA00gW
                                                                              MD5:DEC951A8F23623315A9C335571A212DE
                                                                              SHA1:A400B41EF09142D592428E3A78A228F672F4EA5C
                                                                              SHA-256:203733FA76C92BEA183D64712D59AD3D8C351512DB842DA5D0DB2E8A82D02801
                                                                              SHA-512:7DC25C0FF0A0B014F4EF938537B44D248AD69BD411A5327F5E58A50A0A2ADFCB2FF76D1527C80FC9E6BA0CA2B488330057FAC2047F68B1282B576FC2EE6D4172
                                                                              Malicious:false
                                                                              Preview: F...B.n......:F.$.X......s.49.E.......A....(...8'9^..?P.w...@xQ.#..`3}.(...U...+....7Y`.4.[e.....5.D.5 .Qo....F.@...k...U.E. (..?m[.>n..(.C....(..@.5b..p..%..Jo`*.0..O...Q.......x]x..-...t8..9......+..&...-.]p-.....F........"..bj...Fp<..Rp.~...... .I...t...>.G._F..^i&.B..[....(....A..g...t.t.g..0.._;..#.B..ur.. 5...m...C.r..d.d...._*..Y`oB.....D.u.&.......t.(`g.3.Jhc.8.........(R.........g..x..sr.'....b.B......v..r...-..l3d...`o6V.....#......I.Q2%;..^....d.Q9,y.J...T....J......Q0.....i....k....K.......h...V..._...@^.#.....=..5.....a....t...{^D.S.c%....qz....s...).....b.=.:..6..z.n.H..@..2.K.\.>..h.`.....@W..v.....1..._..>.".5..K...3.:9pb..C..\.o...c..g..Fk.0.Z..t.c.97.!.p.....;...Q.+.A...C..K....J...rS.V'<..o1c..7...\....{..#Mvg.......Ub...'..j.x...7...1.:$.y."j3..|....W.Gx..o{...!.P...^.0y..DD.IM.-[)Z...X....]....${..j.g..f.....D.....u.t}......rM.@?..D..>"J....../.L]...[cf..Rz.-...B...Q.p?...|...s.7.q.......w....'.......d.oI...O*.|QR.
                                                                              C:\Users\user\Documents\QNCYCDFIJJ\BNAGMGSPLO.mp3.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.81043984676494
                                                                              Encrypted:false
                                                                              SSDEEP:24:jgxd8fnZhoUuQrmRw086+jaIhemo9ZwTMmUDHhae:Idgn8Qt08HI/wAmQBae
                                                                              MD5:3D87AE5A39E166228F23DA3D0D1ABE3E
                                                                              SHA1:6C6AD30455161384F6C75DC88AF557F67FE93795
                                                                              SHA-256:A4E0403EA52D5F22078EA4908935AB3C7205F1D50555BEF20CCED78170D95448
                                                                              SHA-512:41FDCAB95C8DDB49D6FBCDC0C5C3599514EFD24B9A5733EE70159F1F1D88DBD788E277267BE571C68B1BF0A42841CB7C7A57614A4F8C358706213F8F917AB12E
                                                                              Malicious:false
                                                                              Preview: b...4.3&.).6H..\F3....:.p...x'-iEor....5.....L8[..&........[t.&..........r@_n..4........y..@%.j"...A.....bU4...W&=...!...~`..#...x.....$.X....J..~;_....?.K.q/.....I.y.Z...I.c...7....C9...?.....T&..1.8Ik...Q.)9......l.G.Cv....z...........s.k..c.l'...>,P....K...........L....\...9........q....v.GcG...H."....k.....~.........z.E:.....d.,.lW...T...]..<9..t....N...../..Zf~......Kh.)....zi......v.2...:c...zbr\.V.......1#..{[...B...:!.....5.<.Vf.R'...!...;.58}.Y......'.....,8.....-...w.L57.....J.5i#l......r..Ts[4.`.i..).<.no...R....jrF4.5..B>....mGDU.r.E...m..{V5....9bAq.....a...,...J.^.&?s...-.].\..a..>..c?9.cF.@.?B..at..~R.....*..=.y.......:.}..3.6.4...?.A.^.....2...53C..M........JTP[v.-.)...`n.87...GI..0.jW...J..."...Z[...TU2...].C.o.....*b.".;...iQq......Y.....Wag....^&~g.E.rNeM`. .i+.U..1wx.}..A....]!.X...`..5..lV..,?...3..nI. ..+..C...:..6I.1.....~-....c........n.q......q......|.i.)rpMJ.....f3.B.}.W.w.....)f.S.V.P7#......H...d.,....%S..L..*u
                                                                              C:\Users\user\Documents\QNCYCDFIJJ\PIVFAGEAAV.png.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.8094108629497985
                                                                              Encrypted:false
                                                                              SSDEEP:24:GXrq2DU77u9O5vGcK0+MYAwm7m4bdl2eOtpFr8SqE+YwwBsShQI:GXvQ3N5vGC+MNwmRdcRFrNq90x
                                                                              MD5:DEBFBC1530FBEEE0802A9832A6EE096C
                                                                              SHA1:9F3DB9D1D208F06EF406CDBA6185087469060CE8
                                                                              SHA-256:07CCB7DF44000A98C7D92C7485F979463C6FD0CC6978169688577BC15529AF12
                                                                              SHA-512:8DA5BFD372FD99C00514056033479BEB14EA4DD5543B4BA2123CDB691BE315C75DE79340E5EF637CEA32AC40D96421FBB58A902689ACC7C4AD9DEAEA52DFC385
                                                                              Malicious:false
                                                                              Preview: ...$.........%........-......c..'.Q......C.L.Xj.....+.....@5D..>.....S...f...8..DFF.6(.|......].f,..M......qLMF.=.....X..#*..P....t.I..{.m....M.W...#.Y.......3q..L.Y,..Qir....z..L..H".bi..[gm..Y.\ %....h....=\.`)...s../.3..=]..8!O..YRa4.nU..vXj%..R.Rp..P!f............f...zO.;..N.>.9[.A..Kk.1........o.L.e..+..K.T_.+.@'..r.V].|X>...5.....5}..-..'.......7.9d..hn...-.2..r=..x..aPg...G....*...#.....{.L..lPDI.j=...a....... ^.j;..B_.........[Z../.g\..pGQ..) ...:%..3..*..=..H...t.<Z.........?.9.......1...;.Gr..."e.....f..k~..H...?...x.*zS...h.xMDh..}e.)=...S.3.86....~(V....z..CaK#.Ia...8.....J..b....."...]..r....9.G\...9."@E...i....<Z...L......x...m..T._K.,.7._....<.Y.Z&.s....<...........'O.<._E}..?..>J....Q.....|}.....$..;Af..K........6<}M..NtY.t......&.../..^.A....C.B.U......(.jD`...%.}=H.&!.....Y..g....F\...........9....O.D"...H.$......0*hHi...Fc.1.x......,j..3.<........^......c.4..4..m...&:.V]..DW....E....llK.z5<._G*..
                                                                              C:\Users\user\Documents\QNCYCDFIJJ\PWCCAWLGRE.pdf.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.839588801994381
                                                                              Encrypted:false
                                                                              SSDEEP:24:qR+3CoIONxhmpdJBn22EA4hAaLKLhpG94v1kmW4ZdH:Wt6hmpdJBnsS5V094vzdH
                                                                              MD5:3E07E1A778DCF0874299E95A02507FB6
                                                                              SHA1:0CCAA7DFB957B0190CE6EFBAB58F7912052F7222
                                                                              SHA-256:4A5828C61917EBDCB01D33EF14EE40D3FF1AA9FF322C43401BB88C2C13021641
                                                                              SHA-512:F5F831167A6824FD51B1B1B41D27F87E207F9B4DD4EE5A79B873A49B5FA58DB75345DC5CC8A4B3A50AA19EC8DB9CFB96218BCB557F6A183113FDEF38C495A5F6
                                                                              Malicious:false
                                                                              Preview: uQ..vwT4...Q+$.u.....K.BE.."(.(3"..2Y"......NG.J!R,..b]..[a$..G..<...2.....G.M...../...:]..2.A..`....a.........R.Y.}.v.F2.E......6Ec.c.....m.v../...b...[ed.kh.`p...7..:7>.u....+.&7.)..........9ti...P!...:H...AuE...P...GaqBV....m'.y....H...P.....I._j......~.....}.pR.#......8+.y..................>v...$.j..T.<..S{e...&..1......A.[.>....u.....t..:..."A..OY..R.u....0.\. E>P...%v...}...K3)..M]....G.W...NPX....!...{.........,..&.@bQ.+..[Vg...N.9+.J.}...9.7/..X.l..O-+.<.8c.C.f.W....g......K.D1>g..s..E.|,...<c.....!..*.q...+.5..s...d.B.7....F...c!==i....T.......Jq}...zS..u..S.'dL....(l.~.I'..h3..A..r....S.m.l|._..\s..Me@..p..}X..I.B.#."._S!..L..3.......?Z."......P.-..}...g.[..../...WP.!..n.#...Z]..0P"....dl|S...W.w.vk.v..,..~.e^.........$...A8^L.}U5...g.XwFQL.ir.bK.W.$.jz./m.$.?..A..[.WIu...g.C.....z.8RVy..e/Z...w~.>.".\..n.....7wm...'... .c*.c.d.v.L..'3..[.....$.M........C@.t.............6..._..o}.....0.9..x..:."..}..mn......5...`..6........
                                                                              C:\Users\user\Documents\QNCYCDFIJJ\QCFWYSKMHA.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.809455156147931
                                                                              Encrypted:false
                                                                              SSDEEP:24:QZFuK0HKVUZ09nt5o7uSoI0NJuUmmWWOlx43Z2wQPc5MiE2NjO:QZwXqWZ09nzlJDmmIUUwMo5O
                                                                              MD5:E8F2849F3B1837CB377EE4FA10A7F300
                                                                              SHA1:3104797F8B75494F26F3181DFCE78C10F2A9657D
                                                                              SHA-256:FBFBA51561C4F45C0470DEB3D0CDB9379CDEDCE88B2357871223A6D69DD87D02
                                                                              SHA-512:D4A09FBEA08864E0A75817355E39E73C0C897DB42009F42252843FA0D6AB39931EBF092B4A7D0C6D141812DDC29A2ECB7660AC5961F58004D84D8E1D1DBCB659
                                                                              Malicious:false
                                                                              Preview: . #.|..O..(..n.1.....A..B.......L......r8.pd..%.sa.:j.!..........D>..k..]..1&.."..r.....r.\.m......T4........!X.&...VM.]..._...=.ew........~......kC{.....P.`....#....w...z{..Hx..[..@....8.<.6.l#..?...o.D.......\.p.$..T.h.f.F.BY.x...$G.[....@].d..u..1...\r...&....f....l...S.%fB.@wMf....X.J.[%.jD...j..'..K9..l..'q......G.i>.G1.[D..)1*.].>7..E.b..%.V....).w.v....pky'R..[2/K?..........(z(..YYc...Gk~..h....W.@...N..PH.......t.....V.+zh./}.Xo9...".O....=M.!J.^.A......~XGc...O..9.=.B.y....(|....a...5.rN..(.@..1.V.V6.....).Gj*&@...[N...F.\j(}..N.n........&.G@....F....oi..Q...sA..R Z...a.!f+....A.L7....;.{(...>sB.Q.}.EpiW.4....P.a..3c.[\..#./Z..p@l$....h5.....c#!2...?D._......B.B.?......!...+?.....uZ'...59u...}=..`.Fzh...2.. .P.x...d..s.6.w..........:.]..Q..:....C...*7........>Z2.V.._.g.>b...D.a.c...i.{.....K...!.....0).T..".6...<%....t....>_T...J.[..S...W...2W.......D..p~..i...1.H.H.\.`.....I....S..3...K1.j..!..)*.$..%!...1<(jP.E.
                                                                              C:\Users\user\Documents\QNCYCDFIJJ\QNCYCDFIJJ.docx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.81186015736251
                                                                              Encrypted:false
                                                                              SSDEEP:24:l/4oj/vL4DpmmnpZoXmTCtPQC6mbFVmsm+hK5yW6RWDf1sHZ3:l/4y3LOp4mCPdFFe5KAr03
                                                                              MD5:73FC58C56AF2E350F44ACFF199B8DBC7
                                                                              SHA1:19F35A8F62F1DDD8680860AD7E724A6DB0EB06AC
                                                                              SHA-256:4FB037AF64B0EAC20EE6EA29996D56033034BD4CAD7C9B6F6F8B8CA49C74E1BD
                                                                              SHA-512:A0D4A260682DF412D667082DA42F6FEA74D7C4248B9D383000EC4FC2BA416C034605B8893A3F6FADF37D8AADA3AA03413BA8A602E90A6F81C3B1D48BEE646F63
                                                                              Malicious:false
                                                                              Preview: `.*V.8.N.....N..L......i.....K.s...:..>?.T&..q.'...9<.P..Q..j.-..V...8..$.Gb".......5P.....t+...f..u...V....TJ...p..i@.&...)..%5....t.9.w..2h...1..|C.V_.}.W<.*6+YJ.....#..cv.^|.~*)....>...}:.!n.9.n...d..e.M..e.>...$)].8hL.R.X..L...6...6.EV.>.r#is.......>d..W..Z...!...K.':..>9..^..!-......,..% ..^|xk.B.b.|Y.8....;2";..N#.y...yY!...nY.,..e.:ToW...Ys....{$.....3.8<..j...]>.%..6. .Tcq...zX.VSB.7..o..Z<.4O0.E....Se..k.N(.x....F...(.. ....._....QNq\{>}zF8c>...'...9....2..W..RRKN@.....i.9..l..l..E....^....P.....^.../....\..Lyb...H....^.]2.s9..+..FR.Ss. ..y....-.u.1.-u>_].L.@.q...d...`...P.8.>...S..{..I..T.....7..s.@#._S.$...u..5.<...y.".F.T...0y.JL.L....A&..:.A8.F.t.c..#...QP...[....A.../`A......w.-.3......d].>...Y..*.......{...N....U.*..$.....1pQ....Y.."....z...D!^I.....g. ......Db....=$..n..5..I..A..Jn.Ov+`(!.......mn.H....i.)8..j....Z.e...E.......#.z.R.j(.]Z.l3..3..q.1s_.....Z.....V.4..!.i...X.\.DCs+...[......sBRI.'...blau..$'wSc.Y.
                                                                              C:\Users\user\Documents\QNCYCDFIJJ\SUAVTZKNFL.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.793957071148956
                                                                              Encrypted:false
                                                                              SSDEEP:24:XJ425/7NHk63SPHTZBXBtWGj125twGl6K/iC6/WA8W+aCnoCsCyTtBNOCMw:5487S6+zZhz125tw8qC/A8WqnxsCuNOE
                                                                              MD5:9305C385FE85B0936C99BAC35E5442A5
                                                                              SHA1:BA8BD830FEE6C37035FBC0F8AD360C94E73AB2F4
                                                                              SHA-256:DCDCE5381C36CAE4B9CBECE79C7EA25E070420AE5157A676A49D7B2302B229AF
                                                                              SHA-512:547520AAE221FFC17CF6F8138A80A57F05B42301876857FC2BB1F3691842D6A22B6FE4E38916B8C537159331DC4DC534C6C4A031DE88541E82589E9B0584D7A0
                                                                              Malicious:false
                                                                              Preview: dyH`&j/$.6.....^........:.t&.d.E..*...L..xd."y.H?sK..GDz^n...h....UBIQ..K.8j.N....S. ..aV.........C..6.f8.A>...:c.a.j.......;.....P.j..v..h..L.=...f]A<.........}....I.)X......I....p....<IT.o...w..9.."......&.....|.#.....AK.b..W...Y.....P.....$...*o...U".p.[O..?v.P..p9"4..T0.\.iH..;U...Z....0[.y$..Z.#=.2.......]..."8K0a[..).Y^P....w.|...W51.."......E.k.......we.."\.IjY.c%.S(.'.C:....z@..%../.:..?..pX.u..z.K......K.<[.l@..#e..8u.@k.?q,.q.dB.]...v...S.....N...:.5.:Y.....O!.*..G(.>EcM..t%d...o..u.84.......".f.....v...EP3....A.v8...;.1D;..D.F.H..t.X..{....+"..-...^{........^_......$@.D.y=.F..Hsn...4........+-/*'.f..A....9$..B"...E.5I..]<.T.. U.....161...{xg..f...*..w|.^.O.F.<7..5..v..@....{Q$..T....)?..#.......1...`.0v.7d...s.f...i1.\........@7c.fO.ai.Y.W.....w.B..""...z.KK...!......=U..eMhc.1......Qe....v..t........n.b.8M!.V........d.9.O.b.C.lq.k..#h..CU.&w.x...G.......h6..P.....B.;..W.v;.f.....,.w....@1|.nc#.^u.#..T.!A4.:...Wl.w d|/...
                                                                              C:\Users\user\Documents\SUAVTZKNFL.jpg.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.835378686603422
                                                                              Encrypted:false
                                                                              SSDEEP:24:jGPGJJ7uyNmplSKU2HKNPHY6q/yTna6XO0nzNsjCO2HB:jGPGJkOWMtqkXO0zQoB
                                                                              MD5:83E9C8E0A554F5F84C0A21930D1C48EF
                                                                              SHA1:C2AE68DA411DB6F2F399C09EB429F1F08A7F43F0
                                                                              SHA-256:704330BCE620DC31D3CE328C2AC2D46DD42602FAF80F239B1BEDA8F35DB3AB29
                                                                              SHA-512:FB3264594D7DFEF0181C1245D451CB78438557D4FAEC1740165CFEA5F95126D2A9B0367630A3BF3C995FAE51D0C8288B7E3D36EAF1CD9367840CAA88BF678F05
                                                                              Malicious:false
                                                                              Preview: ...r"`i....._...k.cU.h.1W._..%E..#......... x.*_G;.B].._<IH..q.........8..p7....D.pdc1...L....U4...t......s5.w.y...V..P.7..?.O....Z....>'.]lv.0...k...D......$..`{}2.C.V...@.....V.s..U.HeZ.d!@.0W...A.Dt..h...N.$d.(....[...r.....Os,.S......(.\eK.SS.S.A<.I.!..j...9...j........q......e.9....K.9D.!.)..X..rm9L..*.gW.....-..t.o.H.....:.........Cy.;.~...o`C...I.n.E..`..'.....@.NU.iM.2.............->...R.t..&..\..1.[ '.....:.y z..#..\.!....u..i>.I.^.....p.......JSo.5w.!...._8X.Z......./....Q9....wX......../.JF.%Ub..K...[.&....p.?.k..OB..W......A....N).]..#D.R~9..R.f~y..%M...b.....NP..?/E....^.b...H.D.....%5%..W.2.......I.3.....P<.O .j...^.0.$._/V.......#....dO..............@UB..st.f3...-.4...1nb../+.N.b;...}N....n&...1..u..r1.].D..p.m\~..&^...bwS......$....].J.Y.Y_....S.......Q.(...o. +K.:|NP.-......X..O....?..w...2..N...arB.q....Z...s..P...m..{K........J.}....J....f.Q,.6.7.B.);.[..k..,..x....Iu,a..3}......._..Z.B..vl.I..<.,.'}T...mC#...N_.....G....
                                                                              C:\Users\user\Documents\SUAVTZKNFL.xlsx.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1072
                                                                              Entropy (8bit):7.831361927109108
                                                                              Encrypted:false
                                                                              SSDEEP:24:xFxdl/BMz5T+t9gDLH83MS8R+M8cN5JAhZijUCpscWzVj0dk3ECk3bN:x3/BMFKL0LRS8RCKXYijjtrd8a
                                                                              MD5:C0E8D2AE0BF51F40A2ED5B6EAFE75173
                                                                              SHA1:94DED021FC0A603BA22D59A06B7F984D2F20338B
                                                                              SHA-256:45F99410529EDDBA08862B613CB60C002118610296EF4AD28CE2A2B5BA6E83B1
                                                                              SHA-512:A1529125ED20CACDAC18374899BC2A6BEE4A1681C5CED61A8C6C7F99FE052228968C7BA7CE7D1B5B6A666430B2D5EAE30362A0BD3D640B91D16FD855B6884AC6
                                                                              Malicious:false
                                                                              Preview: ....9..;....O...EW.s...Z....\..4EG.c.'RP.6s.6.?..|.|9I.cAWl;$i...>.8...r..2.EZ.(...............*...`.....3...$.......:OD....5.*u..3...]x....qId..9...BN.k~`@..+..@73..^%....~.8.`T..e..t..c#[u(Z.D4$..\2..'.s....)..J...r.*...l.l=.k............^x.d....."..I.>I-}......XD=f.bY9.. #+.I.=....(.>U.t.>.^z.J.[..g^.t.R.x..ml..^.._t..n/.. GeW..W.Z.L....*F..Ci.b......yo.p..k.I2.,..aP.:..4(.6.....B..>......O,".N.E2..!..p)^..q<.....{.}g.h..TN..B..d..c.+.ka......}.Y..+y...[..%A\T....LU.}.....F.~...y.B.......d>."6..i.......b.$.N....lA.X.!G. ...=}....c].~9..)J...E0.(...I..YW..8Mb...ll..K.............<.M......'K$Q..1{k..(.]...iJq..n e........$..Sp#.3;E.....d..f:..../'.,q.IT(..m[....BA2..2..'..^..s..<C\.......[v.....8...n)O.....h..;..D.A4..0."e..//P.S.i..pdsF.Uy..a....!!.......$_L......J.M.h~...x...+.0..<;}>.....X...mAM-....(.k.h.. v../.`y..Z.U.>}F...XY..x|P..EH.j...q.?..S..0..F..'....]...'......X,...P.J4.fTT.%E....8*.v.P..d.M9..eEU..g|.-.<7^.@:....=.~...
                                                                              C:\Users\user\Documents\desktop.ini.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):448
                                                                              Entropy (8bit):7.539089437669376
                                                                              Encrypted:false
                                                                              SSDEEP:6:RLbMDvUcsOGIah77nur0thWTO5yzLAJC+yjix0kSsz+zmS/WGNiIe2W62GHAcWZF:kvtJah73ZJCnBLmSCRa64Mmyh
                                                                              MD5:9AADA8C6E3FDEE1ABF3812ECF7BC4E81
                                                                              SHA1:3AB195C9CFCDB969DC728264C8530594C881D1C8
                                                                              SHA-256:67FE8807CD5A5E0C7DA82DC30D807F9153F554F758E3975698A3D2C615826917
                                                                              SHA-512:070785871750874B322EEA11586E71C245F7BD24524D3EA094247502220AF50286671B581A2092FB2662073EFC9EA0798467830663D27ABFFA89FCC6E286DCAC
                                                                              Malicious:false
                                                                              Preview: ....LF...^ o..t.%1...y..3....e..R...a.D.RO&... P0......'.a..|.d.p.D....&.;~..qN..........'...x_r.......?gG.'gD...Y........jo.%ZQ....^o.......8.)....k.;:...z....U~.Vr2..n.A.5.G.8......ieZG......h.=L......y..^=..3R......k.@..YA.J...teS~`..+.V.8.[xA?to..........)..Q.w*.*:e.l.-..s.(...z...Z.IeND..?...XS..-.DH..`..-......`.`.....).}..\".@.#.64g<&...R..*..-.c.v....Ha?....0.5...<..|.5|.......P.a..q.Z:V*.N.H.\....H......n.D
                                                                              C:\Users\user\Music\desktop.ini.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):544
                                                                              Entropy (8bit):7.611348493043094
                                                                              Encrypted:false
                                                                              SSDEEP:12:fToV9LaKqyJBsW6tJ/7NMKvWI7VLRL42xDyxY4B8n:fce+XsWOJ/4IZR4Gux/8n
                                                                              MD5:78001E85227C4092AD2B0741071DD196
                                                                              SHA1:FABC99363FC34B9A1F14C0C8895B633F21D6143C
                                                                              SHA-256:DA5B6B216DAACA0CC254987BC08CE6F20646A726AF33342F000DDB8F55A517BB
                                                                              SHA-512:ADFE7E5ACA36DB281260937EFA1CBA46342DDA2BCDD04466CDE0CD8E7261DF149ACD186769950F3CF91638EF53E854C1664F45B8D23520EED41F177ED65BD123
                                                                              Malicious:false
                                                                              Preview: ..q..B.M+.....M.?...w.rN...+KR.j.o"8......=....k##?.-...F.r1...._?..n..w..%.o..YJ..^._L!...g8....+.[~.y..I.9dqR......a..B}P..vD.l. I..'.a+.....H..z...X.......(..P+.0..h..5..../......v..>...l..F.gO1.1|.*....(9.[..x.B[...E...A...kn....j...1..A+..b.DK...`0o/.V.V.w%.5....(.H.#.H......UP.|..D.o.../.....H..LJ..CT3....9.%~.|h....,.........i&.Q(T........"U.....b.w.q?..^..!.E..](...c..[..*....m4....#..3.jr...?.J.=...y.....$..*K...yl..^=t..K.....E{s..s..;F.V..../.l...L..^.5.6Q.....G....y1.4O..vT1.Y....."O..x_U.u..i'...
                                                                              C:\Users\user\Pictures\Camera Roll\desktop.ini.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):224
                                                                              Entropy (8bit):7.120241515815466
                                                                              Encrypted:false
                                                                              SSDEEP:6:IN4oWqOLDfR3Ygm+SidOHdWYEmLgDpsW/RS+:c4wKTRoj+rGNMd
                                                                              MD5:E7F02775F89DD00E09C9CF2F7BFACBCA
                                                                              SHA1:B272F48294451A3127420AC9C78BDA7E1097C968
                                                                              SHA-256:7C70BF7550E0A1A743D8ACEE4B888F5EFD5F5B65ED814F31DE3B64CE7E8BBC57
                                                                              SHA-512:FDBA81AAC4B5F1CACE5BFA8C94EEB4AA77EDD1FC632438EF04C5A5D6DCA5D7C15A0600AFAE2EE3EB0D5E4270E016338E4E3B8C77E278DB5496FAFE2F862B4DCA
                                                                              Malicious:false
                                                                              Preview: 8..:..c7.O.p ..G.."...m.n..M.. .0U....B(..04.....m.....A.E...%W..Ef-..?..WW[...J..D......8..6v|.AL..?k....B...C.za9^rL.....)P7T4@.....A+#V|M.r. .:.I.....m]...g..>A....ye ..X........J0........l......3.<A.~x..\,
                                                                              C:\Users\user\Pictures\desktop.ini.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):544
                                                                              Entropy (8bit):7.594751705610137
                                                                              Encrypted:false
                                                                              SSDEEP:12:iHYRWdHYTt1BMEhtNlWn7FDW4S3+wMHzSXxyTEF+LMfBG5GX:iHYzTFME/3GFq4sOz0F+2J
                                                                              MD5:E5EE819453CF873EC2FE8B6F6C6E0514
                                                                              SHA1:F0F192A3B46CC6E85EDC2AB812EFA2A9DDC6D3E9
                                                                              SHA-256:681D37CB762869885BF795EDE434D746888A062DECC3AC0C56C70F5B75E27C5D
                                                                              SHA-512:818A08342858FD5A3FCCD161CE4436DFE2F3F931404BAE0BE9C15DB42E0B74FA9AB6DDF413F436C5C78D0AD08791328B6B96B48C1F81B775E2B069353A081C39
                                                                              Malicious:false
                                                                              Preview: ..b...E.yy..!..M..?.*;.2..'.....Q..b...r....3.W.3abml+I?.M.../.O........d\.......2.w..T,.%..cR^kn.C.n...D|o.*.[.l@..70.A.R.f..[(......T.t..?E..|.%...C_Lm...=.....X....|.._]e.<P@....N.....U.].h..h.2.{..L.*....C.p..8`R.^0.:T.......>T........5+..........DO....|].<..=.+.iG .I$..np=H.G.t....N....kN%..".nj..S ....)..S...bc....G...S..M..iL4...n.I.M....H......5...3DI..RB.p..%..p.<o.....$Dxi..w....d....8.e..b.....K..d..X. ....@e..w2.....N.v,.ku..#.df...M.'..i.`..Rd~..T.E..?i....R.^Ut..ti..'...>.t?.K.q....i..c'...(.d.Z.(.
                                                                              C:\Users\user\Videos\desktop.ini.givemenitro
                                                                              Process:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):544
                                                                              Entropy (8bit):7.599460372805283
                                                                              Encrypted:false
                                                                              SSDEEP:12:8M1N8PPJ2g5dLQ0JtPVWuGEQD0PNT4Gi8Oy1WaH/VjlKovGS5Qdt40:8VPPJ2g5d0QtdVGSFTi8Om5vGSKdt7
                                                                              MD5:03F17D1980FE4BF46AADF1FFDE74AEE2
                                                                              SHA1:CC92E8D99AD989A9D485792CC4E4E0C2496763E6
                                                                              SHA-256:9CF775AC081A2B82499169B66444960DEB5E1D36A84DB31FCB75375B131230DD
                                                                              SHA-512:7F496A30BD3CEA711E918EDC217F08152B88D7C7BF1C021B7758BE2B0C860CAB0A6766510EB822A489750769462A480A6783934A08777F05608926DBA466173A
                                                                              Malicious:false
                                                                              Preview: ....iU"o.d...o...r+...pm._.Y.d.....z..k..u.Y.S.|.?..e..k.%b3.1. ..'2....b.....K\...{f...K.......>L.H.0....G..h...E.Mv+!..dA.._<..x.P1.).E.6....H..R.<...N...H...1.E........|...jS#.UgOU\.2`.<`.D..Z.#U. .....{..Yw...N.....).5g.@....:M?v;...:.rT...4.*.$.1..f.B.InFDe.n.B..c.n.I...Aw.{Y_.....cKjD.sD-....Qw...[s.F.|#'..4m.R...6....V.......4D...!C4.y.7G)..U..]..,.?......T\]Q....a...>.B.. .6ZZ.8.5.u.'XQ...9.~q..d..E.@......5..cs...M.M.r....j=...2.5..d0...p`...+..~.'+..E..5..G...._.@......tdt...vc..!....d.^.....S......Sv...Y.....U

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):5.361445985547347
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              File name:JSChk2v3o9.exe
                                                                              File size:62976
                                                                              MD5:077fccc46159f8ccd79fcd50787db1c9
                                                                              SHA1:288635e27276ba6da3291d0982a8f0f23ae0065e
                                                                              SHA256:92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
                                                                              SHA512:6028a1b66ea3e6baae6c11005596c6a6fff982d132ad23c502bf57c5d0995829f983963ba451142f2780214da6c8588e8f83b2972d289367300094fee9cebe74
                                                                              SSDEEP:768:SKsMqCXfVcW42vM9ZkiANIUe2YLDwUzc80gmq3oP/oDY:SKse4qM9ZkiAPOr/0O8/o8
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............"...0.................. ... ....@.. .......................`............`................................

                                                                              File Icon

                                                                              Icon Hash:00828e8e8686b000

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x410be6
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                              Time Stamp:0xF38C7D80 [Thu Jun 25 11:37:36 2099 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:v4.0.30319
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x10b920x4f.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x120000x5dc.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x10ad80x38.text
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000xebec0xec00False0.407673463983data5.42418053307IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x120000x5dc0x600False0.420572916667data4.1474674202IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0x140000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountry
                                                                              RT_VERSION0x120900x34cdata
                                                                              RT_MANIFEST0x123ec0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                              Imports

                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain

                                                                              Version Infos

                                                                              DescriptionData
                                                                              Translation0x0000 0x04b0
                                                                              LegalCopyrightCopyright 2021
                                                                              Assembly Version1.0.0.0
                                                                              InternalNameNitroRansomware.exe
                                                                              FileVersion1.0.0.0
                                                                              CompanyName
                                                                              LegalTrademarks
                                                                              Comments
                                                                              ProductNameNitroRansomware
                                                                              ProductVersion1.0.0.0
                                                                              FileDescriptionNitroRansomware
                                                                              OriginalFilenameNitroRansomware.exe

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Apr 18, 2021 03:21:24.297008991 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.423995018 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.424171925 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.487412930 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.614408016 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.614449024 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.614487886 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.614528894 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.614553928 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.614558935 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.614613056 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.615665913 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.615829945 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.615902901 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.631448984 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.759298086 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:24.807961941 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:24.952316046 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:25.083761930 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:25.136086941 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:25.176297903 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:25.303646088 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:25.303708076 CEST4434971454.225.144.221192.168.2.3
                                                                              Apr 18, 2021 03:21:25.303868055 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:25.303919077 CEST49714443192.168.2.354.225.144.221
                                                                              Apr 18, 2021 03:21:25.461232901 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.512670994 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.512831926 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.514307976 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.565757990 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.567392111 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.567436934 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.567563057 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.578123093 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.630178928 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.630395889 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.647138119 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.698230028 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.698591948 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.700011969 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.792020082 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.902633905 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.902669907 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.902707100 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.902817965 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.921065092 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:25.975023985 CEST44349715162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:25.975215912 CEST49715443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.163233042 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.214405060 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.214581966 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.215699911 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.266851902 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.267885923 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.275963068 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.327965975 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.328007936 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.328804016 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.381092072 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.523938894 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.523984909 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.524015903 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.524533987 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.527858019 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.580641031 CEST44349716162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:26.580708981 CEST49716443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:26.958349943 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.009556055 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.009687901 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.010643959 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.064235926 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.065242052 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.068651915 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.119791031 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.120218992 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.121582031 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.172768116 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.325630903 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.325649977 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.325659037 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.325743914 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.329157114 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.383960009 CEST44349717162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.384033918 CEST49717443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.577343941 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.628860950 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.628972054 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.629770041 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.681441069 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.682265043 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.687424898 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.741476059 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.742844105 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.743427992 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.795166969 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.939295053 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.939327002 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.939354897 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.939481020 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.941220999 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:21:27.992975950 CEST44349718162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:21:27.994724989 CEST49718443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:18.841941118 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:18.893306017 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:18.893547058 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:18.894367933 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:18.945601940 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:18.947145939 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:18.978492975 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:19.029750109 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.029798985 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.030293941 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:19.082988977 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.262196064 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.262269020 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.262296915 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.262428045 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:19.263231039 CEST49723443192.168.2.3162.159.137.232
                                                                              Apr 18, 2021 03:22:19.314448118 CEST44349723162.159.137.232192.168.2.3
                                                                              Apr 18, 2021 03:22:19.316025019 CEST49723443192.168.2.3162.159.137.232

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Apr 18, 2021 03:21:13.459353924 CEST5062053192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:13.475595951 CEST6493853192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:13.518522024 CEST53506208.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:13.527168989 CEST53649388.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:14.617827892 CEST6015253192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:14.667068005 CEST53601528.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:15.690673113 CEST5754453192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:15.739465952 CEST53575448.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:16.904402018 CEST5598453192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:16.953252077 CEST53559848.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:18.067354918 CEST6418553192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:18.119666100 CEST53641858.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:19.163911104 CEST6511053192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:19.212603092 CEST53651108.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:20.257117987 CEST5836153192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:20.305629015 CEST53583618.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:21.322964907 CEST6349253192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:21.379935980 CEST53634928.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:22.491615057 CEST6083153192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:22.548614025 CEST53608318.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:23.621551037 CEST6010053192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:23.673161983 CEST53601008.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:24.120167017 CEST5319553192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:24.168993950 CEST53531958.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:24.190882921 CEST5014153192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:24.243486881 CEST53501418.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:25.397191048 CEST5302353192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:25.458277941 CEST53530238.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:26.101012945 CEST4956353192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:26.161016941 CEST53495638.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:26.894560099 CEST5135253192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:26.956775904 CEST53513528.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:27.514859915 CEST5934953192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:27.575213909 CEST53593498.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:21:54.370160103 CEST5708453192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:21:54.429009914 CEST53570848.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:08.712431908 CEST5882353192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:08.771312952 CEST53588238.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:18.782253027 CEST5756853192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:18.840809107 CEST53575688.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:21.377572060 CEST5054053192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:21.438251972 CEST53505408.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:22.333450079 CEST5436653192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:22.382127047 CEST53543668.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:35.846873045 CEST5303453192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:35.908488989 CEST53530348.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:45.376705885 CEST5776253192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:45.454235077 CEST53577628.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:57.058228016 CEST5543553192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:57.116772890 CEST53554358.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:22:59.223484993 CEST5071353192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:22:59.274807930 CEST53507138.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:23:05.571796894 CEST5613253192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:23:05.632917881 CEST53561328.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:23:32.507806063 CEST5898753192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:23:32.566790104 CEST53589878.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:23:33.179476023 CEST5657953192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:23:33.228588104 CEST53565798.8.8.8192.168.2.3
                                                                              Apr 18, 2021 03:23:33.845938921 CEST6063353192.168.2.38.8.8.8
                                                                              Apr 18, 2021 03:23:33.910937071 CEST53606338.8.8.8192.168.2.3

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                              Apr 18, 2021 03:21:24.120167017 CEST192.168.2.38.8.8.80x1364Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.190882921 CEST192.168.2.38.8.8.80xc42cStandard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:25.397191048 CEST192.168.2.38.8.8.80x9e3aStandard query (0)canary.discord.comA (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.101012945 CEST192.168.2.38.8.8.80xf774Standard query (0)canary.discord.comA (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.894560099 CEST192.168.2.38.8.8.80x9a7cStandard query (0)canary.discord.comA (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:27.514859915 CEST192.168.2.38.8.8.80xc7ceStandard query (0)canary.discord.comA (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:18.782253027 CEST192.168.2.38.8.8.80x9695Standard query (0)canary.discord.comA (IP address)IN (0x0001)

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.144.221A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.155.255A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.222.160A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.252.36A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com107.22.233.72A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.168993950 CEST8.8.8.8192.168.2.30x1364No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.169.203A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.252.36A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.157.230A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.144.221A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.96.218A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.222.160A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.169.203A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:24.243486881 CEST8.8.8.8192.168.2.30xc42cNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.48.44A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:25.458277941 CEST8.8.8.8192.168.2.30x9e3aNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:25.458277941 CEST8.8.8.8192.168.2.30x9e3aNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:25.458277941 CEST8.8.8.8192.168.2.30x9e3aNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:25.458277941 CEST8.8.8.8192.168.2.30x9e3aNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:25.458277941 CEST8.8.8.8192.168.2.30x9e3aNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.161016941 CEST8.8.8.8192.168.2.30xf774No error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.161016941 CEST8.8.8.8192.168.2.30xf774No error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.161016941 CEST8.8.8.8192.168.2.30xf774No error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.161016941 CEST8.8.8.8192.168.2.30xf774No error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.161016941 CEST8.8.8.8192.168.2.30xf774No error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.956775904 CEST8.8.8.8192.168.2.30x9a7cNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.956775904 CEST8.8.8.8192.168.2.30x9a7cNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.956775904 CEST8.8.8.8192.168.2.30x9a7cNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.956775904 CEST8.8.8.8192.168.2.30x9a7cNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:26.956775904 CEST8.8.8.8192.168.2.30x9a7cNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:27.575213909 CEST8.8.8.8192.168.2.30xc7ceNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:27.575213909 CEST8.8.8.8192.168.2.30xc7ceNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:27.575213909 CEST8.8.8.8192.168.2.30xc7ceNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:27.575213909 CEST8.8.8.8192.168.2.30xc7ceNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:21:27.575213909 CEST8.8.8.8192.168.2.30xc7ceNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:18.840809107 CEST8.8.8.8192.168.2.30x9695No error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:18.840809107 CEST8.8.8.8192.168.2.30x9695No error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:18.840809107 CEST8.8.8.8192.168.2.30x9695No error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:18.840809107 CEST8.8.8.8192.168.2.30x9695No error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:18.840809107 CEST8.8.8.8192.168.2.30x9695No error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                              Apr 18, 2021 03:22:21.438251972 CEST8.8.8.8192.168.2.30xd721No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                                              HTTPS Packets

                                                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                              Apr 18, 2021 03:21:24.615829945 CEST54.225.144.221443192.168.2.349714CN=*.ipify.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Jan 19 01:00:00 CET 2021 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004Sun Feb 20 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                              CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                              CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                              CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                              Apr 18, 2021 03:21:25.567436934 CEST162.159.137.232443192.168.2.349715CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                              CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                              Code Manipulations

                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              Analysis Process: JSChk2v3o9.exe PID: 5996 Parent PID: 5620

                                                                              General

                                                                              Start time:03:21:19
                                                                              Start date:18/04/2021
                                                                              Path:C:\Users\user\Desktop\JSChk2v3o9.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\JSChk2v3o9.exe'
                                                                              Imagebase:0x280000
                                                                              File size:62976 bytes
                                                                              MD5 hash:077FCCC46159F8CCD79FCD50787DB1C9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:.Net C# or VB.NET
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: cmd.exe PID: 3160 Parent PID: 5996

                                                                              General

                                                                              Start time:03:21:20
                                                                              Start date:18/04/2021
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:cmd.exe
                                                                              Imagebase:0xbd0000
                                                                              File size:232960 bytes
                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Chronological Activities

                                                                              Analysis Process: conhost.exe PID: 5828 Parent PID: 3160

                                                                              General

                                                                              Start time:03:21:20
                                                                              Start date:18/04/2021
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff6b2800000
                                                                              File size:625664 bytes
                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Chronological Activities

                                                                              Analysis Process: WMIC.exe PID: 3176 Parent PID: 3160

                                                                              General

                                                                              Start time:03:21:20
                                                                              Start date:18/04/2021
                                                                              Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:wmic csproduct get uuid
                                                                              Imagebase:0xc10000
                                                                              File size:391680 bytes
                                                                              MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate

                                                                              Chronological Activities

                                                                              Analysis Process: JSChk2v3o9.exe PID: 5276 Parent PID: 3388

                                                                              General

                                                                              Start time:03:21:29
                                                                              Start date:18/04/2021
                                                                              Path:C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe'
                                                                              Imagebase:0x3d0000
                                                                              File size:62976 bytes
                                                                              MD5 hash:077FCCC46159F8CCD79FCD50787DB1C9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:.Net C# or VB.NET
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 72%, ReversingLabs
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: JSChk2v3o9.exe PID: 5608 Parent PID: 3388

                                                                              General

                                                                              Start time:03:21:39
                                                                              Start date:18/04/2021
                                                                              Path:C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\JSChk2v3o9.exe'
                                                                              Imagebase:0x1f0000
                                                                              File size:62976 bytes
                                                                              MD5 hash:077FCCC46159F8CCD79FCD50787DB1C9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:.Net C# or VB.NET
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Disassembly

                                                                              Code Analysis

                                                                              Reset < >

                                                                                Analysis Process: JSChk2v3o9.exe PID: 5996 Parent PID: 5620 JSChk2v3o9.exeCOMMON

                                                                                Executed Functions

                                                                                Function 003CC9C1, Relevance: 3.7, Strings: 1, Instructions: 2442COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Xcl
                                                                                • API String ID: 0-4037679890
                                                                                • Opcode ID: 456d7336829f6bdae897c05f07305f003fdbef25e48f11a2bdcbf187828cf8aa
                                                                                • Instruction ID: ffddd60eb6de498656c9c7f6cf35c8a6cba47cf2d17a0a346a73cc67ccf05fe6
                                                                                • Opcode Fuzzy Hash: 456d7336829f6bdae897c05f07305f003fdbef25e48f11a2bdcbf187828cf8aa
                                                                                • Instruction Fuzzy Hash: 3643F274A11218CFCB65EF24C884E99B7B1FF8A300F5151E9E609AB361DB31AE85CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003CC9D0, Relevance: 3.7, Strings: 1, Instructions: 2437COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Xcl
                                                                                • API String ID: 0-4037679890
                                                                                • Opcode ID: b98d5bd89353a815ef6861d4f1fa8fb39e6275ca41ee6104e1f83c4130523f22
                                                                                • Instruction ID: df299ef979de7920e9b227c80b66f535f7db8fe0d222a0a6decea451ad6cadea
                                                                                • Opcode Fuzzy Hash: b98d5bd89353a815ef6861d4f1fa8fb39e6275ca41ee6104e1f83c4130523f22
                                                                                • Instruction Fuzzy Hash: B143F274A11218CFCB65EF24C884E99B7B1FF8A300F5151E9E609AB361DB31AE85CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6220, Relevance: .3, Instructions: 306COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eeb5d64fe1597116b183b6614615575a5ca192ece254ecb98e7b24c7be78bb50
                                                                                • Instruction ID: 38032cc67f5dad7690871bd40405964d0ebc9ba2469423d87656af6871158f82
                                                                                • Opcode Fuzzy Hash: eeb5d64fe1597116b183b6614615575a5ca192ece254ecb98e7b24c7be78bb50
                                                                                • Instruction Fuzzy Hash: FBD1AF74E00218CFDB54DFA9C994A9DBBB2FF89304F2190A9E509AB365DB31AD45CF00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6216, Relevance: .3, Instructions: 298COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bd2574c248338cf5b5d54baa6dd504ea1badd0f52e6fc68a4e1a4e432af2997b
                                                                                • Instruction ID: bec1492663f299b673c4b981e759efea34a42e13c7d4f14cbd387430d2a19034
                                                                                • Opcode Fuzzy Hash: bd2574c248338cf5b5d54baa6dd504ea1badd0f52e6fc68a4e1a4e432af2997b
                                                                                • Instruction Fuzzy Hash: 9CD1AF74E00218CFDB54DFA9C994A9DBBB2FF89304F2180A9E509AB365DB31AD45CF41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4CD8, Relevance: .2, Instructions: 208COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2e7107a9b366392702cad33f1589d722340288aec3250f6f8d63f22fea374c68
                                                                                • Instruction ID: a898f79e6ea31a30501078f53106382e95cb41759d16568f88a56d85f3fc7409
                                                                                • Opcode Fuzzy Hash: 2e7107a9b366392702cad33f1589d722340288aec3250f6f8d63f22fea374c68
                                                                                • Instruction Fuzzy Hash: DB910674E00218CFDB24DFA5D954B9EBBF2BF89304F2091AAD409AB355DB309986CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5B60, Relevance: 2.6, Strings: 2, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: P3^k$p2^k
                                                                                • API String ID: 0-134855833
                                                                                • Opcode ID: 20402d76a9572de30bd590cf9e2939d6781206db309e6c8ca8389b0ff67032ec
                                                                                • Instruction ID: ee152c39a904a6befe8fa08159673efc77c97a45b1d3d9b1d44c819d02845df2
                                                                                • Opcode Fuzzy Hash: 20402d76a9572de30bd590cf9e2939d6781206db309e6c8ca8389b0ff67032ec
                                                                                • Instruction Fuzzy Hash: E541D274E01208EFCB18DFA4E5909DDBBB2FF89304F105929E401AB3A4DB31A946CF55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C13C8, Relevance: 1.7, APIs: 1, Instructions: 191COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 003C160E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 51680bf4dce64df5d48a5b5619d62482837f944a09a7a76ecd02e152295f1395
                                                                                • Instruction ID: 0345c784a360b96775a4b77913d9c9c65bd020246a054d772576a8f7bf4e093b
                                                                                • Opcode Fuzzy Hash: 51680bf4dce64df5d48a5b5619d62482837f944a09a7a76ecd02e152295f1395
                                                                                • Instruction Fuzzy Hash: 88712370A00B058FDB25DF6AC044B5ABBF5FF89304F01892DE58ADBA41DB74E8498F91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C7B4D, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 003C7CAA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 619a6bb39b72b9b45b8a446b380443a6a34b6177e71bbd44de1b5f846ee00e65
                                                                                • Instruction ID: 74dc0398a52720398bbf1da9d030064a55a951ab29fee39b805416e3f3f578eb
                                                                                • Opcode Fuzzy Hash: 619a6bb39b72b9b45b8a446b380443a6a34b6177e71bbd44de1b5f846ee00e65
                                                                                • Instruction Fuzzy Hash: 1A51F2B1C04249EFDF12CFA9C884ADDBFB5BF48314F25816AE818AB221D7719855CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C59B8, Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 003C7CAA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 2143eceada3a2e0fe70a120930ce43eb76ec8fbe001afa89a0e8f84f42b8d3fa
                                                                                • Instruction ID: 7e0c25481655766e06dc89a69f24be4ac2c8999c9ea5f40b96a82d6c33d2f837
                                                                                • Opcode Fuzzy Hash: 2143eceada3a2e0fe70a120930ce43eb76ec8fbe001afa89a0e8f84f42b8d3fa
                                                                                • Instruction Fuzzy Hash: B75100B1D142499FDB15CFAAC884ADEBFB1BF48300F25812AE819AB211D7709885CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C7B8C, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 003C7CAA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 648a7f40b902a564bbfe32ae079c0930e78ebbe81be8453de933563ebe16adac
                                                                                • Instruction ID: d494f392762e9d0a8a55da85e191da0853fe7559a4ab867e347534fe6d853eaa
                                                                                • Opcode Fuzzy Hash: 648a7f40b902a564bbfe32ae079c0930e78ebbe81be8453de933563ebe16adac
                                                                                • Instruction Fuzzy Hash: 3D51D0B0D143499FDB15CFA9C884ADEBFB5BF88310F25812AE819AB210D7759885CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C59D4, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 003C7CAA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: aff08135a0bca7e2947f138541f3b3cf133e57f0f0792ffdef212570c2b90b0f
                                                                                • Instruction ID: 17b74c9f1efb7e7d4ccc7b620508ef25d46a0466786d635539c6b58c5cebca45
                                                                                • Opcode Fuzzy Hash: aff08135a0bca7e2947f138541f3b3cf133e57f0f0792ffdef212570c2b90b0f
                                                                                • Instruction Fuzzy Hash: 8F51B0B1D143099FDF15CFAAC884ADEBBB5BF48314F25812AE819AB210D7759885CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C5B24, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 003CA391
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallProcWindow
                                                                                • String ID:
                                                                                • API String ID: 2714655100-0
                                                                                • Opcode ID: a2f35642f09432ba725893dab03c9e13d65c8ea49cd1d6a25a482ea74c8b22be
                                                                                • Instruction ID: 8bedf3a4727761dc38fc97e03cc8311ded88756988ef54fa45e32f3ef4ec37af
                                                                                • Opcode Fuzzy Hash: a2f35642f09432ba725893dab03c9e13d65c8ea49cd1d6a25a482ea74c8b22be
                                                                                • Instruction Fuzzy Hash: 704139B8900649CFDB11CF99C488BAABBF5FB88318F25C54DE519A7321D374AC41CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C3CBA, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,003C3C86,?,?,?,?,?), ref: 003C3D47
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 13d1d60d328dbbea47033effa8944ee251d06ee1fee65f7e3d4b89ecc21f6da2
                                                                                • Instruction ID: 231b82b2058222f42279ca079a5a9294570c4c375f3cd582dd74c411fa2147d9
                                                                                • Opcode Fuzzy Hash: 13d1d60d328dbbea47033effa8944ee251d06ee1fee65f7e3d4b89ecc21f6da2
                                                                                • Instruction Fuzzy Hash: F421E4B5D00249AFDB10CFAAD884ADEBFF8EF48320F14841AE914A7350C375A954CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C1D64, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,003C3C86,?,?,?,?,?), ref: 003C3D47
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 577c433d25e2f6832ec65219d8921b82809f37377966a5bc1d709ce700e38119
                                                                                • Instruction ID: cb6d09ead97e61e7bb358b63c36ae2f75a4ba1de1ba0d08dcbac225275b5bfbd
                                                                                • Opcode Fuzzy Hash: 577c433d25e2f6832ec65219d8921b82809f37377966a5bc1d709ce700e38119
                                                                                • Instruction Fuzzy Hash: 3621E5B59002089FDB10DFAAD484BDEBBF8EB48324F14801AE915B7310D374A954CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A49610, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00A49682
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID: TextWindow
                                                                                • String ID:
                                                                                • API String ID: 530164218-0
                                                                                • Opcode ID: 866859f7f06e19ee1f3f10133e9615800b51109983d1ea0b9263f70e6584e5ec
                                                                                • Instruction ID: f06d2be0693a660fb39bfbf1ab177c7746409a537ddc5f92259b9decb32b112b
                                                                                • Opcode Fuzzy Hash: 866859f7f06e19ee1f3f10133e9615800b51109983d1ea0b9263f70e6584e5ec
                                                                                • Instruction Fuzzy Hash: 9A2113B6D002498FDB10CFAAC844ADEFBF4EB88320F15C02AD859A7241C378A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C0778, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,003C1689,00000800,00000000,00000000), ref: 003C187A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 94cfbc647bfc8b6b73b31b0cdcc3d70ae153e2a207798f7f3d2d5de024d16787
                                                                                • Instruction ID: 4757303064c9e1806cc6aba582579c662f821d40c53c2c91d3f2422fa318f470
                                                                                • Opcode Fuzzy Hash: 94cfbc647bfc8b6b73b31b0cdcc3d70ae153e2a207798f7f3d2d5de024d16787
                                                                                • Instruction Fuzzy Hash: D81133B6D043098FDB10DF9AC444B9EBBF8EB49320F11842EE419B7200C375A944CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C1808, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,003C1689,00000800,00000000,00000000), ref: 003C187A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: dfd0fa833e761918ee7ed676f475a0f4352a7cfe979d64ce1bc331478b3d8065
                                                                                • Instruction ID: 61eae60fc419b6e80f7539d33473098bced7c3f5ded21f4ef4e4d1f3ad86aa82
                                                                                • Opcode Fuzzy Hash: dfd0fa833e761918ee7ed676f475a0f4352a7cfe979d64ce1bc331478b3d8065
                                                                                • Instruction Fuzzy Hash: B51103B6D003099FDB10DF9AC444BDEBBF4EB49320F11842EE529A7200C375A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A49618, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00A49682
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID: TextWindow
                                                                                • String ID:
                                                                                • API String ID: 530164218-0
                                                                                • Opcode ID: 3e466513e8419f9bf864cdd1345ab01ab69dc4a4c26f46b02cd29b7919e8cf77
                                                                                • Instruction ID: 1216582e8b2f6b1e47035c4311426f4e5660a02fe1c1842eb293f55e5aee5f2c
                                                                                • Opcode Fuzzy Hash: 3e466513e8419f9bf864cdd1345ab01ab69dc4a4c26f46b02cd29b7919e8cf77
                                                                                • Instruction Fuzzy Hash: D211D3B69006498FDB10CF9AC444BDFFBF4EB88324F15842AD859A7640D378A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A4F028, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,?,?,?), ref: 00A4F08D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 594003d258fab4be54f32dc949749db3e13539bbeff2e92f10a64e497c0c7f73
                                                                                • Instruction ID: 165319e0fe2c6915240d912cc9aef7f0d0542ae9d27c95ce412bea418a957bf8
                                                                                • Opcode Fuzzy Hash: 594003d258fab4be54f32dc949749db3e13539bbeff2e92f10a64e497c0c7f73
                                                                                • Instruction Fuzzy Hash: E21128B58003499FDB20CFAAC845BEEBFF4EB88324F14855EE454A7641D374A584CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A4F030, Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,?,?,?), ref: 00A4F08D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 6ec2f6c9e0d137199f5753e4ce9f63217fdef107c5187d72729513aecd0d4ec8
                                                                                • Instruction ID: 655eecddb6da3ba3404b832b4fd47a5ede3d7635ed17078172b78b481f3a2698
                                                                                • Opcode Fuzzy Hash: 6ec2f6c9e0d137199f5753e4ce9f63217fdef107c5187d72729513aecd0d4ec8
                                                                                • Instruction Fuzzy Hash: FF1118B58003099FDB10DF9AC845BEEFFF8EB88324F14841AE554A3641D379A984CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C15A8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 003C160E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: bd47b39d2a3bdf4ced1ff5daa2eaa98edb848b232235c9faf68b3fcc1ddba44e
                                                                                • Instruction ID: dec984b1d0974fc6c989dcb1be926dc50ffcf9c7936c02d9b0699dd71b06c316
                                                                                • Opcode Fuzzy Hash: bd47b39d2a3bdf4ced1ff5daa2eaa98edb848b232235c9faf68b3fcc1ddba44e
                                                                                • Instruction Fuzzy Hash: 9D1110B5C002498FCB10CF9AC844BDEFBF4EB89324F15841AD829B7200C379A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A4AA60, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SendMessageW.USER32(?,?,?,?), ref: 00A4AABD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 12e5a4cbdc2c8ff637e8b1612ecf313ebbd889d5834facb42c96c811c2be0f37
                                                                                • Instruction ID: 9b2838e79aff8613879b42396183837c852aabc5be2a584f34bb188168c11919
                                                                                • Opcode Fuzzy Hash: 12e5a4cbdc2c8ff637e8b1612ecf313ebbd889d5834facb42c96c811c2be0f37
                                                                                • Instruction Fuzzy Hash: 7511D3B58003499FDB10DF9AD984BDEBBF8EB48324F148419E554A7640C375A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A4AA59, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SendMessageW.USER32(?,?,?,?), ref: 00A4AABD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 681ce6030f5e4de47e09a71f45fef4a8e3ff7213b642a3bd2e85558d8905f1df
                                                                                • Instruction ID: 92d0072d07c12f4d71164e0f0ecd1dd38c2aa13e898cb6cf96eb440c21462e0a
                                                                                • Opcode Fuzzy Hash: 681ce6030f5e4de47e09a71f45fef4a8e3ff7213b642a3bd2e85558d8905f1df
                                                                                • Instruction Fuzzy Hash: 1B1103B98002098FDB10DF99C584BDEBBF4EB48320F14841AD464B7740C374A944CFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A58C8, Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: P3^k
                                                                                • API String ID: 0-842810237
                                                                                • Opcode ID: de5a331472361a2f1782a8ee064dac7a8afd2637346bcc43f8bb8f90f309985f
                                                                                • Instruction ID: e42f492e78d2f1b0bde8ef55d74dc640c92d2ebd7dec69c00080071d2bf77ec5
                                                                                • Opcode Fuzzy Hash: de5a331472361a2f1782a8ee064dac7a8afd2637346bcc43f8bb8f90f309985f
                                                                                • Instruction Fuzzy Hash: E831EEB0D01208DFDB18CFAAD950ADEBBB2BF89304F10942AD405BB364DB355946CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CFF51, Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: WVSP
                                                                                • API String ID: 0-3847415142
                                                                                • Opcode ID: a9c5129b560e995d6b2d16ce0f37b6cd4bde73a08e093d1fa7ffb3806226ed48
                                                                                • Instruction ID: 6f08f1f20cc6d828d59ac7ab139e6e0cefc5055107a3a469e8d961f270914ffe
                                                                                • Opcode Fuzzy Hash: a9c5129b560e995d6b2d16ce0f37b6cd4bde73a08e093d1fa7ffb3806226ed48
                                                                                • Instruction Fuzzy Hash: 6BF09061B0C2A00FD75556B81C2177F66EAEFC6658B1581BFE205DB282DE614C0283A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3CC0, Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ?
                                                                                • API String ID: 0-2253900439
                                                                                • Opcode ID: 111febf5cdedf5e57b3690956c5b445e58f2f663d2be07de5c19a5eb9dc2dcbb
                                                                                • Instruction ID: 30da20777d5a9957321ee5e2ac4df38b8e0d5079ce4610f84332f87c81c39a38
                                                                                • Opcode Fuzzy Hash: 111febf5cdedf5e57b3690956c5b445e58f2f663d2be07de5c19a5eb9dc2dcbb
                                                                                • Instruction Fuzzy Hash: 72F06231E082418FD71ACF2CE441A567BE1BB06310B154996E054CF392D321DDC0C7E2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C7310, Relevance: .8, Instructions: 787COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1227d85a7d4b528de2400c72e93d9305c18883780d41a167a38cc8044086f701
                                                                                • Instruction ID: 37d6b9ab1d8c6b09a9f6d0039b96695d637b08dd6b19b15a5cbb0fdbe730f951
                                                                                • Opcode Fuzzy Hash: 1227d85a7d4b528de2400c72e93d9305c18883780d41a167a38cc8044086f701
                                                                                • Instruction Fuzzy Hash: AC62F271D08B468ADB746FB4C8A9BADB6A5AB42740F10495FD0FACB271CB349C418F47
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C7350, Relevance: .5, Instructions: 453COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8349ab0aea88d93b84f0bc1d44dadca4822433d52a3dbbd7a605b9d029bda7c6
                                                                                • Instruction ID: 26f9412a0b14337ef770cafdbb0c7a8763abbcff219b4411ea921234e38e38be
                                                                                • Opcode Fuzzy Hash: 8349ab0aea88d93b84f0bc1d44dadca4822433d52a3dbbd7a605b9d029bda7c6
                                                                                • Instruction Fuzzy Hash: 16124BB1D09B474AD7B46BA4889479EF694AB05700F20499FC0FECB275C7349C869F8B
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB0B8, Relevance: .3, Instructions: 318COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d7f5d3fb85761f971b4dc18d3aed05a8d91c9f2c63a6d1d9fe02f6f6f3113972
                                                                                • Instruction ID: 8290dec3ac2da68382d27942104cd40ae990d6211ebd421c41177794ee1eb012
                                                                                • Opcode Fuzzy Hash: d7f5d3fb85761f971b4dc18d3aed05a8d91c9f2c63a6d1d9fe02f6f6f3113972
                                                                                • Instruction Fuzzy Hash: FCC13434B006108FCB18EB68C499E6A7BF6EF89704B1540ADE606CB375DB71EC06CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9618, Relevance: .3, Instructions: 289COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 41ffe8c30ea58bffd440d70f23b2c8d008259b0eb362beaaf74b027b8a01682b
                                                                                • Instruction ID: 68b0b13de4eaf92fca906f7c87e67d6f418683b2a24b3b3dd581f3cdb9e27c90
                                                                                • Opcode Fuzzy Hash: 41ffe8c30ea58bffd440d70f23b2c8d008259b0eb362beaaf74b027b8a01682b
                                                                                • Instruction Fuzzy Hash: A6B10534A102148FDB14DF69C898EADBBF6AF89714F1540ADE506EB3A1CB74EC41CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C92E4, Relevance: .2, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0534da7a8feed9b24760c37c00ecb7729894a0a9e50993c6408ab6c589b495d4
                                                                                • Instruction ID: 79083f1158d4debe267f4352c9c525a6d7eeed77c6b2d4097e192e92e367c529
                                                                                • Opcode Fuzzy Hash: 0534da7a8feed9b24760c37c00ecb7729894a0a9e50993c6408ab6c589b495d4
                                                                                • Instruction Fuzzy Hash: 9D911671E01249DFCF11CFA9D884ADEBBF5FF88300F15852AE919AB250D730A955CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AAC04, Relevance: .2, Instructions: 230COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 641a96f03f28b4298c7ce853aa31c23bd7f2c34fcf68abc215c30780f4519c4c
                                                                                • Instruction ID: afc0158bdeaf174f01a96382355bf0905ad792025cc5131a6dc7191cac0e82d5
                                                                                • Opcode Fuzzy Hash: 641a96f03f28b4298c7ce853aa31c23bd7f2c34fcf68abc215c30780f4519c4c
                                                                                • Instruction Fuzzy Hash: 6CA17431A10605CFCB14EF69C89499DBBB1FF89304F1186ADE519AB325EB70E985CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CBDD0, Relevance: .2, Instructions: 210COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0d8158aacabcfb63b8b56644c1e42335bab19c08e719b9bb1d4a75d8e77e42cf
                                                                                • Instruction ID: 4b915583daa912ee28c561349c892f542d9ddb05d774f16c7d5c17f5bd60fb89
                                                                                • Opcode Fuzzy Hash: 0d8158aacabcfb63b8b56644c1e42335bab19c08e719b9bb1d4a75d8e77e42cf
                                                                                • Instruction Fuzzy Hash: 43817B34A10208DFCB04EFA4D899EADBBB5FF89300F118569E506AB364DB30A945CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A48D8, Relevance: .2, Instructions: 210COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2c3fa30cb4d3eabd5fd2166fd9e2f60e8cdf77ff15f80bd75bfcfef2b08c077f
                                                                                • Instruction ID: 968d0c816804ee39b8e69da3e9ec6022387361bc77638ef28d3a35735ffe54ea
                                                                                • Opcode Fuzzy Hash: 2c3fa30cb4d3eabd5fd2166fd9e2f60e8cdf77ff15f80bd75bfcfef2b08c077f
                                                                                • Instruction Fuzzy Hash: 70A1A174E01218CFDB14DFA9C894ADDBBB1FF49304F1491AAD409AB364DB70AA89CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C1980, Relevance: .2, Instructions: 209COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dfa87f9678b91899a5f6677e3436ca951cb62c03a5e66d5fa5bf0735b824488a
                                                                                • Instruction ID: 90abf4f9116411330cb359d05487decc7c170160b40bff045e4882fb96647a5d
                                                                                • Opcode Fuzzy Hash: dfa87f9678b91899a5f6677e3436ca951cb62c03a5e66d5fa5bf0735b824488a
                                                                                • Instruction Fuzzy Hash: 39817E70E002198FDB14DFA9C8546EEBBF2BF89304F15852EE405EB355DB349945CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0AEC, Relevance: .2, Instructions: 201COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 11947b45a4ed3366b38788b79f80ea5495a5bbe2ea40b1309795fc5c436a158c
                                                                                • Instruction ID: 5d32c98c4ab13b0c90041a421743f3570dd650b1ebbbb07ddabd388a8804608a
                                                                                • Opcode Fuzzy Hash: 11947b45a4ed3366b38788b79f80ea5495a5bbe2ea40b1309795fc5c436a158c
                                                                                • Instruction Fuzzy Hash: 8451D370E05208DFCB19EFB4D554AADBBB6EF85304F2184AEE045E7252DB349C26CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CACF0, Relevance: .2, Instructions: 199COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ca28955dfce4a59c9c5602d6e6ad33950014953207e60040b8db1b865ea9f186
                                                                                • Instruction ID: 4d963b706a1653fcf95f034557fadc62fdde85a395f5859d3edfca109cfb4714
                                                                                • Opcode Fuzzy Hash: ca28955dfce4a59c9c5602d6e6ad33950014953207e60040b8db1b865ea9f186
                                                                                • Instruction Fuzzy Hash: 77714F34B041188FCB15EB64C855EADB7F2EF89354B2540ADD502EB3A1CB35ED01CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AAAA8, Relevance: .2, Instructions: 194COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3922a9915970aa6592b1976355efc7ace45650da012b224a1477e46c1c550d3a
                                                                                • Instruction ID: a8d1de0122a2de02cc827b2860a26c6f6b6742959add50346bc8ed66fc096b52
                                                                                • Opcode Fuzzy Hash: 3922a9915970aa6592b1976355efc7ace45650da012b224a1477e46c1c550d3a
                                                                                • Instruction Fuzzy Hash: 5B71B431E006199FDB14DBA8C8646AEBBB2FF89304F15852ED406BB350EF74AD45CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE698, Relevance: .2, Instructions: 188COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 324f9f64c907aeba53ddf8807a3f2dc39c201a33d4bd8525cff02907bacd4f6c
                                                                                • Instruction ID: 82fb8bde04bbeeedb173c58cc315c944480a5929cada71c2f4cb5e2f9b807e59
                                                                                • Opcode Fuzzy Hash: 324f9f64c907aeba53ddf8807a3f2dc39c201a33d4bd8525cff02907bacd4f6c
                                                                                • Instruction Fuzzy Hash: C671F635A007059FCB21CFB9D988A9EB7F5FF48310B14892EE86AD3750DB38E9458B41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5B00, Relevance: .2, Instructions: 183COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a1d69e44198ec877f734296345ad52d37eb4cea86ff67afda2ef3956bc60b6f4
                                                                                • Instruction ID: 67e8548cce22bf5bda6f66d71430c1815603b840a186379e44f706284b03ee9c
                                                                                • Opcode Fuzzy Hash: a1d69e44198ec877f734296345ad52d37eb4cea86ff67afda2ef3956bc60b6f4
                                                                                • Instruction Fuzzy Hash: CF716030E00A09CFDB04DFA9D854BAEBBB5FF88300F15856DD416A7290EB74AD85CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C8CB0, Relevance: .2, Instructions: 179COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 485ca377bb9a210426bfd34cc0ebc069e0c9a71f54310672a3acdce470e40f00
                                                                                • Instruction ID: da30f810e4286fcd41b485fe6b53ff32c3890bff84e7756bb8bb33353a7557a0
                                                                                • Opcode Fuzzy Hash: 485ca377bb9a210426bfd34cc0ebc069e0c9a71f54310672a3acdce470e40f00
                                                                                • Instruction Fuzzy Hash: 7E61C535A046048FCB15DF65C840EAEBBF6EF89300B0584AED549DB3A2DB34DD05CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6698, Relevance: .2, Instructions: 168COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5a75541630e205ad8120431d57df0102dca446b4fe4f76621f7f4dc79f50cc24
                                                                                • Instruction ID: d33cb35e5af411e2ab5b5d053114c6f7a5346be08faf6d87766d10bebc6ba3b7
                                                                                • Opcode Fuzzy Hash: 5a75541630e205ad8120431d57df0102dca446b4fe4f76621f7f4dc79f50cc24
                                                                                • Instruction Fuzzy Hash: F0716D74A01208AFCB15DF69D894EAEBBB6FF49724F114498F901AB361DB31EC81CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C4BE0, Relevance: .2, Instructions: 167COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2d82594f0026967fe61a0c72ac63fd83256941823c0d82bbd843e5e28b8cbf7
                                                                                • Instruction ID: da15ebc7c397889aa705ca296ba1fc74ae2de47e6a52314d9610c0298a12d839
                                                                                • Opcode Fuzzy Hash: c2d82594f0026967fe61a0c72ac63fd83256941823c0d82bbd843e5e28b8cbf7
                                                                                • Instruction Fuzzy Hash: 2F516A30B016009FDB15EB68C4A5FAAB7EAAF89704F10446DE10ADB3A1DF75EC05CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5DF8, Relevance: .2, Instructions: 162COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cf04b55f4ea8b88789ca691533af4e316343eb0fab3112d72ca4d99e195c83d2
                                                                                • Instruction ID: 1594d90b94767165247d96092512748eac8e60e2f0912c55990e12113554622a
                                                                                • Opcode Fuzzy Hash: cf04b55f4ea8b88789ca691533af4e316343eb0fab3112d72ca4d99e195c83d2
                                                                                • Instruction Fuzzy Hash: 4F61B474E01208DFCB04EFA9D59099EBBB2FF89305F108829D415EB764EB30A94ADF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6FCC, Relevance: .2, Instructions: 155COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20c90f6ce74290a1057db12fc95f1db60d031a5b7332941290e4da53e32857b7
                                                                                • Instruction ID: 74a70430f3c0ba8010deb58c2131437afef11b22efd723b6c30f0c4174179051
                                                                                • Opcode Fuzzy Hash: 20c90f6ce74290a1057db12fc95f1db60d031a5b7332941290e4da53e32857b7
                                                                                • Instruction Fuzzy Hash: 7D51A071B002158FCB11EB7998589AFBBF6EFC8214715892AE129DB350EB30DD058BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C09E4, Relevance: .2, Instructions: 154COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 726d572d296b541d6fc6aa679ef057b392c15118b9a141b00d41a3c9bb04e8b1
                                                                                • Instruction ID: b9a9b15ff95773535acb7569ce749296fc644a0199045344723720818d3b8f35
                                                                                • Opcode Fuzzy Hash: 726d572d296b541d6fc6aa679ef057b392c15118b9a141b00d41a3c9bb04e8b1
                                                                                • Instruction Fuzzy Hash: 0B514E71E002059FCF10EFA9C948AAFBBF9EFC8304F14841EE415E7255EB7499058BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AEFC0, Relevance: .2, Instructions: 151COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bdedf02c93c45fe2faac2243d784b5cbf7451efdab03c678539db74dbf4670cd
                                                                                • Instruction ID: 5b146e016ef4eec14d4741afc5ce7c07538b6556c039c7570195db9d1b1a6f20
                                                                                • Opcode Fuzzy Hash: bdedf02c93c45fe2faac2243d784b5cbf7451efdab03c678539db74dbf4670cd
                                                                                • Instruction Fuzzy Hash: 7351B270A042499BEB119B71E8287EF7BB5EF6434DF050059D841AB784EBBA9C4DCB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE688, Relevance: .1, Instructions: 146COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f5406015b7829b4fbae72ef53466f501d2d7581a5465c9a6ec26004f0949d1f
                                                                                • Instruction ID: 591075d9cd7ecfb59d8b7563123b68ca44a4c358a20fce75f0998a65bc1fe08e
                                                                                • Opcode Fuzzy Hash: 2f5406015b7829b4fbae72ef53466f501d2d7581a5465c9a6ec26004f0949d1f
                                                                                • Instruction Fuzzy Hash: 9351F675A007059FCB20CF78D998A9EBBF1FF48310B10892EE85AD7751DB34E9498B51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3898, Relevance: .1, Instructions: 135COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bbc61e43983413035cf621bcca0993a78dc4288748b9aee6c61035f3c049748d
                                                                                • Instruction ID: bcd21d93cf0e2fd18202acadefca7321131c933cd0b20e8371b56deaee2cc01a
                                                                                • Opcode Fuzzy Hash: bbc61e43983413035cf621bcca0993a78dc4288748b9aee6c61035f3c049748d
                                                                                • Instruction Fuzzy Hash: 7641FD71B00B018BDB34DE68D891B6AB7E5FB48314F148E3DE596CB640D7B4EA488B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C4BD0, Relevance: .1, Instructions: 131COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 614b337deacbac06b8da0fa9015515c62f1756e7376297cb594c0aa0275053a9
                                                                                • Instruction ID: f17ad8f4c061ef43d9c2d550bd92706c4470b236a4ba9fd0b3b297f69c80783b
                                                                                • Opcode Fuzzy Hash: 614b337deacbac06b8da0fa9015515c62f1756e7376297cb594c0aa0275053a9
                                                                                • Instruction Fuzzy Hash: 63418A30B00240DFCB15EB68C4A5FA9B7B6AF89304F15446DE04ADB2A2CB75EC45CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3888, Relevance: .1, Instructions: 130COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 79123162a6d1f7af9aa8a349733047373559b4bbc133681de06480fd4cf923a1
                                                                                • Instruction ID: e8135a21b64063d44acc524992a4bc662f6b4979e68c63a24ea6eec9f3d15f67
                                                                                • Opcode Fuzzy Hash: 79123162a6d1f7af9aa8a349733047373559b4bbc133681de06480fd4cf923a1
                                                                                • Instruction Fuzzy Hash: 84412F71B04B018BDB34DE78D891B6AB7F6BB88340B18CE3DD556C7640E774EA098792
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5428, Relevance: .1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7c16790c3546fa713ecb6718038e957f0dd591701077ac0bc2a770cfd7e4d34d
                                                                                • Instruction ID: a9c74092b9b94075aea1b7114626a4f30318244466b701613928a62046f143f3
                                                                                • Opcode Fuzzy Hash: 7c16790c3546fa713ecb6718038e957f0dd591701077ac0bc2a770cfd7e4d34d
                                                                                • Instruction Fuzzy Hash: B5418A30B106548FDB14DFA9D884FADBBFAAF49305F1140A9E501EB3A2DA70EC80CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5530, Relevance: .1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5d0c17e3aec7153b6280611a507eae25bf153db0a8653378aa8fa6656fa93451
                                                                                • Instruction ID: ab54adcf7be3d0583a080984b0bc68d45d34920dc5e4d7553e2812bd814bbfa4
                                                                                • Opcode Fuzzy Hash: 5d0c17e3aec7153b6280611a507eae25bf153db0a8653378aa8fa6656fa93451
                                                                                • Instruction Fuzzy Hash: 86510A70A0120A8FCB14EFB4C4909EEB7B2FF89308F109969D415BB364DB35A845CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6070, Relevance: .1, Instructions: 125COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 396d5eebc8fcbd726510909a2079919c08f4caa69b33cbf2080069727547e3c4
                                                                                • Instruction ID: 48ade425a04495d88208ad8dba96176055a3dd5ec406b3dd7319e763d422b75a
                                                                                • Opcode Fuzzy Hash: 396d5eebc8fcbd726510909a2079919c08f4caa69b33cbf2080069727547e3c4
                                                                                • Instruction Fuzzy Hash: AD41C279E012189FCB08DFAAE4909DEFBB6FF89300F15912AD405A7355DB34A886CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0BC0, Relevance: .1, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 093c4e0e62e6b29eabe6a17df24b3a21c60f772703d5e66ab09d736416c3af70
                                                                                • Instruction ID: 413b421a3132c74e827a6b1d9b9f43a0dd87c52a8591940934b665f5bc3034e4
                                                                                • Opcode Fuzzy Hash: 093c4e0e62e6b29eabe6a17df24b3a21c60f772703d5e66ab09d736416c3af70
                                                                                • Instruction Fuzzy Hash: 5F418B71E00208CFCB25ABB4C454BADBAB1EFC8318F24552DD406AB291DF754885CBD6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6688, Relevance: .1, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 616bcbbfe938834c01bd0ee5da9cddfe5004e6867d5f78ea550aa700166462bd
                                                                                • Instruction ID: 114199ffe7a031ddf77fc8d1aa069b9ad53a491dbc46a8d048d35e54d320f137
                                                                                • Opcode Fuzzy Hash: 616bcbbfe938834c01bd0ee5da9cddfe5004e6867d5f78ea550aa700166462bd
                                                                                • Instruction Fuzzy Hash: F051B238A01208EFCB05DF69D894E9DBBB6FF49724B1144A9F901AB361DB31EC81CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA098, Relevance: .1, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5035b4203ad2509ed0b8cc6855bedcf18248f41396c056cc6aa0e808ff661148
                                                                                • Instruction ID: c0da7d9a656805b52ac2b31bd7d11e64a6055392b4edf882ea49c4242c67025a
                                                                                • Opcode Fuzzy Hash: 5035b4203ad2509ed0b8cc6855bedcf18248f41396c056cc6aa0e808ff661148
                                                                                • Instruction Fuzzy Hash: F05178B0C053588FDF11DFA9C590ACEBFB1AF19304F25806AD449BB241D774698ACFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CA90F, Relevance: .1, Instructions: 119COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3896a6b1ae922402e6bbad13d8331bd81918c837d0f2913d3a351185850fc222
                                                                                • Instruction ID: f27f911030334d99b1efa9bcbd137db44784039052a4201b2835e8e35829e80e
                                                                                • Opcode Fuzzy Hash: 3896a6b1ae922402e6bbad13d8331bd81918c837d0f2913d3a351185850fc222
                                                                                • Instruction Fuzzy Hash: 4E412231F006558FDB14DB38C846B6E7BA6ABC5724F1981BED50ACB392DA349C028793
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5638, Relevance: .1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 919206d47566d55f177101e27ebb2fcd1ab8cd2410b5e8d802ee1e73e6f37067
                                                                                • Instruction ID: 1ee4035e449c3eacbf40edee18a3aa5ac9fdf9aca6d977b311f2d16d7a27d396
                                                                                • Opcode Fuzzy Hash: 919206d47566d55f177101e27ebb2fcd1ab8cd2410b5e8d802ee1e73e6f37067
                                                                                • Instruction Fuzzy Hash: 1241E634A006288FDB44EBA9C854F9DB7B5BF88704F114069E905EB3A1DB79AC41CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4633, Relevance: .1, Instructions: 115COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2c0c71bb87c97c9cedeeed406d8f5e505217b0bbdbc8c1d2c9dd1551baee71f5
                                                                                • Instruction ID: 95b18a6b4cd16284cb8bd35d2d5c7b173ef81483c13d0915fd2f52dbd4c6883a
                                                                                • Opcode Fuzzy Hash: 2c0c71bb87c97c9cedeeed406d8f5e505217b0bbdbc8c1d2c9dd1551baee71f5
                                                                                • Instruction Fuzzy Hash: 5A51C578E002188FDB24EFA4C854B9DB7B2FF89304F1180A9E549A7394DB359D9ADF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5138, Relevance: .1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 183d6f5284f1043049ed7c6f7d341a2b5c172f90cc53eb8f772e791ebe9be084
                                                                                • Instruction ID: 07214d082429529e053ceba6ccfe191bbce6b2a04210a2aa6810ee7251c99406
                                                                                • Opcode Fuzzy Hash: 183d6f5284f1043049ed7c6f7d341a2b5c172f90cc53eb8f772e791ebe9be084
                                                                                • Instruction Fuzzy Hash: B741C974E01208DFCB44DFA8E490ADEBBB2FF89304F508969D405A3354EB31A95ADF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0468, Relevance: .1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1669da9060fffaec9ac27bb4e75d4f74bb37e1c6f6a317f122d4eeffa8eb3ec8
                                                                                • Instruction ID: ad8b81b90d1961f752d4d13ac35cadc2e68d5ddbfaca14f866b79501566c0357
                                                                                • Opcode Fuzzy Hash: 1669da9060fffaec9ac27bb4e75d4f74bb37e1c6f6a317f122d4eeffa8eb3ec8
                                                                                • Instruction Fuzzy Hash: A3312C35B00200CFCB28DB79D854BAA73E9AFC9721F1501ADE61ACB3A1EA31DC41CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AF228, Relevance: .1, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fa84cdf771e95602402cff991d57d33224eb8d03fb300ceb539501c2145d9959
                                                                                • Instruction ID: 9a022ea245694bc2256cae3a30e4da0ad2c717ec0ba7413ed8a0c3e8973a67e3
                                                                                • Opcode Fuzzy Hash: fa84cdf771e95602402cff991d57d33224eb8d03fb300ceb539501c2145d9959
                                                                                • Instruction Fuzzy Hash: A7318C39A04110DFE710AF69E824BAB7BA5EF99349F018066E500DB741DB7ADD0ACBD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AAA98, Relevance: .1, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 60e06df5a31f23b9d07ea278b72c493e6ca94e0890d586aa86849b5ce5f59c5e
                                                                                • Instruction ID: 5348606652abcd4835cc55c6cfb5d8d8469c5f9d8ad9250b166b721f03d7c200
                                                                                • Opcode Fuzzy Hash: 60e06df5a31f23b9d07ea278b72c493e6ca94e0890d586aa86849b5ce5f59c5e
                                                                                • Instruction Fuzzy Hash: 84319031E006098FDB10EFA9D8545EEBBB4EF99314F10816AD519E7351EB30D946CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C8CA2, Relevance: .1, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9657f510b2530f4b1a33c08327988eee9efa87a5fb2dc9fc7a8dd753c249deb2
                                                                                • Instruction ID: 1ab62290ff32e427cca2866b0b67923c34e63f8f2685844a5ca2295d3df29fa6
                                                                                • Opcode Fuzzy Hash: 9657f510b2530f4b1a33c08327988eee9efa87a5fb2dc9fc7a8dd753c249deb2
                                                                                • Instruction Fuzzy Hash: C7317E35A005488FCB05DF64C984FDE7BF6EF89300F1584A9E805AB2A2DB35ED19CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB6A0, Relevance: .1, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 280d6b110a28605878bc6d2dbef3bf41aaeb6bf7874fcce2f9cb7d1a5d6fc9d5
                                                                                • Instruction ID: e96a655124fb6bfcec7d956372d917dd9e27bd96c8146a3d9551216bfb253e4d
                                                                                • Opcode Fuzzy Hash: 280d6b110a28605878bc6d2dbef3bf41aaeb6bf7874fcce2f9cb7d1a5d6fc9d5
                                                                                • Instruction Fuzzy Hash: 0F415E31D20609DFCB00EFA8D955ADDBBB5FF59341F10C229E94577250EB30AA88CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA0C4, Relevance: .1, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1809da12aba1d78263a3b363c4f009d208f35fd088a5ee24aa5669f50253ed43
                                                                                • Instruction ID: f8b9f147346c11b87c5039930ea87eb04808a548f93cc2392d16ee447408f277
                                                                                • Opcode Fuzzy Hash: 1809da12aba1d78263a3b363c4f009d208f35fd088a5ee24aa5669f50253ed43
                                                                                • Instruction Fuzzy Hash: 2541E2B1D00219CFDB20DFA9C584ADEBBB5BF58305F25802AE509BB340D7756A89CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024ABB28, Relevance: .1, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3a04ff21ac40d2698432c515104b590367640c03867986f771becc1ee31a1fe9
                                                                                • Instruction ID: 658e24fed428497a220563550fb60a916d6b767048124801c18b0f5cbe94e31e
                                                                                • Opcode Fuzzy Hash: 3a04ff21ac40d2698432c515104b590367640c03867986f771becc1ee31a1fe9
                                                                                • Instruction Fuzzy Hash: 1D310770E042098FDF10DFA9D958AEEBBF5EB98214F50842AD415B7340DB785905CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA525, Relevance: .1, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8ac12a20694b31eeba92e1e6414d7cfa5a520c25150cc7cef0bbac09de7cb559
                                                                                • Instruction ID: 8996ad911bf3531ffdde449b621ba0fd31e41fed108c2b69dd8be74566b87d58
                                                                                • Opcode Fuzzy Hash: 8ac12a20694b31eeba92e1e6414d7cfa5a520c25150cc7cef0bbac09de7cb559
                                                                                • Instruction Fuzzy Hash: 6841E2B1D00219CFDB20DFA9C584ADEBBB5BF58305F25802AD409BB340D7756A8ACF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C63E8, Relevance: .1, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 133157242680ef9fecc3cec5363b855628f306d52fa49465ed9b61f8ae52999b
                                                                                • Instruction ID: bd18f98f589c26dffd1a93740b545d7a971701291a18dc9d220a24de4f949c42
                                                                                • Opcode Fuzzy Hash: 133157242680ef9fecc3cec5363b855628f306d52fa49465ed9b61f8ae52999b
                                                                                • Instruction Fuzzy Hash: D6317C31B041108FDB18EB29D840F2AB7EAEF85714B5584AEE50ACB671DB31EC01CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C09D8, Relevance: .1, Instructions: 95COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0607c5e4524d74b7e9e351c2bfbcf6cef0bb8e45f331477e46fda285ff794be2
                                                                                • Instruction ID: 2ad82a0d59ba496fd397427222fb40e395c37d9b9afa4486a417b310d7b785b3
                                                                                • Opcode Fuzzy Hash: 0607c5e4524d74b7e9e351c2bfbcf6cef0bb8e45f331477e46fda285ff794be2
                                                                                • Instruction Fuzzy Hash: 1741DFB0D003589BDB14CFAAC884ADEFBB5FF89314F20812AE419BB215D7B46845CF95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5310, Relevance: .1, Instructions: 93COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 39df8ecc0905d8e5bf4cfa5afb3e7d5439f8e57d8e59920864ac823336ce545a
                                                                                • Instruction ID: 0caddb99c389737d718f5818bc2c382607fba07dfbd3009feedd5a94048b2aa9
                                                                                • Opcode Fuzzy Hash: 39df8ecc0905d8e5bf4cfa5afb3e7d5439f8e57d8e59920864ac823336ce545a
                                                                                • Instruction Fuzzy Hash: 13316D31B005048FDB18DB69C454EAEBBF5EF8C350F1640A9E406E7361DA31EC45CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0BB2, Relevance: .1, Instructions: 91COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bd3d7a267ee2f5d4da091ac113b6c8c908b78a0953b988a0f8fdb7f9a37148e8
                                                                                • Instruction ID: d90815ec45e38ae67ad59007fd907ab62943381f301a9443dc52e12bbc3727c7
                                                                                • Opcode Fuzzy Hash: bd3d7a267ee2f5d4da091ac113b6c8c908b78a0953b988a0f8fdb7f9a37148e8
                                                                                • Instruction Fuzzy Hash: 7231C170D04205CFDB25ABB48454BEEB6A1EFC9308F20897DD446AA391DF354886CBD2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9E98, Relevance: .1, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f6bec6ebf64c7d5a000d195e0cb307f36bdf46950dbe8f46c8a6e97a3673fd8c
                                                                                • Instruction ID: 2c549caf1869feafa157a9edb44e8369286dd6981a39f97b827a9200c42817fd
                                                                                • Opcode Fuzzy Hash: f6bec6ebf64c7d5a000d195e0cb307f36bdf46950dbe8f46c8a6e97a3673fd8c
                                                                                • Instruction Fuzzy Hash: 5031AC35B102008FDB18DB28C858FAA37E6FF89710F1544BEE206DB3A1CA759D05CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C2BB4, Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: df69a25e7beb59ac76d77879eaa21f98a3c53c561f697ca05f27c5c5bff1793e
                                                                                • Instruction ID: 08c1d91ca35003601c39b7340c3bfd8e479a4c08095c5d3da9d054976809179a
                                                                                • Opcode Fuzzy Hash: df69a25e7beb59ac76d77879eaa21f98a3c53c561f697ca05f27c5c5bff1793e
                                                                                • Instruction Fuzzy Hash: F431F539E60219DFCB04DFA8D894EEDB7B5FF89700B1185A9E915AB361C734AD00CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0E80, Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 18cb33d9ebdd92ee6c8814168a564e52242e4cc63cdcb3344b084cd8ce8d8f30
                                                                                • Instruction ID: 331e2ce381a844774c041bd62e98150599d5118d8ecf83a9c3a7eac501f6bb77
                                                                                • Opcode Fuzzy Hash: 18cb33d9ebdd92ee6c8814168a564e52242e4cc63cdcb3344b084cd8ce8d8f30
                                                                                • Instruction Fuzzy Hash: E3313E70A0424A9FCF40FFA4D451A9EB7B2FF85304F114828D509EB765DB706A0A9FE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A43B9, Relevance: .1, Instructions: 86COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d57638dafc1913a6c4145e6794607a575b6a17131c78da87ed3f7c19b78565a3
                                                                                • Instruction ID: 1ad6ce938ce737df1b04bf2f10976a69c108d534bc174dd2e909ae4b69a0e50c
                                                                                • Opcode Fuzzy Hash: d57638dafc1913a6c4145e6794607a575b6a17131c78da87ed3f7c19b78565a3
                                                                                • Instruction Fuzzy Hash: 3331D1B4D01208DFDB14DFA5E950AEEBBF2BF89304F20952AD805A7364DB355846CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AAB68, Relevance: .1, Instructions: 86COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7fff454c174b7ba0a46c261af142a370609f00e91e448b77ced95ed5470fb050
                                                                                • Instruction ID: b7da49a2466f5a2eb553a03aaf12dac6786b34832092f673b3e03fc0ddd39eac
                                                                                • Opcode Fuzzy Hash: 7fff454c174b7ba0a46c261af142a370609f00e91e448b77ced95ed5470fb050
                                                                                • Instruction Fuzzy Hash: 0821D3716002054FD740AF2CD8916C5F7E6EF99314F0586BAE909EF386DA74998ACB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C1C69, Relevance: .1, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bbd350890d0fd5d3779623c0aeae802201270d4bc78d70632e474ee8489544c
                                                                                • Instruction ID: fb4d450a57956a287e23cd5bd21cb75f1f14e1d61f2dec54bdc6432069b1b616
                                                                                • Opcode Fuzzy Hash: 8bbd350890d0fd5d3779623c0aeae802201270d4bc78d70632e474ee8489544c
                                                                                • Instruction Fuzzy Hash: 9321B470E002559FCB11EBA9C814EAFBBF9AFC5300F14856EE015D3292EA708A05C7A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C41E8, Relevance: .1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8e990c435f095d1857a1d1e196db77cda6024f709a5fd3f2a6af79f162bd0a57
                                                                                • Instruction ID: a76cfd17cd085c0acb0944507fa8b55c542396f7f13144e19b7796e4cccc8879
                                                                                • Opcode Fuzzy Hash: 8e990c435f095d1857a1d1e196db77cda6024f709a5fd3f2a6af79f162bd0a57
                                                                                • Instruction Fuzzy Hash: C6318C71D042098FCB10EFA9C844BEEBBF4FF48314F14886AE415E7251D738A904CBA6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4530, Relevance: .1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 97446c0df11a8a0f3084c443d7b60464b7dccb2d609ae29e932f331aa7e8ac98
                                                                                • Instruction ID: db55314412868f5c11f9df1c9dda4a1508c9e94e46eae36c56af181903811c5f
                                                                                • Opcode Fuzzy Hash: 97446c0df11a8a0f3084c443d7b60464b7dccb2d609ae29e932f331aa7e8ac98
                                                                                • Instruction Fuzzy Hash: 6D3104B4D00208CFDB18CFA5D814ADEBBB2BF89304F10C52AD804AB768DB70580ACF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5A18, Relevance: .1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 207c0a612e3c53f2e750adda184bc0572d54e4829139ed3a05ced960843b0106
                                                                                • Instruction ID: ec13230aab4466935860c625af5a88be37e41a34bf710085e713d8b3b5f0c086
                                                                                • Opcode Fuzzy Hash: 207c0a612e3c53f2e750adda184bc0572d54e4829139ed3a05ced960843b0106
                                                                                • Instruction Fuzzy Hash: F83117B0D012489FDF10DFA9C594ADEBFF5AF48354FA4802AE409AB350DB749955CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CBDC1, Relevance: .1, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: df8de1598fa1c4f1a479d10aee75daa95e4576efbb872a57204b12068f4825d3
                                                                                • Instruction ID: f14a953e18b4d2f5beb60f1aea50e9ef97ffb1b7d5e9dbfc76620d59f975d51f
                                                                                • Opcode Fuzzy Hash: df8de1598fa1c4f1a479d10aee75daa95e4576efbb872a57204b12068f4825d3
                                                                                • Instruction Fuzzy Hash: 73318F34A10209DFCB14EF64C899EEDBFB5FF89301F04856DE502AB265DB749949CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9E88, Relevance: .1, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 484090ab28f03c611a956a2c5c8f1ed6fe7f41af941eb4772c9301a10ef6ebb0
                                                                                • Instruction ID: 0e87e0b5805c75f67b44e37c73e64e926490c9e64568c36d8b1216e15e4048ec
                                                                                • Opcode Fuzzy Hash: 484090ab28f03c611a956a2c5c8f1ed6fe7f41af941eb4772c9301a10ef6ebb0
                                                                                • Instruction Fuzzy Hash: 12218135B142008FDB14DB28C859FEA3BE6EF89700F1544BEE006EB3A2CA759D05CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CCE80, Relevance: .1, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ecb487f8c6b41ad8787c1ffba2544b43dbeb844d7b3163a562f9d5866a1f5bdf
                                                                                • Instruction ID: fb17976edc87cb9f3f9d188fdccb9693b85d91464973b18cef2d8a19f86d7a22
                                                                                • Opcode Fuzzy Hash: ecb487f8c6b41ad8787c1ffba2544b43dbeb844d7b3163a562f9d5866a1f5bdf
                                                                                • Instruction Fuzzy Hash: 4E2149B1D042089FCB10DFAAC844AAEFBF8EF49314F15846EE859A3300D774A905CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9510, Relevance: .1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ce4efb52970f5c59b032b5cbbe686529119ba02ffe1269fe251e4ddd3b45cd69
                                                                                • Instruction ID: bf82de6e391ef8ca371bb0bf172c809c8043bd50913358a91ceb8bf252dd1c3e
                                                                                • Opcode Fuzzy Hash: ce4efb52970f5c59b032b5cbbe686529119ba02ffe1269fe251e4ddd3b45cd69
                                                                                • Instruction Fuzzy Hash: 0F21AC75A002459FEB01EF69E804FEE77B9EB88310F004069E905E3290DB34DD05DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0E90, Relevance: .1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a92dfc9cc0fc20d6b57747bd355a67b3df998a21fef9d145ff9057226041a1ca
                                                                                • Instruction ID: aafb4f89a7a3a990f0c7eadfa60096d53c06fb17495eb47d75cb926a20e81dd1
                                                                                • Opcode Fuzzy Hash: a92dfc9cc0fc20d6b57747bd355a67b3df998a21fef9d145ff9057226041a1ca
                                                                                • Instruction Fuzzy Hash: 1331EF74A0010A9FCF40FFA4D451A9EB7B2FF85304F514828D509EB764DB746A1A9FE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A43C8, Relevance: .1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c25f89fc5db6d2f74b65679edd3c8d264bc942898ceaff4656e7aa7b84ed7096
                                                                                • Instruction ID: 5a50d7c397cf05436dcd826ac0573e55cd4038d21141655cf5c4d87785d29952
                                                                                • Opcode Fuzzy Hash: c25f89fc5db6d2f74b65679edd3c8d264bc942898ceaff4656e7aa7b84ed7096
                                                                                • Instruction Fuzzy Hash: AD31CFB4D012089FCB14DFA5E950AEEBBF2FB89304F209529D801A73A4DB356946CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA428, Relevance: .1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a00f8b55bcf353596b18945e696dc341d0cc6ab561d45fd8acde1e8f44b8cdd1
                                                                                • Instruction ID: 3008372cec8b65d72479527c4db1eefc6a0c25f69ad59d7e886c5d1c0f231361
                                                                                • Opcode Fuzzy Hash: a00f8b55bcf353596b18945e696dc341d0cc6ab561d45fd8acde1e8f44b8cdd1
                                                                                • Instruction Fuzzy Hash: A72107706042018FC711EF78C4198ABBBF6EF8520870584AAD106DB351EB71EC09CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C8BA8, Relevance: .1, Instructions: 80COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c390731593f29a4e4a148763a5afa2810077fa5ff62b9f7f57e31e6807e539f0
                                                                                • Instruction ID: 585f330ca66d07a7004a6c4549649de76466169a5109d37d15d06a3b31977149
                                                                                • Opcode Fuzzy Hash: c390731593f29a4e4a148763a5afa2810077fa5ff62b9f7f57e31e6807e539f0
                                                                                • Instruction Fuzzy Hash: F121D6756091555FD315A768C825B6E7BA6EFC6304F06C0AAE149DB7A2CE308C0A87B3
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CCFD8, Relevance: .1, Instructions: 79COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2c70e55c19fd1963f68c72308926478f979622e81dd76ae3ffb80fd7a1da66a0
                                                                                • Instruction ID: 50d785b7d36a5369483b7fadee5baf28719650d920635756cd6ad3ddfa00a6e6
                                                                                • Opcode Fuzzy Hash: 2c70e55c19fd1963f68c72308926478f979622e81dd76ae3ffb80fd7a1da66a0
                                                                                • Instruction Fuzzy Hash: E231EFB5D01208AFCF10CFA9D884ADEBBF5FB48310F14842AE919A7310D335A955CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A605F, Relevance: .1, Instructions: 79COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 13e2ffa79ab6e770ca4a34243535041d200c68bbe8aa104adcb95e6c9f0319c1
                                                                                • Instruction ID: 0147a8a582760c0666d4bb6ff5cbb997fffede64a1abfd96b8b56a4b27ca50a5
                                                                                • Opcode Fuzzy Hash: 13e2ffa79ab6e770ca4a34243535041d200c68bbe8aa104adcb95e6c9f0319c1
                                                                                • Instruction Fuzzy Hash: F021E775E152189BDB08CFAAD8905DDFBBBAFC9310F19D12AD408B7215DB3099468B50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C106A, Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 35150522cfe7798f59725bb156dbc3ae93bbb8b3d8dc899bc173b61a1fdce4cf
                                                                                • Instruction ID: 0426d4fe425af8123ba1049835b52fe3555ba4d53069072119e074736290020f
                                                                                • Opcode Fuzzy Hash: 35150522cfe7798f59725bb156dbc3ae93bbb8b3d8dc899bc173b61a1fdce4cf
                                                                                • Instruction Fuzzy Hash: A131F070A00216EFCB01DFA4D8589EEBBB2FFC9304F058519E101BB664DB74A94ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CDF18, Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7044aabeb3bb16ed53677b771dadf8888deff11f9ce696897704d4ff8db60e55
                                                                                • Instruction ID: 693382d643a6e4cdbfe0dcf8baf5098bd001754fbb3729d69de441970c4d3096
                                                                                • Opcode Fuzzy Hash: 7044aabeb3bb16ed53677b771dadf8888deff11f9ce696897704d4ff8db60e55
                                                                                • Instruction Fuzzy Hash: 0531DDB6D01249AFCF11CFA9D884ADEBBF5FB48310F14842AE819A7310D375A955CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA0DA, Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 577f475c49a8cf75f1b201ba2de7632a89bd2dde5b142fd483ef23725d28b154
                                                                                • Instruction ID: e3d8bf0df17bd2874829a552b62f3df17779bcc1ce8698480c04d332c191288c
                                                                                • Opcode Fuzzy Hash: 577f475c49a8cf75f1b201ba2de7632a89bd2dde5b142fd483ef23725d28b154
                                                                                • Instruction Fuzzy Hash: 5F2146B1A043514FD712DF3988546BFBFB6EFD9210716456EC454CB241DB348D05CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3790, Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 08c72830727346c19d191f2d5dc220d4546bdcb4ea32d01c0e825afd64020879
                                                                                • Instruction ID: d4d46b893babfb38d5fa32b5161338137330489039b6d3a9a6d7e8f76f92bafc
                                                                                • Opcode Fuzzy Hash: 08c72830727346c19d191f2d5dc220d4546bdcb4ea32d01c0e825afd64020879
                                                                                • Instruction Fuzzy Hash: 0E219271A10B059BD734DF39D492B16BBF5FB45710F148E2DE0A6CBA40D770EA048B92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3780, Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 629ca7fa798e6c1befa463a2fd296f5397912beb58ff2f1c89afccc3b3b89dee
                                                                                • Instruction ID: 635abb790cf40b00198a6f1b4fe1e821e0974b0734607348be11039b7a41880e
                                                                                • Opcode Fuzzy Hash: 629ca7fa798e6c1befa463a2fd296f5397912beb58ff2f1c89afccc3b3b89dee
                                                                                • Instruction Fuzzy Hash: 6721D571A14B419FD731CF38C492B16BBF1BB45310F148E2EE0A6CBA51D720EA058B92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A53C8, Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 50f0cdee550a0862810e00d245e638b6a6b96de4ed7ffe76341b9223d6e48388
                                                                                • Instruction ID: baaabe36d4d58d84bc96765ba94fc22d4fc18ecb79f2d51ea3b5e5ad890c6133
                                                                                • Opcode Fuzzy Hash: 50f0cdee550a0862810e00d245e638b6a6b96de4ed7ffe76341b9223d6e48388
                                                                                • Instruction Fuzzy Hash: 6B31F0B4D01208DFDB08DFA9D954A9EBBF2FB88305F548429E404BB360DB349846CF55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5889, Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e5c3d5dda6f8157b70bd9ca7613128adcabb12ca05d89b4c5e6e1b073ae49c26
                                                                                • Instruction ID: f959dd8ceb1163941a9ee8f51571a1ab1849910fb9656ed0b5271d28b2034543
                                                                                • Opcode Fuzzy Hash: e5c3d5dda6f8157b70bd9ca7613128adcabb12ca05d89b4c5e6e1b073ae49c26
                                                                                • Instruction Fuzzy Hash: 87215C307056108FC714AB38C454E2977EAEF86714B5684AEE50ACB3B2DB75EC42CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C1078, Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fa5a01a197a9a2089d2c98dd8d0a43664b2b79c12014dc1e9a50b17020066064
                                                                                • Instruction ID: 69fb18bb770f83a47e6856d61173ac7d92360074dc9a4acb3279a9249b1ef5c9
                                                                                • Opcode Fuzzy Hash: fa5a01a197a9a2089d2c98dd8d0a43664b2b79c12014dc1e9a50b17020066064
                                                                                • Instruction Fuzzy Hash: 9321F170A00209EFCB00AFA4D848D9EBBB2FFC9304F018519E101BB260DF74A949CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C196C, Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 411e9dd2d47f5ec89814d7644b9c48966764bbf3d84dd16e6c68f870d8fdd3d3
                                                                                • Instruction ID: a73d8a498149f3b1972bc7ade660be5f8e2f82cde1979f7b4f0e177cd66acbce
                                                                                • Opcode Fuzzy Hash: 411e9dd2d47f5ec89814d7644b9c48966764bbf3d84dd16e6c68f870d8fdd3d3
                                                                                • Instruction Fuzzy Hash: 7021C275E003168FDF05DBF88980AEEB7F6AFC8304B14852AD005E7351EB749A068BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CD4A0, Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8802305af88fb20ab57e0a889dd4b9d9bb55b5aac144640acc67a3e46d285cb5
                                                                                • Instruction ID: 3124527d254f87f67eaf5884f60f925da6ac1cda7913f876e7c277a4c6b9fa12
                                                                                • Opcode Fuzzy Hash: 8802305af88fb20ab57e0a889dd4b9d9bb55b5aac144640acc67a3e46d285cb5
                                                                                • Instruction Fuzzy Hash: AC213070B111508FDB196A398414F2E7B9BAFC6705B14447EF00ACB3A5CE76DC028796
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4521, Relevance: .1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0781ffbd13147067110c08ccce2bc873039527e1a0ad7b5af1b904bbcf6b16c7
                                                                                • Instruction ID: dfde915b30ed8dcb8ea7bb5e3288edd43f1267c19a2d67c000ee9921e1977d97
                                                                                • Opcode Fuzzy Hash: 0781ffbd13147067110c08ccce2bc873039527e1a0ad7b5af1b904bbcf6b16c7
                                                                                • Instruction Fuzzy Hash: FA217CB5D00209DFDB08CFA6D414ADEBBB2EF89304F10C52AC805AB768DB705406CE11
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5898, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4c29099ee7c5e34ab931db0947fe67cb678a839d103a5e300e656e1e1cd9ac6e
                                                                                • Instruction ID: 5e84cf957262810e705ee2360bbd0a6594b16b4dc2b83edd16c8323f9acdece8
                                                                                • Opcode Fuzzy Hash: 4c29099ee7c5e34ab931db0947fe67cb678a839d103a5e300e656e1e1cd9ac6e
                                                                                • Instruction Fuzzy Hash: F121FF307016108FD758AB29C454F2A73EAEF8571475685ADE50ACB361DB71EC42CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C41B4, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: de09c13d9c6f891ed833c986228a070723e473b2cddd7319c27e52066928e729
                                                                                • Instruction ID: 1d030c6af773599ec818a2ec46f2a22901c5a860863efd6b8063ef9619abccdf
                                                                                • Opcode Fuzzy Hash: de09c13d9c6f891ed833c986228a070723e473b2cddd7319c27e52066928e729
                                                                                • Instruction Fuzzy Hash: 70214975B002509FCB249F19D584F6A77AAFB88710F20442EF50687B55CB31FC41CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9609, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cf64447b5f26fcbf73a66c7a7083b3fb6e1732fc13b972f30403657203dccc51
                                                                                • Instruction ID: c1400a432a7ba7aaf922e1bc937925085dabb168c1d7d599c2a17f503266c726
                                                                                • Opcode Fuzzy Hash: cf64447b5f26fcbf73a66c7a7083b3fb6e1732fc13b972f30403657203dccc51
                                                                                • Instruction Fuzzy Hash: 80212535A10610CFCB149F68C598EA9B7E2FF88710F2544AAE406EB3B2CB759C05CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AF418, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 69473960efa0f05d77f52d91ac24a321e6a1b4a6aa69de2c049d29dfd0dadf67
                                                                                • Instruction ID: 0fa14ba34d5d4b2d04779a6f05f020b5428860d5acb06243fe1fd0dbc73086b0
                                                                                • Opcode Fuzzy Hash: 69473960efa0f05d77f52d91ac24a321e6a1b4a6aa69de2c049d29dfd0dadf67
                                                                                • Instruction Fuzzy Hash: 52219D747006018FDB00EB25E550AAF73E5EB60648F10402ACC05C7BA8FB75AA5F8F81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5F48, Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7f472976272dbf55ac7e1490780ae647673df8a7cc81186cc20f5590832fdf72
                                                                                • Instruction ID: 0b0920c31ba3ee70b8b790eb784247fe8847b7e2b23bc1097e536ce04db2543c
                                                                                • Opcode Fuzzy Hash: 7f472976272dbf55ac7e1490780ae647673df8a7cc81186cc20f5590832fdf72
                                                                                • Instruction Fuzzy Hash: 9321CF35A00245CFCB05DF64C444EAA7BB6EF89301F0584AAE906CB361DB35EC1ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC76A, Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fa91c2496ec0cdf8b8049e46e1b733a4938c3704e9ec35f1dcf6d50b6dca1d42
                                                                                • Instruction ID: e399b61607dfd0eccabf34247cf9b0708a732be6f2dc54a5bd9454866b4b0459
                                                                                • Opcode Fuzzy Hash: fa91c2496ec0cdf8b8049e46e1b733a4938c3704e9ec35f1dcf6d50b6dca1d42
                                                                                • Instruction Fuzzy Hash: C521BE716002018BD740EF29D890786F7E2EF99324F18C6BED909DB385DA74A94ACB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CA940, Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 986e550ec2a6381c4f9da87eaf01f81a0d4b233c0db5a59de5ea8b8c6af69d5f
                                                                                • Instruction ID: 29cd7dccacd06cc9cd120d4ddca2087cf26dafe47577926302a98e69b96bf4ef
                                                                                • Opcode Fuzzy Hash: 986e550ec2a6381c4f9da87eaf01f81a0d4b233c0db5a59de5ea8b8c6af69d5f
                                                                                • Instruction Fuzzy Hash: A911D231F00A198BCB15EB698842BAEB7F5EBC5714F05862ED115E7301DA749D4187C3
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5300, Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 45c86a18576997fc0aa8facc057cdabb1ef8ba566ae6e98dcc24c45d91603ce1
                                                                                • Instruction ID: feb4976edbe2f04752a025b0f907e78da73fb8e4ebd872d5bdcff2e014f84aeb
                                                                                • Opcode Fuzzy Hash: 45c86a18576997fc0aa8facc057cdabb1ef8ba566ae6e98dcc24c45d91603ce1
                                                                                • Instruction Fuzzy Hash: ED119335B005149FCB18DB69C854DAABBF9EF8D350B1680ADF909E7371DA21EC01CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A42B0, Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 58522134f96bf8289a8890c3411dfc205da26a498613b78a981d97e7b657b247
                                                                                • Instruction ID: 8770d1da887bb10542a511cc293d5e85d74a724b42a0e0460c6b0187781394ff
                                                                                • Opcode Fuzzy Hash: 58522134f96bf8289a8890c3411dfc205da26a498613b78a981d97e7b657b247
                                                                                • Instruction Fuzzy Hash: DD2116B4D012099FCB04DFAAE890AEEBBB2AF89304F10912AD405B7750EB345906CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC46B, Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8158043686a9e7862a508a8d8fbbd06c1c8edbe2007152e859f21fdc571f8788
                                                                                • Instruction ID: 98c6bb46886738e80e11a3c7899df456f0a4599761a40f50fc42f8b094db8567
                                                                                • Opcode Fuzzy Hash: 8158043686a9e7862a508a8d8fbbd06c1c8edbe2007152e859f21fdc571f8788
                                                                                • Instruction Fuzzy Hash: E12116B5D012499FCB10DFA9D484ADEFBF4FB48324F10846AE859A7340D375AA44CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AAB84, Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f1c71e417b5660fd5fe1945481d2aded3bdc06b500684ffd91840e3563e5ef55
                                                                                • Instruction ID: 7288f0048f0cc80943744b2f096abbd9f4a749042e9cd3a2fd86b4dcfacb5e4a
                                                                                • Opcode Fuzzy Hash: f1c71e417b5660fd5fe1945481d2aded3bdc06b500684ffd91840e3563e5ef55
                                                                                • Instruction Fuzzy Hash: 4B21A1716002168BD740EF2DC890686F7E2FF99324F14C67EE509EF385DA74A949CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA2B6, Relevance: .1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 194fa8a7cdf152652a88a8e5532fb991a4e19710836a922719277722b9528dca
                                                                                • Instruction ID: add1accbced521f2be0528d59a748e86ef8aa93abe01ae6c9617bc50939d3907
                                                                                • Opcode Fuzzy Hash: 194fa8a7cdf152652a88a8e5532fb991a4e19710836a922719277722b9528dca
                                                                                • Instruction Fuzzy Hash: 2B31C0B0D01228DFEB20DF99C594BCEBFF4AB48314F24805AE405BB240C7B55885CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A0438, Relevance: .1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b9c36c393fd07db87d9621fc92d859d9785016f7218a582e063fedeef6e6a2ab
                                                                                • Instruction ID: 205cb4386a30704a516e2885ec3502923e3fabb83938b9c02ff8474e1923108c
                                                                                • Opcode Fuzzy Hash: b9c36c393fd07db87d9621fc92d859d9785016f7218a582e063fedeef6e6a2ab
                                                                                • Instruction Fuzzy Hash: 1A212F74A0420A9FDB41FFA8D451AAE77B1FB81348F014D25D204DB2B9EB706D4ADFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AFE58, Relevance: .1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 772627bf3891bb6108bfed135dad371b2719c68702d753408da20593ae305714
                                                                                • Instruction ID: a955dbd52e66ac4d173927af5fa14af3df642c5c915fd13255ae464357a01802
                                                                                • Opcode Fuzzy Hash: 772627bf3891bb6108bfed135dad371b2719c68702d753408da20593ae305714
                                                                                • Instruction Fuzzy Hash: 2621BE31A00204DBCB14EF29D444BAAB7B2FF84315F14C52AE8199B761D736E985CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C02FF, Relevance: .1, Instructions: 67COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ced18f8b9d6d79dfe27f0c2fb43b09d36561fd1d96f505785095e3894cff6506
                                                                                • Instruction ID: 318b366dd9d4b5b13d2971462e4bee3e19cc03e99e9aa15748af7376e45949f6
                                                                                • Opcode Fuzzy Hash: ced18f8b9d6d79dfe27f0c2fb43b09d36561fd1d96f505785095e3894cff6506
                                                                                • Instruction Fuzzy Hash: D721F0327093508FE3218B24C8917867BF7FF95304F2488AAD185DBA91DF79A80ACB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA074, Relevance: .1, Instructions: 67COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5530837a686301774b3a26f6c8a52fd6ba26e2d8d44c64542b534b9bbddba165
                                                                                • Instruction ID: 2d030ac0ee8c344a82fbafd8404f014e8f298af33f8764635ad477ca7d8e8592
                                                                                • Opcode Fuzzy Hash: 5530837a686301774b3a26f6c8a52fd6ba26e2d8d44c64542b534b9bbddba165
                                                                                • Instruction Fuzzy Hash: 2C31A0B0D01268DFEB20DF99C598BDEBBF4AB48314F64805AE405BB340C7B55885CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC918, Relevance: .1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eea245a6694ee8fd05c69f415f537506e665c0097e1e97b96ec97f3844ce23ac
                                                                                • Instruction ID: b63c94dfa429a89dc1bd45403f06b330a4a32a3a438301dac1dbe1669261224c
                                                                                • Opcode Fuzzy Hash: eea245a6694ee8fd05c69f415f537506e665c0097e1e97b96ec97f3844ce23ac
                                                                                • Instruction Fuzzy Hash: 0921C331A007068BEB10AF68C850781B3B2FFD5324F11867AD958BF746EBB1B946C791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CD490, Relevance: .1, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9e28009dd44f5d1b2cc7a7274502c3f6181b0799d881469bfa5c1d9ca9204aca
                                                                                • Instruction ID: 8f85efbd1858a1f91846497d19ef1ce78837dba2fe32174484cae285c714d843
                                                                                • Opcode Fuzzy Hash: 9e28009dd44f5d1b2cc7a7274502c3f6181b0799d881469bfa5c1d9ca9204aca
                                                                                • Instruction Fuzzy Hash: F0115170B152904FCB49AA398820B6E7F97AFC670471444BEF006CB3A2CE35CD038796
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6EE7, Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bbe7eb2191fd3bc4f47be70ee9d2a18d29e8b55ebde510dfea75fce05de11cf2
                                                                                • Instruction ID: 3a7d17d36a91703a7f709faae01854925f3cef287b96a8c12f7183d79b0421b1
                                                                                • Opcode Fuzzy Hash: bbe7eb2191fd3bc4f47be70ee9d2a18d29e8b55ebde510dfea75fce05de11cf2
                                                                                • Instruction Fuzzy Hash: 3D210E71E0020A9FCB05DFA9C8849AFFBF5FF98300B11855AE419EB211E7709956CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A42C0, Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6866058a8bc8b79bd2288dd6e9bb5a01fd006421be662df07ebd1fa4ae1afa54
                                                                                • Instruction ID: e0d7dfb9f07c067c0665f19bb3c4e29b5fbe5dbe40922999d27964808f0a4535
                                                                                • Opcode Fuzzy Hash: 6866058a8bc8b79bd2288dd6e9bb5a01fd006421be662df07ebd1fa4ae1afa54
                                                                                • Instruction Fuzzy Hash: 0D21E574D012089FCB44DFAAE9905EEBBB2FF89304F10952AD405B7754EB346946CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA418, Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9461c778522edd29b7cf02bf5b7608136c9923c6ca0830b4ad12787980ca6fdb
                                                                                • Instruction ID: f8550719b6e6158f40e41765a60ea3f733fbf833d0f79953b6167fcf10bd4c3a
                                                                                • Opcode Fuzzy Hash: 9461c778522edd29b7cf02bf5b7608136c9923c6ca0830b4ad12787980ca6fdb
                                                                                • Instruction Fuzzy Hash: 1711E474A006058FC710EF68C4159AFBBF6EF94218701846AD516DB361EF70ED098B92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AABD4, Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4f6b564bbed2c276ab8cbdf44775433ff9b4afe98727299fc6d856cecbc13c3a
                                                                                • Instruction ID: 4c2b7ca33430be901658aa29ac28cd8e94f5083d0e2119230b20dad15ed1b7a7
                                                                                • Opcode Fuzzy Hash: 4f6b564bbed2c276ab8cbdf44775433ff9b4afe98727299fc6d856cecbc13c3a
                                                                                • Instruction Fuzzy Hash: F5219331A006168BEB10AF68C850786B3B2FF95318F11863AD9587B346DB71B945C790
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AFF28, Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c54ab5b84633f17549f6fc4071b64f4defa37839757e01398bc8373423881baf
                                                                                • Instruction ID: 7ccfd1a38a7f6ab67d21815d57f142602fc0a5d218cbc29a328ae15b41119dca
                                                                                • Opcode Fuzzy Hash: c54ab5b84633f17549f6fc4071b64f4defa37839757e01398bc8373423881baf
                                                                                • Instruction Fuzzy Hash: 38119E313042518F9B14AB29D894A6EB7E6EFC5214709042EF00BC7BA1DF31EC06CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C41D4, Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ec7138a566b0459be7b527edd099600a09d748ac89132f48157a18dfa5207065
                                                                                • Instruction ID: 2462e55b9d04f4f587b5a6719f09e776ef060c6f22e77d2d8c2aaec52f4ba4b6
                                                                                • Opcode Fuzzy Hash: ec7138a566b0459be7b527edd099600a09d748ac89132f48157a18dfa5207065
                                                                                • Instruction Fuzzy Hash: 6E21F175E0010A9F8F04DFADC8849AFFBF5FF98300B11855AE525E7211E770A951CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6538, Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e60b27e3e70a663136097c3166598d690400abb01a7ce7d97d687902a8cf5daf
                                                                                • Instruction ID: 1d2ca93142ec99e45ebf82090da7e02507063c0db9759ec645a40491f93c2512
                                                                                • Opcode Fuzzy Hash: e60b27e3e70a663136097c3166598d690400abb01a7ce7d97d687902a8cf5daf
                                                                                • Instruction Fuzzy Hash: 22114775B006908FCB248F19D584FAA77BABB88710F24442EF5468BB51C731FC42CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5F58, Relevance: .1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d659190f037a05b1c4d60efad86ca60fcecf9e1d2c38754aaff3083298bdf533
                                                                                • Instruction ID: ebd2b611f02fefbe58bff90086fd0bc43259d34ea87d2c9de11d8a27555c455a
                                                                                • Opcode Fuzzy Hash: d659190f037a05b1c4d60efad86ca60fcecf9e1d2c38754aaff3083298bdf533
                                                                                • Instruction Fuzzy Hash: 32216A35A00605CFCB04EF65C448EAABBBAEF88711F0580A9E906CB361DB35ED15CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AAB58, Relevance: .1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0d5d10ef5f957ea42e25aebc850a9859d2f993130e81b86ef37fb60c41630b75
                                                                                • Instruction ID: 39f4fa6217a5235fef675a6e995ae7cc01e6088e336c5b1d6adf4c23b00e9933
                                                                                • Opcode Fuzzy Hash: 0d5d10ef5f957ea42e25aebc850a9859d2f993130e81b86ef37fb60c41630b75
                                                                                • Instruction Fuzzy Hash: 332100B1D012099FCB10DFAAD484AEEFBF4EB48324F10842AE819B7340C374A944CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC5F8, Relevance: .1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 66ed81835cec35a91e644ca59af5b2688ded00b3ef9bbe52fa6183b4365a6993
                                                                                • Instruction ID: b1f05ed730eb3ac45feab13d7cf0b852cf62be8161b3bfd8bbb6793b46476fd1
                                                                                • Opcode Fuzzy Hash: 66ed81835cec35a91e644ca59af5b2688ded00b3ef9bbe52fa6183b4365a6993
                                                                                • Instruction Fuzzy Hash: 4A210674D00208DFDB44DFA9D894AEEB7B1BF99304F10A52AC411B7360DB349846CFA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A0448, Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 336af04fb2ba7d60fc417789469816d77b67d04b022050b5d94b7c83d913907d
                                                                                • Instruction ID: 76bd22329f8b116814a9baed61234baae72abf264762f54bf46d9f228f33d71c
                                                                                • Opcode Fuzzy Hash: 336af04fb2ba7d60fc417789469816d77b67d04b022050b5d94b7c83d913907d
                                                                                • Instruction Fuzzy Hash: DF211274A0010A9FDB40FFA8D454EAE7771FB80348F014D25D204DB2B8EB706A5EAFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE9C7, Relevance: .1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b05abea4aff7bbac3bbf7e051a8800fbcf5f5051bb0f682766584e0d055161f6
                                                                                • Instruction ID: d60fb83a93f5a891bffc401e187fc7e1c5774954dc013d2f6560878491a7bf05
                                                                                • Opcode Fuzzy Hash: b05abea4aff7bbac3bbf7e051a8800fbcf5f5051bb0f682766584e0d055161f6
                                                                                • Instruction Fuzzy Hash: 44113D71E042268FCB11DF68C8506ADFBB1BF8971171586AAC859FB211E730AD81CBD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4170, Relevance: .1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b432ce5024807fc63a6a97c2b8d2e624cf451abc7a16e2fe12b7b0cad36da5f5
                                                                                • Instruction ID: 55d2706124aca3967adfd31d3a700f5b68896da15c9d04758120f3ad8a496326
                                                                                • Opcode Fuzzy Hash: b432ce5024807fc63a6a97c2b8d2e624cf451abc7a16e2fe12b7b0cad36da5f5
                                                                                • Instruction Fuzzy Hash: 30113A71D1120ACFC740EFB4D86C2BEBBB1FB0A316F106869D01AA3295EB744981CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A7400, Relevance: .1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8ab51c93f06c001d244e54a5e9e6171b519b4fdda0c5c5576efb035fa4e25e98
                                                                                • Instruction ID: 9ad25c3f9f58c7813f29d731b401c32a52523548fb09cb58c81315607476ca05
                                                                                • Opcode Fuzzy Hash: 8ab51c93f06c001d244e54a5e9e6171b519b4fdda0c5c5576efb035fa4e25e98
                                                                                • Instruction Fuzzy Hash: D0112E31F002598FCB64EBB898215EFBAF6ABD8354B50417AC505E7740FB358D16CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5A40, Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a8061a4a7eb6043d6ca782589d33ce69f9fba06813bc4d76beafa42b96e4a2ee
                                                                                • Instruction ID: 375a5ad086ce72eb9306ae2b8a7d80dddb5891a797fe5481e284819f46b0a5f0
                                                                                • Opcode Fuzzy Hash: a8061a4a7eb6043d6ca782589d33ce69f9fba06813bc4d76beafa42b96e4a2ee
                                                                                • Instruction Fuzzy Hash: 80012271B086544FC718EB78881056F3AE6DFC5209F16C47ED10ACB385DE348D0283E2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0330, Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ef6640740e456b705e32b1e0e7ac08ae718a7a1c4dc3033a4d705c59be525359
                                                                                • Instruction ID: 20adc40d7ccc47a75b2044c01cb829bacf2491b7a4bc4289bc28e2b2471dbfab
                                                                                • Opcode Fuzzy Hash: ef6640740e456b705e32b1e0e7ac08ae718a7a1c4dc3033a4d705c59be525359
                                                                                • Instruction Fuzzy Hash: 3511C431B147109BE7209A69D851B5B77EBF7D8314F10882EE286C7B80CE79BC058B90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC608, Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 477901a56c974348f8b86c8b9568495363b31db1e411082b118db09fa2c32116
                                                                                • Instruction ID: 9dfe5cb92a36a1453b10faa4613485370bc0f74d15e575e5bc6ba4fa5b2aea0b
                                                                                • Opcode Fuzzy Hash: 477901a56c974348f8b86c8b9568495363b31db1e411082b118db09fa2c32116
                                                                                • Instruction Fuzzy Hash: A811E474D002088FDB54DFA9D894AEEB7B1BF89304F10A52AC415B7360DB349845CF64
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C65F0, Relevance: .1, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 094bcfb738eb857fddc0ea2d0d436c78867987c37ddc09eefe109e7db7c08b46
                                                                                • Instruction ID: 1a235217dcd4850147be8727d10c0964bda3b2df20a8c999b0f3d6696022b7bf
                                                                                • Opcode Fuzzy Hash: 094bcfb738eb857fddc0ea2d0d436c78867987c37ddc09eefe109e7db7c08b46
                                                                                • Instruction Fuzzy Hash: 53119E71A002499FCB01CF69D944BAEBFF8FF48700F044569E914C7262DB30DA11CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A65A2, Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e4a27788302b9272a232f32d04c6f2974b1424de7613e3c27f8620ce73570fb9
                                                                                • Instruction ID: 026a7b153efe97787a5d827768c19f4f87f4e341876fd682291bfe1f82dcb65e
                                                                                • Opcode Fuzzy Hash: e4a27788302b9272a232f32d04c6f2974b1424de7613e3c27f8620ce73570fb9
                                                                                • Instruction Fuzzy Hash: 6721B374A41218CFDB54DF64D894E99B7B1FF4A315F219199E409A7364CB30AD85CF04
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0B6C, Relevance: .1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f5fe0f49847e761e5ccc465b0f4417b293cdbb2a02305d5ed3e656a270045471
                                                                                • Instruction ID: b9c1bc768b9b0f39ee405906e5559c6d5c51dcb9ba1ad397bd3347cfd32ccfb3
                                                                                • Opcode Fuzzy Hash: f5fe0f49847e761e5ccc465b0f4417b293cdbb2a02305d5ed3e656a270045471
                                                                                • Instruction Fuzzy Hash: 40014220B0C3585FCB06EB7998505AEBFF9CF8A214B1588AFE449C7242EA244C1183A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE9D8, Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c46f180abbe991c37df1cc09db42b95226a612eddc4a32a85c94ebb815cf91e5
                                                                                • Instruction ID: ed9a506130f5ba50eddaeb21067fb8a22152c36b8572028b99532ecf0fd902af
                                                                                • Opcode Fuzzy Hash: c46f180abbe991c37df1cc09db42b95226a612eddc4a32a85c94ebb815cf91e5
                                                                                • Instruction Fuzzy Hash: 4111FE71E006268F8B15DF59C4406ADF7B5BF88710715866ED91AF7310E770AD41CBC1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C2A80, Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 499e081b424e64cd15f753312999ef9e57258551328fce483b7859f54903383a
                                                                                • Instruction ID: df6da56a57579c110f260e1af6abb9a35ccfb605c2005b261adfbcfe6f0aece2
                                                                                • Opcode Fuzzy Hash: 499e081b424e64cd15f753312999ef9e57258551328fce483b7859f54903383a
                                                                                • Instruction Fuzzy Hash: 4C1196303043115BD754BB68D015B9A76D7AB85718F10C91EE19ACF3C6CFFAA84A87E2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0A28, Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 67b63533a2d93cc4c9fcb70a283706694c217eb8b12d5df9d2ab91008d432707
                                                                                • Instruction ID: aead249688d2670f2a753a821fa9c23c09c58995fd1aa40e85d552b06afeb642
                                                                                • Opcode Fuzzy Hash: 67b63533a2d93cc4c9fcb70a283706694c217eb8b12d5df9d2ab91008d432707
                                                                                • Instruction Fuzzy Hash: 0211F3B1D046488FDB20DF9AC444B9EFBF8EB49324F14841AE819B7310D3B8A944CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0B7C, Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 090259a7f7a54dec3b9a5ffa1d0e496d9713247d2fcbcc080a6e01eb8668afa8
                                                                                • Instruction ID: 765c20fbe271f71d222e16d783456a90e5277c6f63f113e6674635d769cdd398
                                                                                • Opcode Fuzzy Hash: 090259a7f7a54dec3b9a5ffa1d0e496d9713247d2fcbcc080a6e01eb8668afa8
                                                                                • Instruction Fuzzy Hash: 1A11F6B1D046488FDB10DF9AC444B9EFBF8EB49324F14841AE415B7310D374A944CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3D70, Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 124fc1bbf87c26ce24383ebdf7035bb2c5e6a0f2b9c805aa8324d6ae483d8fb9
                                                                                • Instruction ID: c020d179dd84d4dcf6a4b60fd20062c9db6fdbb1463879a355c755bddc43dd55
                                                                                • Opcode Fuzzy Hash: 124fc1bbf87c26ce24383ebdf7035bb2c5e6a0f2b9c805aa8324d6ae483d8fb9
                                                                                • Instruction Fuzzy Hash: EF1184303043514FE754BB64C42579A77E3AB81318F14C95ED199CF2C6CFFA584A8BA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6600, Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7b23f2eb88e9a987577f109acedbc38a7775607e932b373adef75d772c997d20
                                                                                • Instruction ID: 1478c402b8fd9937f77ae47795e2120b1c5a3287cc6a6c9ecde7af96cb1643e2
                                                                                • Opcode Fuzzy Hash: 7b23f2eb88e9a987577f109acedbc38a7775607e932b373adef75d772c997d20
                                                                                • Instruction Fuzzy Hash: 9A113971A0060A9FCB15DF69D984EAEBBF9FF48710F004529E914D7251DB30DA11CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C1F88, Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d6b38051eade4038c0c492fa708247a53fd5a7691fe0dc7356497d3563570a42
                                                                                • Instruction ID: 1e2db253630b6b46b095544c7b8552365ebfae5cc35e17b660d5a6c48e7fede5
                                                                                • Opcode Fuzzy Hash: d6b38051eade4038c0c492fa708247a53fd5a7691fe0dc7356497d3563570a42
                                                                                • Instruction Fuzzy Hash: CC11B2B5D006498FDB10DFAAD544B9EFBF4AB88324F24C41AE455B7210D3B8A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0C4A, Relevance: .0, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8221cf24a346b0bbde033eb7694e5b638c2754786849d83a5e6a477ed77a9560
                                                                                • Instruction ID: 109077f8e74dc5ab72d45288fae8687738a9e2e3ae86bd4d92bc79a4b88859dd
                                                                                • Opcode Fuzzy Hash: 8221cf24a346b0bbde033eb7694e5b638c2754786849d83a5e6a477ed77a9560
                                                                                • Instruction Fuzzy Hash: 21118B70E44205CFDF24AFA4C414BADBAA1AF98308F20542DD406EA291DF784985DFE6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C7019, Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bfb0762adb56168b303e3710f05c74baf3d524c17a1cc2020fab5c97a846107
                                                                                • Instruction ID: 4c863b11b1434b8e8a4477bfc099762f3925bc57f6ae39c28a5cab2d0813a98a
                                                                                • Opcode Fuzzy Hash: 8bfb0762adb56168b303e3710f05c74baf3d524c17a1cc2020fab5c97a846107
                                                                                • Instruction Fuzzy Hash: 79019E307093404FDB25EB648860F6AB7AA9FD1310718887ED446CB262CF35DC06CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA080, Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0e3d99c1fd3e477c4042d46835c4f50465aa700ca8f681221256927df0c1e17f
                                                                                • Instruction ID: 3ed37cfdd3d28b4c40624cccdb303824fda18383a3acae4ed45c51a24c333060
                                                                                • Opcode Fuzzy Hash: 0e3d99c1fd3e477c4042d46835c4f50465aa700ca8f681221256927df0c1e17f
                                                                                • Instruction Fuzzy Hash: 6C1103B19042498FDB60DF9AD448BDEFBF4EB58324F10845AE519B7340D374A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4842, Relevance: .0, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8e040db64b943d60e47dd54e82ce20c610cc67ba4b80d6206dd5720b365d076f
                                                                                • Instruction ID: 17c574cae3895eb745efd88293635d276dc35b423cc66053e9db3c9d85284905
                                                                                • Opcode Fuzzy Hash: 8e040db64b943d60e47dd54e82ce20c610cc67ba4b80d6206dd5720b365d076f
                                                                                • Instruction Fuzzy Hash: AA018FB4D05288EFCB01DFA4E8547AEBBF0FF06304F1085AAD814A73A6D7704A45DB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C83F8, Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c888fe5c82fb3829ace4212c3b15e7802aa257a446adece3050e2c8d8beaf386
                                                                                • Instruction ID: 42df0ce4efb6742c57da504bd822e829a2ceb765cb949723d3843970434dd6e1
                                                                                • Opcode Fuzzy Hash: c888fe5c82fb3829ace4212c3b15e7802aa257a446adece3050e2c8d8beaf386
                                                                                • Instruction Fuzzy Hash: 62017C306056419FCB18EB68C454F57B7AAEF85315B15C8AED509CB672CF31EC0ACBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C24C8, Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: df622abd4519c3533de6a3eb2b6a05b59c406c6b336b42ac6102c621ea29bd0b
                                                                                • Instruction ID: ffb00fbd5e10cfd2fbbeee74fca2402d2df1c54c7efd3a4aaf40b6b1248c9b1a
                                                                                • Opcode Fuzzy Hash: df622abd4519c3533de6a3eb2b6a05b59c406c6b336b42ac6102c621ea29bd0b
                                                                                • Instruction Fuzzy Hash: 9701D630F082559FCF16A7B85861ABEBFB59FC5704F1400AEE104E7283CA210E12C7A7
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6F91, Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 40c0930c21f1ceac9b8696f25025bd5d70e26c677436ad405e73e42790412efb
                                                                                • Instruction ID: 97f70291a13409daf345460f9e8297c2bb56e0030ad239b96f057dfdf3344e23
                                                                                • Opcode Fuzzy Hash: 40c0930c21f1ceac9b8696f25025bd5d70e26c677436ad405e73e42790412efb
                                                                                • Instruction Fuzzy Hash: 1E0171306052418FC725EB28D864E66B7EAEF85714715C8BED40ACB665CB31EC06CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A7040, Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d8bd4fa71e1c66801a355e6a21d1d627be974eadb4c1c3cd4511650df7fd0e6d
                                                                                • Instruction ID: 4bfe2fc6544f563c9988dbffe50bb7f1052eb411e734161feb94a13ec41d852b
                                                                                • Opcode Fuzzy Hash: d8bd4fa71e1c66801a355e6a21d1d627be974eadb4c1c3cd4511650df7fd0e6d
                                                                                • Instruction Fuzzy Hash: DC112A74D01208DFDB44EFB8D845AAEBBB1FB88304F10956AD408E7354EB309A45DF55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC6C8, Relevance: .0, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 876277d18771a7707aa6c6c45680b3566dad819b2bb9636ce39036fddd043484
                                                                                • Instruction ID: 3a099a3fe59e557b29573f587ca276220faca9da756308b7b17a76d7abb59289
                                                                                • Opcode Fuzzy Hash: 876277d18771a7707aa6c6c45680b3566dad819b2bb9636ce39036fddd043484
                                                                                • Instruction Fuzzy Hash: 51110970A01108EFD704EFA9D594BDDB7F2EF99300F1581B98508AB265EB309E46DB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C7028, Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f817f2bbc84a4b6f61b5f698a61b45ac100162d45b0cce8104e91c3877e3fef7
                                                                                • Instruction ID: e7402fc865bb632e6a2ce90cfd46ec768754ea484dbb220d84fb6945c932f2e3
                                                                                • Opcode Fuzzy Hash: f817f2bbc84a4b6f61b5f698a61b45ac100162d45b0cce8104e91c3877e3fef7
                                                                                • Instruction Fuzzy Hash: B5014F307052008B9A28E765C461F2BB3EA9FC1714715C83D940ACB651DF31EC468BA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9320, Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 16c6c365647d9aa1a179e0fae16b8e3e74b38dec7b7e35e7ffddd9bb6e853e1d
                                                                                • Instruction ID: 5271260d0e01f7d52d60e7cdeea578dcb3d7df544f8a3cc4289bafb740714162
                                                                                • Opcode Fuzzy Hash: 16c6c365647d9aa1a179e0fae16b8e3e74b38dec7b7e35e7ffddd9bb6e853e1d
                                                                                • Instruction Fuzzy Hash: A201D6317082908FDB219B79DC5DF6A3BB8DF0670570544ADE046CB2A3DB24DC06D766
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6028, Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 795bdf1f554a0c53bc1e9d3ee22b8290bc61fe03776bbf2b697f3cd5de337243
                                                                                • Instruction ID: 4a1aa58a9f40b309ce71da352814860188caa2998304b07131b78dafd2496f78
                                                                                • Opcode Fuzzy Hash: 795bdf1f554a0c53bc1e9d3ee22b8290bc61fe03776bbf2b697f3cd5de337243
                                                                                • Instruction Fuzzy Hash: 57F0F4B4D41208DFCB10DBE5E4255AABB78FB16245F5005AADC0DA7211EF345C278A81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A0540, Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 72fa887d36f7aff9b8aa778d370755b2c03aaee912cca47592688c1634bba255
                                                                                • Instruction ID: 14e27eb7b73cfa2ff3874aea9a6752822db079bccf474a3c01f0d5c447d731af
                                                                                • Opcode Fuzzy Hash: 72fa887d36f7aff9b8aa778d370755b2c03aaee912cca47592688c1634bba255
                                                                                • Instruction Fuzzy Hash: 6A111574904209DFCB40EFA8C540A9EFBB1FF45304F108AAAD408AB316E7709E55EF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A3D34, Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 179b8c8fc7fcde035d1c10b95140f5c368f02c7142a638ea262a292f65f3646c
                                                                                • Instruction ID: 543411d46f86b2a7c88bd41b8bda35f8e251e295d5e74ba3d6d27ce2b1e29df6
                                                                                • Opcode Fuzzy Hash: 179b8c8fc7fcde035d1c10b95140f5c368f02c7142a638ea262a292f65f3646c
                                                                                • Instruction Fuzzy Hash: 62112D30A01108EFD704EFA9C594AEDB7F2FF99304F1595B99108A7265DB309E45DB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CA8A0, Relevance: .0, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b8adc76b5b285ee54bbabf9e55457f94309c484e7d82bd9d8516418a06ffd412
                                                                                • Instruction ID: df509591cd0edb0789cc881db5ab377249c0a169afbab2bb684a8f0430ab548f
                                                                                • Opcode Fuzzy Hash: b8adc76b5b285ee54bbabf9e55457f94309c484e7d82bd9d8516418a06ffd412
                                                                                • Instruction Fuzzy Hash: 46018134B155508FD7049B28D854E6977EAAFC9610B1A80FAE509CB3B2CE20DC02CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5417, Relevance: .0, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a1d3171238dcf81d46501b46b4972d4a5f1b0f86fe94b3af61f1d246016f13f4
                                                                                • Instruction ID: 161e1beb965022dd043d7c370e6551768201c4dd6cf0c76c5f797cdac3cd3932
                                                                                • Opcode Fuzzy Hash: a1d3171238dcf81d46501b46b4972d4a5f1b0f86fe94b3af61f1d246016f13f4
                                                                                • Instruction Fuzzy Hash: 46012430E08198AFCB04DFA9D890EDDBFF1AF49301F01806AE401E7361C631A950CB41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AF578, Relevance: .0, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fefdbc5944ea6218df3a3b2ea34fa1672d401034098e66604e8497af742bed89
                                                                                • Instruction ID: b29840372ccc493f649af43a54f1934672cd6be145dec602545d22713c91df30
                                                                                • Opcode Fuzzy Hash: fefdbc5944ea6218df3a3b2ea34fa1672d401034098e66604e8497af742bed89
                                                                                • Instruction Fuzzy Hash: FF017570A01204AFD704FFB5D441B5DB7B2EB81308F108868D505EB7A4EB316B199FA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C8408, Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 99862a3fc22ac30b103c36156abc5b77c2729ac6ed5f18cb524f06a80e3c47dc
                                                                                • Instruction ID: 9c247b18f9e1a9f87cb9620e5c56b7dca9f1dc51e80d53c6efca81b6d81efa66
                                                                                • Opcode Fuzzy Hash: 99862a3fc22ac30b103c36156abc5b77c2729ac6ed5f18cb524f06a80e3c47dc
                                                                                • Instruction Fuzzy Hash: DA0124306006018FCB28EB29C454E27B3EAEF85724B11C86ED509CB271DF71EC06CAA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6FA0, Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8d4fa7bec06a0d11daaaef4767737d9fb73b6f3356d641064078e985fa82338b
                                                                                • Instruction ID: 38c1072b19b1ccff82b21c53aa8a65c51e5a62d0f0a11dbab9f060f309948897
                                                                                • Opcode Fuzzy Hash: 8d4fa7bec06a0d11daaaef4767737d9fb73b6f3356d641064078e985fa82338b
                                                                                • Instruction Fuzzy Hash: A7016D307002108FDB24EB29D454E26B3EAEF85714B15C87DD509C7720CB72EC06CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A40B7, Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7b5300824bbaeadef2e5831eec8dd789594b0e452e25b258cb42960edfeb42f4
                                                                                • Instruction ID: b66a5f0f6d789cc2c0c9826cb96cd9ac98d7c18699a087fe1f3c36ab1ca870ec
                                                                                • Opcode Fuzzy Hash: 7b5300824bbaeadef2e5831eec8dd789594b0e452e25b258cb42960edfeb42f4
                                                                                • Instruction Fuzzy Hash: 08F028715092D54BCB05F76D88B42D97F7AAFA2268B4D00DAC6548B203E998091387E8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4161, Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7955a6088634e9bfed71cbab79709daa3228feb97f8fb0fe4ea7260a7ce191d4
                                                                                • Instruction ID: 26e540c32a166ef9c23f0a0444dea79deab6f393e5e139bd9d54959a64bdc26f
                                                                                • Opcode Fuzzy Hash: 7955a6088634e9bfed71cbab79709daa3228feb97f8fb0fe4ea7260a7ce191d4
                                                                                • Instruction Fuzzy Hash: E10128B0C052099FCB51DFA8D5187AEBBB4FB55305F1054AAC509B7281EB784A41CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C24D8, Relevance: .0, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fa43b2fa14e628739035d15b94f0b66edfe20ca7b6c4d1ccc1ef4fd47dc49426
                                                                                • Instruction ID: 053e20ff1380ff8c553cd9efbace9d785ae4027df2ca9d931cc5e728f4dd788d
                                                                                • Opcode Fuzzy Hash: fa43b2fa14e628739035d15b94f0b66edfe20ca7b6c4d1ccc1ef4fd47dc49426
                                                                                • Instruction Fuzzy Hash: B1F09671F00219AB8F15B7A95851FBFBBAADBC8714F10002CF509A7342DE301E1287D6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CFF60, Relevance: .0, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 58368004ae6df63c978d511025c41cd94e5775accddf6f1f2167d2c36ceef694
                                                                                • Instruction ID: e40de51448e4fb10b26252461d687e616d178b3a2c1b44545a3065a50339e35e
                                                                                • Opcode Fuzzy Hash: 58368004ae6df63c978d511025c41cd94e5775accddf6f1f2167d2c36ceef694
                                                                                • Instruction Fuzzy Hash: B7F0E561B0C2642B576862ED1C50B3F65DFEBCA7A8B25403EF209C7381DEA04C0283F2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AABA4, Relevance: .0, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c95f868cbefe591c82d874014f14e686342021177c1b9b0ad15fa79eae265953
                                                                                • Instruction ID: d92253fc0ceea8cf91d3cf4c18a8c53f4c07e8c18f85d609346d5410177bc8ee
                                                                                • Opcode Fuzzy Hash: c95f868cbefe591c82d874014f14e686342021177c1b9b0ad15fa79eae265953
                                                                                • Instruction Fuzzy Hash: CCF0443120521547F7106F6DC8A0B85B7A7FF95328F14467AEA08BF3C5DB75A84587A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC871, Relevance: .0, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 88c208056042ee53ac317bd50c7431a99e99b2f4f68c37c7da74a7d7bd355032
                                                                                • Instruction ID: af818c305fcd53d19c11dcc9045daeb7d868502d30bdfe9396b1b7d28a645215
                                                                                • Opcode Fuzzy Hash: 88c208056042ee53ac317bd50c7431a99e99b2f4f68c37c7da74a7d7bd355032
                                                                                • Instruction Fuzzy Hash: D501D17160520047E7106F6DC890B85B3A2EF95334F14437AEA18AF2C1DA79980587A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C4F88, Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5df1499153afa7cc6976749f600d8a2c8e08373999795d4964097c1437d4efe1
                                                                                • Instruction ID: c769898b423644f5bbf20cc5acb8ea4d57003fac92333f57ac20cc36400d6af1
                                                                                • Opcode Fuzzy Hash: 5df1499153afa7cc6976749f600d8a2c8e08373999795d4964097c1437d4efe1
                                                                                • Instruction Fuzzy Hash: 69F0A4306092509FCB29AB75985966DBBB6AFC2311B048CAEE046C7791CE359C46CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A0550, Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 75d6ef83419bdbd1239f54727aff2210ad34d32591e67bc9bd65e7672d6dd36e
                                                                                • Instruction ID: 6dbfa7c6c0368043545ad0dd798eed4d76fc4ad0c242b285a3b434181655f7a9
                                                                                • Opcode Fuzzy Hash: 75d6ef83419bdbd1239f54727aff2210ad34d32591e67bc9bd65e7672d6dd36e
                                                                                • Instruction Fuzzy Hash: D201A574E00209EFCB40EFA8D540A9EFBB1FB44308F109AA5D418A7315E770AE55EF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5D50, Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c6da4d8536e6b1b65b47f426c15f4388e82b74aa91f12cfbf74b4ce504a9cf9d
                                                                                • Instruction ID: a2f45ec0ff203fd49a5e0423448766e5e8a60816ba2ac178f9b6b7a32e3fe8e3
                                                                                • Opcode Fuzzy Hash: c6da4d8536e6b1b65b47f426c15f4388e82b74aa91f12cfbf74b4ce504a9cf9d
                                                                                • Instruction Fuzzy Hash: 17011E74900109AFDB44FFA8E551E5DB7B1FB80308F118D65D508DB278EB30AA5AAB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9330, Relevance: .0, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5f6ffef047f0bb75fc3359040e29b0bb4fe917e9b621997ad65caf24bfada57f
                                                                                • Instruction ID: 5b3a3670f0c86bbd7c6e0584385afcd7ec8943956af97dbd0782a31e17f6612e
                                                                                • Opcode Fuzzy Hash: 5f6ffef047f0bb75fc3359040e29b0bb4fe917e9b621997ad65caf24bfada57f
                                                                                • Instruction Fuzzy Hash: 21F0F0307006518FDB20AB69D80DF2A37ACEF09715705442CE10ACB2A1DF34EC01D7A6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4229, Relevance: .0, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1c64b10e40bd8ba8894ef6e4a2f956a9c3f119803759792c20e7386ed3ea4691
                                                                                • Instruction ID: ce66ace31b5ab36be269c8c7098c264a8ff363100e3b27860a67057ad574cac5
                                                                                • Opcode Fuzzy Hash: 1c64b10e40bd8ba8894ef6e4a2f956a9c3f119803759792c20e7386ed3ea4691
                                                                                • Instruction Fuzzy Hash: 49018CF5C05208EFDB00DFA5D4687DE7BB4EB15304F1040A9C500AB291D3B94A89DB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CA8B0, Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f1e79e85f6ae4173831a4282fea27f57c06f5d2d7b0d97d7b0539afbe920f13e
                                                                                • Instruction ID: 6db472f66635cd91d3f55a3d1130a86ff51e7f38c01003eef0ceb1584a95609d
                                                                                • Opcode Fuzzy Hash: f1e79e85f6ae4173831a4282fea27f57c06f5d2d7b0d97d7b0539afbe920f13e
                                                                                • Instruction Fuzzy Hash: B3F03034B104158FD704EB2DD858E2973DAEFC9714B1680BAE50DCB365CE61EC01CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4238, Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ed3455b27776878b42752317915c5061a97aa7ffbb87c405b0762488f0657e17
                                                                                • Instruction ID: 347b4395bda12df694105e7e7217187a4b0f5b7fbf65da30a0dcc5b3b16004c4
                                                                                • Opcode Fuzzy Hash: ed3455b27776878b42752317915c5061a97aa7ffbb87c405b0762488f0657e17
                                                                                • Instruction Fuzzy Hash: 2EF049B5D05208EFDB00EFA6D4187EEBBB4EB54304F1094BA8404AB385D7B94A89DB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C41F4, Relevance: .0, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 86abcb914ea791f2600a0832476b4f19c9338b71fa4d477a64e34273f7cbb07c
                                                                                • Instruction ID: 57d2f514625ad877991503aadc2865739270d6ff0d96b22484b0f975f6444841
                                                                                • Opcode Fuzzy Hash: 86abcb914ea791f2600a0832476b4f19c9338b71fa4d477a64e34273f7cbb07c
                                                                                • Instruction Fuzzy Hash: 1FF06D32D1410A8FDB60EFA8C8457ADBBF0FB04305F4489BAE418D3251E638DA159B81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5860, Relevance: .0, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7059b730cf3650e595359af8e2ab1db97382e0ed511ba89c9bbe040111863975
                                                                                • Instruction ID: e8827b75c55ec7dae5b5e9136d38e6cd7fe1c8bf16f8930bae4cb9e748358cd7
                                                                                • Opcode Fuzzy Hash: 7059b730cf3650e595359af8e2ab1db97382e0ed511ba89c9bbe040111863975
                                                                                • Instruction Fuzzy Hash: C3F0CA38641208EFC304DFA8D688D59B7F5FF0A315B2291D8E809AB332CB31EE40DA04
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5599, Relevance: .0, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b33bafb8d08fa493ae1dd46a8b03137afb9dfa86779e5a1e2a089d00322cb929
                                                                                • Instruction ID: 39030c3267cf1a5e1261bbb1003a26b6c2e4aba9e188143343461b06b02dd029
                                                                                • Opcode Fuzzy Hash: b33bafb8d08fa493ae1dd46a8b03137afb9dfa86779e5a1e2a089d00322cb929
                                                                                • Instruction Fuzzy Hash: FFF05E313596848FC3058B2DD894C557FF9AF8A61031A40EAE109CB373DA61DC12CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C4F98, Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8e65e28506dad74f95205fcdcb8219dbc69ac9b0ef5c8d2e235cbab13118bcd8
                                                                                • Instruction ID: 9418c8769fea065ef30c31152ffba9cbb9a47ced0add99dde4276d54e205bad1
                                                                                • Opcode Fuzzy Hash: 8e65e28506dad74f95205fcdcb8219dbc69ac9b0ef5c8d2e235cbab13118bcd8
                                                                                • Instruction Fuzzy Hash: 4CF05E30B042149BCB28AB65A859A6EB7AAEBC6315B004C6DF446C7390CE34AC41DBD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3CD0, Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 695dab46647d93217ce62b9b69333fd73e5ebfb51999d3f7221514a595adb966
                                                                                • Instruction ID: d74fb891f80f225d2eb3f202ec5a0bb0d032f2f5fc4ea1369b48157b7d30e719
                                                                                • Opcode Fuzzy Hash: 695dab46647d93217ce62b9b69333fd73e5ebfb51999d3f7221514a595adb966
                                                                                • Instruction Fuzzy Hash: 70F01731E006068FD71CDF6CE442B56BBE5FB05310B1149AAE029CF282D761E9C0CBE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A4860, Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 08b6384bb272983e395a43c34f4a89d8a788dc797fb58bdf8990d84e6680d1b1
                                                                                • Instruction ID: 27db35180bec612f849efdeb10697eb23cee2e5ed161581ae280408fdcd2dd0c
                                                                                • Opcode Fuzzy Hash: 08b6384bb272983e395a43c34f4a89d8a788dc797fb58bdf8990d84e6680d1b1
                                                                                • Instruction Fuzzy Hash: 0FF0F9B4D01248EFCB14EFA8E458BAEBBF0FB09309F10959AD814A3355D7709A45DB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C70A8, Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 786f567041f6996f311b1af336b16f139f0d37da12e8da30ce84375e9f9cf3e4
                                                                                • Instruction ID: 2a65194d9bf0016172f8830c3ac32e6041a1783e2f8014d4a5e41d329ba12647
                                                                                • Opcode Fuzzy Hash: 786f567041f6996f311b1af336b16f139f0d37da12e8da30ce84375e9f9cf3e4
                                                                                • Instruction Fuzzy Hash: 13F01D72D146498FDB60DF68C9457ACBBB0FB04300F4485BAD454D7692E6389A068B81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9E2F, Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1811d4c9ba1275dbf6e469d829c4fd8e1bb62a0da196da1a05ab9918a99e323b
                                                                                • Instruction ID: 512272ce3c89e8df79395e78bfa9d1024a143995dbf755ffdfa441b23a9d7a56
                                                                                • Opcode Fuzzy Hash: 1811d4c9ba1275dbf6e469d829c4fd8e1bb62a0da196da1a05ab9918a99e323b
                                                                                • Instruction Fuzzy Hash: 89F082317586408FC31687ACD858BA877A6AFC6711F2944FBD00DCB672CA619C45CB96
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3E70, Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7b46df08cc3e073b2ccb5c07a0ab2bdd19f27f2607749e24ac3b93d731fb4d81
                                                                                • Instruction ID: 33d65fb3c7504ce7ffd455870688a3d7624f874067419dbad49db266a3ed43f9
                                                                                • Opcode Fuzzy Hash: 7b46df08cc3e073b2ccb5c07a0ab2bdd19f27f2607749e24ac3b93d731fb4d81
                                                                                • Instruction Fuzzy Hash: AFF0D471A147048FDB18DF28D482A957BE9FB053587308D5EE41ACF301D766EE039B85
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC988, Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c086dc569e2da0e48557810d9b00b0a2b45d79afd660982759b4a5fe877f9d79
                                                                                • Instruction ID: 8b1eacf96ea376e388861eff0dba976416c428ae038b28a558d528d8b2bb03b0
                                                                                • Opcode Fuzzy Hash: c086dc569e2da0e48557810d9b00b0a2b45d79afd660982759b4a5fe877f9d79
                                                                                • Instruction Fuzzy Hash: FDE0DF61B4C2A01FC36152B82C15ABB2FA5CBC274130580BFE505CB282EC504C0283A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C040A, Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 39922a0710d2d2f5799c9c4ac6e3293bec793252fd4bf4c3337da7570ca20eec
                                                                                • Instruction ID: 1acc9f7dc713a898102f648c53b9ed2758d2af64a85c767e0d7300da76385f89
                                                                                • Opcode Fuzzy Hash: 39922a0710d2d2f5799c9c4ac6e3293bec793252fd4bf4c3337da7570ca20eec
                                                                                • Instruction Fuzzy Hash: 8BF0E231A083A58FCB11EBB8D8586CE7BB0FF85305F0489AAD445D7251D2345D09CB82
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE5A1, Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: adeacdd38cd52725dad63cf229cea095644f5fff3d3809215dbef1a2b5704e3c
                                                                                • Instruction ID: 70124ad5b004551d65747c70e42a6ea57c092728e99e5f90e70c9f40b8d21df3
                                                                                • Opcode Fuzzy Hash: adeacdd38cd52725dad63cf229cea095644f5fff3d3809215dbef1a2b5704e3c
                                                                                • Instruction Fuzzy Hash: 46F0A07268D3884FC7025A7858306E43FB28E5621031A00D7E084CF2B3E5284D47E765
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC8C8, Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 02165fa214c29405ff450a6c45abdc3de3c5d8fb1d3004c402d3f8820c2aad85
                                                                                • Instruction ID: 8f45dbc648ef1c098060123f67630b56236ce47baeae7df78b65a4930470b7ac
                                                                                • Opcode Fuzzy Hash: 02165fa214c29405ff450a6c45abdc3de3c5d8fb1d3004c402d3f8820c2aad85
                                                                                • Instruction Fuzzy Hash: 4FE065B1B047155B4730AF1A944491FBFF9EFD67203104A1EF49A83740CA30ED059BE6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CA851, Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e503488fd2b0f39ee79c911f77df871537560c4a8a2d5d8d1c0d58f6a086c58d
                                                                                • Instruction ID: b92043f23914f4339390e44a223c687a5bed2b056d72eaa125da13a513e9023e
                                                                                • Opcode Fuzzy Hash: e503488fd2b0f39ee79c911f77df871537560c4a8a2d5d8d1c0d58f6a086c58d
                                                                                • Instruction Fuzzy Hash: 97E02231B043585BCB29923A9424F3B27998BC5315F08887EE089CB1A2DA348C428793
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC4B0, Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 906ac1422f479a44836ee3706e599d6a3f10090d7981ea85b0ef4ebe9f423e09
                                                                                • Instruction ID: 90cd98ba5aeb309008bd4507053f6c6f7231620efbb9caceef63293394242b39
                                                                                • Opcode Fuzzy Hash: 906ac1422f479a44836ee3706e599d6a3f10090d7981ea85b0ef4ebe9f423e09
                                                                                • Instruction Fuzzy Hash: D4F0A77160C794CBE321BB74D814B5B7BA2EF42248F008CADD159CB2A2DB24AC05C763
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0CA5, Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 90b0bc814e8fe889a639e6faf556b57a85987841b50e01184948acd3cced5cc3
                                                                                • Instruction ID: 5e8cf0849892d1de0608f10da0ebc696a728aa32bbcbb951655e25f10745aa83
                                                                                • Opcode Fuzzy Hash: 90b0bc814e8fe889a639e6faf556b57a85987841b50e01184948acd3cced5cc3
                                                                                • Instruction Fuzzy Hash: EAF03070E44206CBDF14ABB5C414B9E76A6AF88308F10882DD406EA695DF7458459BD6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AF628, Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2b15530cc62a1dcb7416274cfb58ebd9970b5d946947862ba6cd0c794599d798
                                                                                • Instruction ID: 7e6a8cb9280fae1778129a051748fe86b1dc3f08450496a05b009c0bc86681f3
                                                                                • Opcode Fuzzy Hash: 2b15530cc62a1dcb7416274cfb58ebd9970b5d946947862ba6cd0c794599d798
                                                                                • Instruction Fuzzy Hash: 1CF082B0A052088FCB40FF79D41161EBBE6EB89208F51857EC509D7768EF35D9068BE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C26EA, Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3e44ab2a3832f57cb430adecfa6aa8282225d54c9b14655b6aa05bc6cf0be366
                                                                                • Instruction ID: a0db20c0e905ba11fa968d8d21bd378cbaa309e6eff5ac52cb98ce8df782fa44
                                                                                • Opcode Fuzzy Hash: 3e44ab2a3832f57cb430adecfa6aa8282225d54c9b14655b6aa05bc6cf0be366
                                                                                • Instruction Fuzzy Hash: 5AE01272F001159F9B58EAA99851A9FB7EA9BC4258F11C4AEA508D7101FA306D424790
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C9E40, Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a71b84087227ed201569ccef66ac75204e68d7449f2224123a7b9dd5d6fde129
                                                                                • Instruction ID: df788061cda38d3db27a12cf1eda45479b1eb5437820558987997064f9d2c6bc
                                                                                • Opcode Fuzzy Hash: a71b84087227ed201569ccef66ac75204e68d7449f2224123a7b9dd5d6fde129
                                                                                • Instruction Fuzzy Hash: 03F039317145108FC6249B9DE448BA973EAAFC9B11F2900BAE10DCB771CAA19C018785
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AC2D0, Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bcf5582291a297b8aeadfe432d09baa22372c226960dccc6c8161f72b8c93a9e
                                                                                • Instruction ID: d78c3948243ccfd61c7b5b66d561c16eeb56420202de44aedf312427109308dd
                                                                                • Opcode Fuzzy Hash: bcf5582291a297b8aeadfe432d09baa22372c226960dccc6c8161f72b8c93a9e
                                                                                • Instruction Fuzzy Hash: DFF0FF72D01219DFDB54CBC4C8A8BEEBBB2BB98714F20401BE406BB380D7745985CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A66B0, Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9ada548ae1c31101e1b0cc96d2426105ce8d45fe18b1d072f80cd97e012aef85
                                                                                • Instruction ID: 11339dd68ca74c9baa731b23eb633a81e7bae1442f92d9a2f4425b3268c30f62
                                                                                • Opcode Fuzzy Hash: 9ada548ae1c31101e1b0cc96d2426105ce8d45fe18b1d072f80cd97e012aef85
                                                                                • Instruction Fuzzy Hash: 9BE022B0A06144EBCB00DBC8F810BADBB3CE790214F04006BCA08E3141C73049568682
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CCA88, Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bcc3ed76b1d87bad8d31458345c69cb81425d3b3c1501eec73261e2e16788501
                                                                                • Instruction ID: d731cd41eb1381956a49a624280738069d9be4f90693d4ec9b0a6a626517dfd4
                                                                                • Opcode Fuzzy Hash: bcc3ed76b1d87bad8d31458345c69cb81425d3b3c1501eec73261e2e16788501
                                                                                • Instruction Fuzzy Hash: E7F0A0B5A08B508FC3319F69951051ABFB59EC2720345865FE0D5977A1CA34DD0ACBE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C72B8, Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cabfa3e654d10596387a910f38c90067bbc74cb3820e7b4d471d61ccea1530e9
                                                                                • Instruction ID: 7b79eab10cd3e55ce53e51d7db2784f99801642b875d8bb40266a5ece280b8c5
                                                                                • Opcode Fuzzy Hash: cabfa3e654d10596387a910f38c90067bbc74cb3820e7b4d471d61ccea1530e9
                                                                                • Instruction Fuzzy Hash: 97E01233615524878720DB98FC814B6F7EDEB956763288066E90CCAA16E27BDC53C7C0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C55A8, Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                                                • Instruction ID: 19e991e2850b5a5b1b9fe33d425d89d9b2d90714ea6d40cfebb7affa9873484a
                                                                                • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                                                • Instruction Fuzzy Hash: 11E0E5363604148FC714DB2ED848D59B7EDEF89A2131640BAF209CB372DE61EC028B90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C26F0, Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bfba40ab08ff174378a7766c4ce8ac61c01419abbb4946f762dd4ab5b62fae0e
                                                                                • Instruction ID: 88673a4a56e8b96f0de089fae4d121a8bee1bf9ba7dfbf220acbae8cd3844dcb
                                                                                • Opcode Fuzzy Hash: bfba40ab08ff174378a7766c4ce8ac61c01419abbb4946f762dd4ab5b62fae0e
                                                                                • Instruction Fuzzy Hash: 1EE04F72F001146B9B58EAA99C41AAFBAEECBC4258F11807EA508D3201FE30AD0147D1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CA860, Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0253d3db5b5e8529b4a7113151cab1585accf3326b646c54be2f83d61d031351
                                                                                • Instruction ID: 7636397290d61aaf66c60c73fc340ea037289e06283ede058b879e56789e5f92
                                                                                • Opcode Fuzzy Hash: 0253d3db5b5e8529b4a7113151cab1585accf3326b646c54be2f83d61d031351
                                                                                • Instruction Fuzzy Hash: DAE04F31B0021957DB29953B9454F7B769E9BC0725B04842DE11AC2250CE75DC4287A3
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CD3D0, Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 96075d0b300abe642b39d64d36130f8b9254c9f5c3c2ac6a9ccd127b373b9c74
                                                                                • Instruction ID: 64e8981a20120fe5ec97781d77a2e593ad02fe174fe67f837b082c5693cb18e6
                                                                                • Opcode Fuzzy Hash: 96075d0b300abe642b39d64d36130f8b9254c9f5c3c2ac6a9ccd127b373b9c74
                                                                                • Instruction Fuzzy Hash: 22E092353141509FC60663789828B5D7BA69FC661070980EBE009DB2B2CE604C038BA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C540E, Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b25930ece6e62183a4b16675055b7e1c22e2d909c1864115f905d42c3d400a91
                                                                                • Instruction ID: 0606314325b19cec35e861889aa8a52032f5349818e77077643e8c8958846fc8
                                                                                • Opcode Fuzzy Hash: b25930ece6e62183a4b16675055b7e1c22e2d909c1864115f905d42c3d400a91
                                                                                • Instruction Fuzzy Hash: ACE0E575B004049FCB08CF9DD884DAEB7F5FB8C264B2280A9E609D7321E671ED458A90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC4C0, Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 747edf032807bad2c5971143f5b93043a8630481ebf5d83879722edee0e163b0
                                                                                • Instruction ID: 34e46158a6343ec908a9118e756c27e1c24f559be120d2afb785b4925dab5a76
                                                                                • Opcode Fuzzy Hash: 747edf032807bad2c5971143f5b93043a8630481ebf5d83879722edee0e163b0
                                                                                • Instruction Fuzzy Hash: 47E0ED71604255C7E7247BB9D804F5B729AEB46258F00486CE51AC7251DB24E80187A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0418, Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cac232fda9a358d100f64dc266949b9132f15c119f24a02885f019a63537d201
                                                                                • Instruction ID: 1fe37df0118c97a7251d8ddfa48f443de9de651027d949fa597c1db9a858753a
                                                                                • Opcode Fuzzy Hash: cac232fda9a358d100f64dc266949b9132f15c119f24a02885f019a63537d201
                                                                                • Instruction Fuzzy Hash: 82E06D31E102199FCB50EAADD808ADFB7F8FF84315F044929D959D3344E774AA19CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C55E1, Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 40f392399143dafdf089eda791a579c6c11f3b16cc9dd9e7cb4e79dc351e6aea
                                                                                • Instruction ID: ece57df4d1fc1cec641fa330f25ebe7a639107d052e33afd7dfba9460c2cc716
                                                                                • Opcode Fuzzy Hash: 40f392399143dafdf089eda791a579c6c11f3b16cc9dd9e7cb4e79dc351e6aea
                                                                                • Instruction Fuzzy Hash: 22E0D83120D7911BC302B72CD45144BFBE5AFC215470A8DABE1C5CB127DA605D1B83A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC539, Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 71417d0a68a01ec08512e616451d8d743d8f96efee741cbd63ce6f903840a341
                                                                                • Instruction ID: 645b0bbc4e4927c4c29ca512ccee10c6f9c467237a63f832aeb49d3d3b0da6dc
                                                                                • Opcode Fuzzy Hash: 71417d0a68a01ec08512e616451d8d743d8f96efee741cbd63ce6f903840a341
                                                                                • Instruction Fuzzy Hash: C3E04F213493A10FC39612B81825A5B7AA69FC765971A41FFD605CB293DE514C0683E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA3BF, Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 686be7ef6ae0ff47f9ece6d1223cb554ec2480863615e86c45b58454fed4cc7c
                                                                                • Instruction ID: 61b37203265bfa9daaa6e8b66a139b1e79df775b2f3655f2672307adca746b37
                                                                                • Opcode Fuzzy Hash: 686be7ef6ae0ff47f9ece6d1223cb554ec2480863615e86c45b58454fed4cc7c
                                                                                • Instruction Fuzzy Hash: 73E092B5901109EFDB00FF60E982BAD77F5FB04200F1284A9E908D7250E7788E1BAB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C44A0, Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0462f8a12b2098bab407209857d968eee87039a0c5fa2c480a6dee4fd5130d19
                                                                                • Instruction ID: ef9977307dd6d495b46988a3ef5b2816ea89d1a869c153838d42e50e32d0c27b
                                                                                • Opcode Fuzzy Hash: 0462f8a12b2098bab407209857d968eee87039a0c5fa2c480a6dee4fd5130d19
                                                                                • Instruction Fuzzy Hash: C1E0C2327105110BCB28AB1DE814F6E739FEFC9B21B2840FAE405C77A6CE65CC028291
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0761, Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a738c10a2a7c1159e3a60292fdd6adb5289caa5b807d03ba64cc8ee8eab4f2f7
                                                                                • Instruction ID: e8e94d1d22e3fc75ee24e6318da37f8b548c9335c37771c5a7b28231caccb1ec
                                                                                • Opcode Fuzzy Hash: a738c10a2a7c1159e3a60292fdd6adb5289caa5b807d03ba64cc8ee8eab4f2f7
                                                                                • Instruction Fuzzy Hash: B4F0156484F7C59FCB03AF3089A44847F30AD0324031A88DFD088CA5BBD664581ADB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CD3E0, Relevance: .0, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b0f9edcc5bf2012222eaad351ec2ac584725d953c5b58cf734dbaca45dd59b68
                                                                                • Instruction ID: f6e6a6821ba004f2712e8915520f5cf9348eb91861613a755fe6b4f309b59aba
                                                                                • Opcode Fuzzy Hash: b0f9edcc5bf2012222eaad351ec2ac584725d953c5b58cf734dbaca45dd59b68
                                                                                • Instruction Fuzzy Hash: 77E0EC353105205F8645A76D9818F5EB7DE9BCAA21B05406AF50DD7362CE605C0247E6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB4B0, Relevance: .0, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 813a187c7927fcbe5c1bb9229969b9a80794a2d264e511a6b30e451833504392
                                                                                • Instruction ID: b1bcb6f7a4bb841bf586c5219e4040329dcd1ef5fbd4b8deb8bd673cb2e3d578
                                                                                • Opcode Fuzzy Hash: 813a187c7927fcbe5c1bb9229969b9a80794a2d264e511a6b30e451833504392
                                                                                • Instruction Fuzzy Hash: 5CE04F21B0D6904FC71B2334AC76B6CAB215E9662070D00EED04687293CA580C0687A7
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C269E, Relevance: .0, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2a2c5fe110ea85dff958d5f30ee1d53c50b8327a45b7a9e7790ce0f7de76c4e
                                                                                • Instruction ID: aa64e2b13d45f2c5dff6802ab7917b146eff7ca90431c7bbeabb0168d6a64dc5
                                                                                • Opcode Fuzzy Hash: c2a2c5fe110ea85dff958d5f30ee1d53c50b8327a45b7a9e7790ce0f7de76c4e
                                                                                • Instruction Fuzzy Hash: B2E0DF31D4010CEACF009F80E708BEDBB70FB45316F20042BE012B1550CB310984CFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC998, Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 52018dd28152c770bf7f3201393bbaab4796c28493cbc114936650d7981dcd90
                                                                                • Instruction ID: b75369f92e5cbd2b81baf0b6b12438c688c87208a3785d8f48336e798172f3a3
                                                                                • Opcode Fuzzy Hash: 52018dd28152c770bf7f3201393bbaab4796c28493cbc114936650d7981dcd90
                                                                                • Instruction Fuzzy Hash: 9DD0A762B101242F926022B96C05F3B76DEC7C6B66751403DF608C7380ED609C0103E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC548, Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8285d44500f14ec6c854089252808cac2d04242eaf155622f664bed9cc2d677a
                                                                                • Instruction ID: 9df9cb3d761b5aed01dbdc932118de13f06c88741e8f0c5dcb91068946007ac1
                                                                                • Opcode Fuzzy Hash: 8285d44500f14ec6c854089252808cac2d04242eaf155622f664bed9cc2d677a
                                                                                • Instruction Fuzzy Hash: 27D05B213442241746A422F91811A6F71CA9BC67A9B15003EE605C7345DD518C0243E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB648, Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 00b0cbcd71a09211436c3c61b57a8fd563fafdb3bdde26b6f0feafedd57251dd
                                                                                • Instruction ID: ea5b25700067390c7a4f517d9877f019b01a68913df6c5a190c0bb9ae29bfe4b
                                                                                • Opcode Fuzzy Hash: 00b0cbcd71a09211436c3c61b57a8fd563fafdb3bdde26b6f0feafedd57251dd
                                                                                • Instruction Fuzzy Hash: 3AE06D71950608EECB10EF38D884BC9BFB4FF21315F00C22AD819D6010E7309264CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C7302, Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6dd047c9bbd8d9ce18a7ed31d3bab274c4ffd62a598ee1ef871e478752baa679
                                                                                • Instruction ID: 16bec9885f521606700c858348204ca274c1952f2a9193008134ede1d2ab735b
                                                                                • Opcode Fuzzy Hash: 6dd047c9bbd8d9ce18a7ed31d3bab274c4ffd62a598ee1ef871e478752baa679
                                                                                • Instruction Fuzzy Hash: 60E0122590D3C08FD71257A8E954E447B65DB02311F46909BC4849B4A7C6249C869BA6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3E6E, Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fc9ea31e9ce69680c84f0420723e9a697ae8769b7ff75a07886c25445a4f3188
                                                                                • Instruction ID: 12e69a9fabf7cf797493d4bc2be89cee2753fb32239aa818fd82465eb407587d
                                                                                • Opcode Fuzzy Hash: fc9ea31e9ce69680c84f0420723e9a697ae8769b7ff75a07886c25445a4f3188
                                                                                • Instruction Fuzzy Hash: ABE08C346146008F8F14EF68D24295877A2EB80348334CC1AE006CF310D736DE039BC1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A40E4, Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7e9108fcc46a66c94a04f46f4fb0fb396505c27fba8464d40a18f310fb0c749a
                                                                                • Instruction ID: da4f0b50cb7cdc248d5a63d00d94d42f3970a4b23ff8f96c43244a9a015a2a1d
                                                                                • Opcode Fuzzy Hash: 7e9108fcc46a66c94a04f46f4fb0fb396505c27fba8464d40a18f310fb0c749a
                                                                                • Instruction Fuzzy Hash: 21D01222744539230515715F643087FA7DFEEE9628746042BF50DE3700CD989C5246E9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A5CC8, Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 13626c1b0d76419625255522e61eb799a9e0954c4f023bf60cfd34ae11bc0ec3
                                                                                • Instruction ID: 71777e405846473bf19b503cf104c7b250553fb31061a5f4776a080d65be52a3
                                                                                • Opcode Fuzzy Hash: 13626c1b0d76419625255522e61eb799a9e0954c4f023bf60cfd34ae11bc0ec3
                                                                                • Instruction Fuzzy Hash: 39E04F74901108EFD740EFE8E505B9E77A4FB40208F50095AD409E3215DB316E15EB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC478, Relevance: .0, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 56c162a2ccb431ae1dae9228f3563daf8a7b679921f8b7ae31a91f8cbad8004a
                                                                                • Instruction ID: 179b82786c11769325396f271c55015e58a26f92bb7c50fee0c64b837443537a
                                                                                • Opcode Fuzzy Hash: 56c162a2ccb431ae1dae9228f3563daf8a7b679921f8b7ae31a91f8cbad8004a
                                                                                • Instruction Fuzzy Hash: C8E0E23061D3C08FCB4A67B4083A6683BA19E8720530445FEE4828B2A7DE3A8942C722
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE5F1, Relevance: .0, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7bac22a1ecb80cb8392bddcd066d1f2176d77f510a18e8c2430446d048252c84
                                                                                • Instruction ID: 3565c9af0068917855f04dea973ca555eb89f9e11e7a6b301b574a630e0c1296
                                                                                • Opcode Fuzzy Hash: 7bac22a1ecb80cb8392bddcd066d1f2176d77f510a18e8c2430446d048252c84
                                                                                • Instruction Fuzzy Hash: 75D05E31A58264CFC7061BB5B8287BE3B58DF62791F09847AD442CB1A3DB388D41C3D6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024AA3D0, Relevance: .0, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dfc8c8a66a3ff54b4079881b5db056e3f722d1e362eb57807a9f04c03d041bcd
                                                                                • Instruction ID: 5caf63fb503ef9a4bb19fc71771844234b90c8d9bfcbca85f3459079a51b9602
                                                                                • Opcode Fuzzy Hash: dfc8c8a66a3ff54b4079881b5db056e3f722d1e362eb57807a9f04c03d041bcd
                                                                                • Instruction Fuzzy Hash: 25E08674A01109EF8B00FFA4E942D6D77F5EB48214B1145A9E804D3764DB355F19EF62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C3D40, Relevance: .0, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 892672a0be74f3d5ccc2739d87791397af61680738d09172b4366dbc5bbf5cea
                                                                                • Instruction ID: 254011f21f6d8e6f8b1f97c56a27835ad830a076027cceb2f8361a0aa64e2926
                                                                                • Opcode Fuzzy Hash: 892672a0be74f3d5ccc2739d87791397af61680738d09172b4366dbc5bbf5cea
                                                                                • Instruction Fuzzy Hash: 8CD05E317042240BC71967499020BDA76DA9BC9750F04806FE50A8B380C9A5AC0086D5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6679, Relevance: .0, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 362756152f0d3e3df0c8244c4c54ecbe59e0651b22fb97b7c4c7e21f86310ea1
                                                                                • Instruction ID: c319c20eca587ed88ab187bfae877d1ba69abffa14595640dae51908db6fce37
                                                                                • Opcode Fuzzy Hash: 362756152f0d3e3df0c8244c4c54ecbe59e0651b22fb97b7c4c7e21f86310ea1
                                                                                • Instruction Fuzzy Hash: 9ED05BF541E105ABD715DF95F41176E7F2CFB12204F05026789048B162EB36D85686C1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C83C8, Relevance: .0, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4503591c6e401267129ad99aa82e6f6367e4fd5b04e63d57345914cc44eb86c8
                                                                                • Instruction ID: 9e1ba285bc561bd747c6b138c5702eeddd343a329d79da0d8eee018ed56d0d91
                                                                                • Opcode Fuzzy Hash: 4503591c6e401267129ad99aa82e6f6367e4fd5b04e63d57345914cc44eb86c8
                                                                                • Instruction Fuzzy Hash: 43E01235209380AFC7439B748C61D953F619F6A300705D1DEF589CF197C1318457D721
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB4C0, Relevance: .0, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 240063bb082f761fe4a11d98b3d9f5c0eb8780d05206486fea14f51657d6b3ca
                                                                                • Instruction ID: 14d59d7492774ff8d4f7966d69634178640a2589bdfc05d2a80aec10800d009b
                                                                                • Opcode Fuzzy Hash: 240063bb082f761fe4a11d98b3d9f5c0eb8780d05206486fea14f51657d6b3ca
                                                                                • Instruction Fuzzy Hash: 98D0C972B1896513492E3259742AB7DB25A9BC6B60B09006EE40A87382DE981D0682DB
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB658, Relevance: .0, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5be718faae3b1ec178a4d80426821cf54690b177b4d3b64ebde88ae33be2cc81
                                                                                • Instruction ID: f2585525c2538db292979ca23278ca57481799132d6131040914bfb085ad7123
                                                                                • Opcode Fuzzy Hash: 5be718faae3b1ec178a4d80426821cf54690b177b4d3b64ebde88ae33be2cc81
                                                                                • Instruction Fuzzy Hash: CEE0EC3181060CDECB50EF74D5499997BF8EB15361F00C52AE819DA110E730D694DF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CFF20, Relevance: .0, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3b679470c0349bba98ba9bb7e1220f5d92034bfd301debc0fd6984c9c133d9ca
                                                                                • Instruction ID: 3cb03081cd347723a172a1a3586a6faf1f143f2a35a0f21e15fa25a0d63bd21a
                                                                                • Opcode Fuzzy Hash: 3b679470c0349bba98ba9bb7e1220f5d92034bfd301debc0fd6984c9c133d9ca
                                                                                • Instruction Fuzzy Hash: BDD017A444D3808FE306E770AC289B6BB7ADE82600306C0DF908A8B163CE24191AC721
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CDB88, Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4da7d61d36d2b6aec353d64b23b79456ade4022909c4c29c032aa434cbe10458
                                                                                • Instruction ID: 29789d25cb5eee4f6f7821a39cc5d8e6edb59caa1a378347e58d69209f452300
                                                                                • Opcode Fuzzy Hash: 4da7d61d36d2b6aec353d64b23b79456ade4022909c4c29c032aa434cbe10458
                                                                                • Instruction Fuzzy Hash: 6AD02B74A04141F6C700C7B0C692FB97F68DF41204F1441EFDC4455642EF359D16D792
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C2BC4, Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b8e6f8cbb59afed28022c6b68a0819b9fbcaa7a8b5d7643168163782b8ba2af7
                                                                                • Instruction ID: 9a509e431a6051188ceb9625f4d0f7ca7be5e672076751b00edf73a71cc89105
                                                                                • Opcode Fuzzy Hash: b8e6f8cbb59afed28022c6b68a0819b9fbcaa7a8b5d7643168163782b8ba2af7
                                                                                • Instruction Fuzzy Hash: 5CD05E315146098FE300BF2CD84586977B8FF05308B410995F105A7222EB21F9148646
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0FE8, Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c1919c5fbd3ec9ce9a6037780627ee90760ff416dd3a6648dabf9f79ce004cd0
                                                                                • Instruction ID: 6af5838d38ec1994e62054d269fefe91a7b9205a93dd6a87b8039648818eaff1
                                                                                • Opcode Fuzzy Hash: c1919c5fbd3ec9ce9a6037780627ee90760ff416dd3a6648dabf9f79ce004cd0
                                                                                • Instruction Fuzzy Hash: A9D0225530EAA0CFC3071BB0386408CBF309DC3092306C1C3C250CA292C2680907C3D6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE5C8, Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e0af2c798342a854e183bab381352700f0f4a04739dfcc3465c49ad0735d8007
                                                                                • Instruction ID: 5c9f9d94b9808470b5e66a0f05546aef8d514b5f751a23f1d177a2d14fefa614
                                                                                • Opcode Fuzzy Hash: e0af2c798342a854e183bab381352700f0f4a04739dfcc3465c49ad0735d8007
                                                                                • Instruction Fuzzy Hash: E3D0C9327405249F8604AA59D440CAA77A9EB99661301416AF905CB332CA71EC5197D5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CB611, Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7fe69172a605be2d3d1c982f6da6db5d439a473d86273181f1fe41553ad3d42b
                                                                                • Instruction ID: f9734dc49d6888f99041d09244554fd4fb2161c3d7f188acc24f14fc7e18f46f
                                                                                • Opcode Fuzzy Hash: 7fe69172a605be2d3d1c982f6da6db5d439a473d86273181f1fe41553ad3d42b
                                                                                • Instruction Fuzzy Hash: A4E01731150A058FD300EF28E881B99B7B0FF0520AF040194E1289B226E721E5258B54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CE600, Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 63ff3855cb533ff7e0a3251633ef7781e4c86ab6d6c7b417755536902e9dd24c
                                                                                • Instruction ID: 969f938eacf9cc7a8d953ef7f0d660f707786c117702f9387aafa45cbf9ae790
                                                                                • Opcode Fuzzy Hash: 63ff3855cb533ff7e0a3251633ef7781e4c86ab6d6c7b417755536902e9dd24c
                                                                                • Instruction Fuzzy Hash: DFD01231B101249BC7151E6AB808BBF779CEB51792F049039E90686281DB799D40D7D6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C2F50, Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 333abc3791042b5e093accdf4d7835fe3d6511b0d12c9ef6162c36395b1b8711
                                                                                • Instruction ID: 5c211660337008483de839c338e94cd2dc295fd63c9788a804f1b8a8d3967130
                                                                                • Opcode Fuzzy Hash: 333abc3791042b5e093accdf4d7835fe3d6511b0d12c9ef6162c36395b1b8711
                                                                                • Instruction Fuzzy Hash: 1CC08011B1C57013C716B35474512ED7B49C7C5664B81485FD01E47746DC850D6303EA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C5AC0, Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3d860073a0498069302782491a70bdb499cc21a91dc3be36b67b8b2f394db03d
                                                                                • Instruction ID: a73668dad172f4bb15b0bd42b159a7e01c8ee3f2a417b9d73b48b2ee75084d92
                                                                                • Opcode Fuzzy Hash: 3d860073a0498069302782491a70bdb499cc21a91dc3be36b67b8b2f394db03d
                                                                                • Instruction Fuzzy Hash: E0D0C9B29041008FC714EF289A8559E7BE6ABD4602F09D83AD4A6C2204EB3542169791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C03E0, Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d4ee48e27429e5f095a543028703dc9002b8e698dfb07cb7ea2319242c595669
                                                                                • Instruction ID: decd78d251c328c6636bc6ab707490c53d2d3b0d153e9acfe0a8072d8147ac5f
                                                                                • Opcode Fuzzy Hash: d4ee48e27429e5f095a543028703dc9002b8e698dfb07cb7ea2319242c595669
                                                                                • Instruction Fuzzy Hash: 67D0C77181DBD18FC727D73454511817FA15F43210756CDEFC4C58B557D0254856C751
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6038, Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4f3bcfa377b58cff7c330030280ad2dc7ce347ac8775703433ea531106ceef60
                                                                                • Instruction ID: 01aae2d567a7e0bd99da36bfa8bd0d25625bc6e38f72abc251c6e31ecb23db6f
                                                                                • Opcode Fuzzy Hash: 4f3bcfa377b58cff7c330030280ad2dc7ce347ac8775703433ea531106ceef60
                                                                                • Instruction Fuzzy Hash: F1D02235800208EFC300DFE8F819B2AB76CF306309F000159D80883251CB31AC51CA80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A66C0, Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b8b621bf783b5f67acd8b3534cbebf1dd98bb830717194a469e7724a359e5db9
                                                                                • Instruction ID: 4cbc8d6966d59dd4167f866cf07b1178c9ada2795e1c633089348245828f2eab
                                                                                • Opcode Fuzzy Hash: b8b621bf783b5f67acd8b3534cbebf1dd98bb830717194a469e7724a359e5db9
                                                                                • Instruction Fuzzy Hash: 1BC02270405108EBC700EFD8E810B2A736CE301208F00025E850853220CF316C81CA80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A6688, Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0ec01122946829b6ad0e8e6d0f4a956ed728fa899ce142908c555ab1222b52b6
                                                                                • Instruction ID: b73f409540054850d62ea117b7f6d94f40c1fe1fc89a0fd85dec7cc4b0051893
                                                                                • Opcode Fuzzy Hash: 0ec01122946829b6ad0e8e6d0f4a956ed728fa899ce142908c555ab1222b52b6
                                                                                • Instruction Fuzzy Hash: 46C0227441A10C9BC700EFD8E810B2A776CF301204F00026A880843220DB316C45CA80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CC488, Relevance: .0, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2afcd62a95bedc03cf4487bf57031e911c79fea3a499440ef0f6755a182aa92f
                                                                                • Instruction ID: be43c2b450af402b7c725927b372167a4542190851ba81184667cc3e630fc451
                                                                                • Opcode Fuzzy Hash: 2afcd62a95bedc03cf4487bf57031e911c79fea3a499440ef0f6755a182aa92f
                                                                                • Instruction Fuzzy Hash: 53C01230A003448BCF083B70502EB2D32A96FCA30A340087CA00A8B3A2EE3A8841C656
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C0D18, Relevance: .0, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 512410330d715c58c9ec9535a5d1338ef8fb43790bf94ba98ba00a10c6224027
                                                                                • Instruction ID: 43d447c72be517a8c15da7f9fe884a3d76205808e30751f4fe41a99c75c66672
                                                                                • Opcode Fuzzy Hash: 512410330d715c58c9ec9535a5d1338ef8fb43790bf94ba98ba00a10c6224027
                                                                                • Instruction Fuzzy Hash: F9E0E274D80209CFC700CFA4D598AADBBB0AF8C304F208459D006EB2A0CB746904CF60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009CFF30, Relevance: .0, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f1a5636f391aecde08ec02ca716653617d777b775cf4996b69a4efdad51ffe42
                                                                                • Instruction ID: f564983ca4d20fcfffcffecddbc156b0fada571f0f8bc74a8cd1105039fc7b0c
                                                                                • Opcode Fuzzy Hash: f1a5636f391aecde08ec02ca716653617d777b775cf4996b69a4efdad51ffe42
                                                                                • Instruction Fuzzy Hash: 1DC08CB1B041044F9708EB70AC0AE77B3DE8BC0200301C03DA00EC7112EE30AC02A290
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C2F58, Relevance: .0, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: defb31128e50ae11b914fdc972a39fff66a8cc59860dd19edbeb2ec61ca80903
                                                                                • Instruction ID: 0f8ccac0cece13435590ad992926bdc8c3be6d77992e42a9c8132b2382d906cb
                                                                                • Opcode Fuzzy Hash: defb31128e50ae11b914fdc972a39fff66a8cc59860dd19edbeb2ec61ca80903
                                                                                • Instruction Fuzzy Hash: C2B09B2171413413C905319D64117ED758DC7C5664FC1006BA50D97741DDC55C5103EE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024A73C8, Relevance: .0, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.468232907.00000000024A0000.00000040.00000001.sdmp, Offset: 024A0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4db9da97c5df98077f8d4cd3b6a4a933221800a754aa4b01d724ca02328e510c
                                                                                • Instruction ID: 8f256f17258055803244a8c1652493f9baea4304d8884b1e50251664aa239525
                                                                                • Opcode Fuzzy Hash: 4db9da97c5df98077f8d4cd3b6a4a933221800a754aa4b01d724ca02328e510c
                                                                                • Instruction Fuzzy Hash: 1CC080F645D2006DE7015745485574EBB09FF31200F154455D7C147030D716C0168603
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C83D8, Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b372c75740ec978fb5271d0ad9d583e0b282a2cbb9c22cd40a08634db0bbaf3d
                                                                                • Instruction ID: 30951546c98f4538c3cac868b8b0ca373060ace5e0c373c87dae635ef8721971
                                                                                • Opcode Fuzzy Hash: b372c75740ec978fb5271d0ad9d583e0b282a2cbb9c22cd40a08634db0bbaf3d
                                                                                • Instruction Fuzzy Hash: E9C08C76300208BFDB40AFD4C801E963BADAB68700F50D004FE080E342C232E8A2DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6508, Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1f6f25feaa83ca2a2a4a916b5a4b52038d83027966bb2ceaf044060dd3e0ae43
                                                                                • Instruction ID: 023d61735e3e9f4dd1c1d454414d0ae070536205f228a65c989c276a7cc7354a
                                                                                • Opcode Fuzzy Hash: 1f6f25feaa83ca2a2a4a916b5a4b52038d83027966bb2ceaf044060dd3e0ae43
                                                                                • Instruction Fuzzy Hash: 66D0C972210205AADB42AE51D802E09BB65BF58344F24D489FA840D561D37391A2DF41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009C6510, Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467622339.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 278ee812c12baa98c84d31928b32057a3bcb4d8bb478cfaac34aff7c4b1ea113
                                                                                • Instruction ID: 53d505f59c9dec169ea816c148910b706e123d134c2b25240704e6850e40ee5c
                                                                                • Opcode Fuzzy Hash: 278ee812c12baa98c84d31928b32057a3bcb4d8bb478cfaac34aff7c4b1ea113
                                                                                • Instruction Fuzzy Hash: C1C01232204108BBCB426A81C801E09BB2AAB64350F14C008FA040D162C2B39562AB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 0028400B, Relevance: 1.1, Instructions: 1083COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 71%
                                                                                			E0028400B(intOrPtr* __eax, signed int* __ebx, signed int __ecx, void* __edx, signed char* __edi, signed int __esi, void* __fp0) {
				signed char _t408;
				signed char _t409;
				signed int _t410;
				signed int _t412;
				signed int _t414;
				signed int _t416;
				signed int _t423;
				signed char _t425;
				signed char _t426;
				signed char _t427;
				signed char _t432;
				signed char _t433;
				signed char _t434;
				signed char _t435;
				signed char _t437;
				signed char _t438;
				signed char _t441;
				intOrPtr* _t443;
				signed char _t444;
				signed char _t445;
				intOrPtr* _t446;
				signed char _t447;
				signed char _t448;
				signed char _t449;
				intOrPtr* _t452;
				intOrPtr* _t454;
				signed int _t455;
				signed char _t456;
				signed int _t457;
				signed int _t604;
				signed char _t607;
				signed int _t608;
				signed int _t610;
				intOrPtr* _t611;
				signed char _t612;
				intOrPtr* _t613;
				intOrPtr* _t614;
				signed char _t616;
				signed char _t617;
				signed int _t618;
				intOrPtr* _t620;
				signed char _t623;
				signed char _t624;
				signed char _t625;
				intOrPtr* _t627;
				signed char _t629;
				intOrPtr* _t630;
				intOrPtr* _t632;
				signed char _t659;
				signed char _t660;
				signed char _t661;
				signed char _t662;
				signed char _t663;
				signed char _t664;
				signed char _t704;
				signed char _t705;
				signed char _t706;
				signed char _t707;
				signed char _t708;
				signed char* _t733;
				signed int _t734;
				signed int _t741;
				void* _t747;
				void* _t756;
				signed int _t788;
				intOrPtr _t790;
				signed char _t792;
				signed char _t794;
				void* _t798;
				signed char _t811;
				void* _t918;

				_t734 = __esi;
				_t733 = __edi;
				_t659 = __ecx;
				_t636 = __ebx;
				_push(ss);
				_t408 = __eax +  *__eax;
				 *__ebx = __ebx +  *__ebx;
				asm("outsd");
				_t704 = __edx + 1;
				 *_t408 =  *_t408 + _t408;
				_t409 = _t408 |  *_t408;
				_t918 = __fp0 +  *__edi;
				 *__edi =  *__edi - __ecx;
				 *_t704 =  *_t704 + __ecx;
				 *_t409 =  *_t409 + __ecx;
				_t410 = _t409 -  *_t409;
				do {
					 *_t410 =  *_t410 + _t410;
					_push(es);
					_t412 = (_t410 | 0x00000028) -  *(_t410 | 0x00000028);
					 *__esi =  *__esi + _t412;
					_push(es);
					asm("adc eax, [esi+edi*2]");
					_t414 = (_t412 | 0x00002c28) -  *(_t412 | 0x00002c28);
					 *((intOrPtr*)(__ebx + __esi * 2)) =  *((intOrPtr*)(__ebx + __esi * 2)) + _t414;
					 *__esi =  *__esi + (_t414 ^  *_t414);
					asm("adc eax, [0x91f0511]");
					_t416 = _t704;
					 *__ecx =  *__ecx + _t416;
					 *((intOrPtr*)((_t416 & 0x0fca7216) - 0x5e)) =  *((intOrPtr*)((_t416 & 0x0fca7216) - 0x5e)) + _t704;
					 *((intOrPtr*)(( *0xa20a0000 & 0x102e7218) - 0x5e)) =  *((intOrPtr*)(( *0xa20a0000 & 0x102e7218) - 0x5e)) + _t704;
					_t423 =  *0xa20a0000 & 0x103c721a;
					 *((intOrPtr*)(_t423 - 0x5e)) =  *((intOrPtr*)(_t423 - 0x5e)) + _t704;
					_t410 = _t423 & 0x25a2091b;
					asm("sbb al, 0x72");
					_t747 = _t747 - 1;
					asm("adc [eax], al");
				} while (_t410 < 0);
				_t425 = _t410 & 0x101c;
				 *((intOrPtr*)(_t425 - 0x5e)) =  *((intOrPtr*)(_t425 - 0x5e)) + _t704;
				 *((intOrPtr*)(_t704 + 0x6f0a0000)) =  *((intOrPtr*)(_t704 + 0x6f0a0000)) - _t425;
				_t426 = _t425 ^ 0x00000000;
				 *__esi =  *__esi + _t426;
				 *__ecx =  *__ecx + _t704;
				_t427 = _t426 + 0x107072;
				if(_t427 < 0) {
					L12:
					_t660 = _t659 |  *_t704;
					if(_t660 <= 0) {
						goto L16;
					} else {
						 *_t427 =  *_t427 + _t427;
						_t629 = _t427 + 0x25;
						goto L14;
					}
				} else {
					_t629 = _t427 -  *_t427;
					 *((intOrPtr*)(_t704 + __esi * 2)) =  *((intOrPtr*)(_t704 + __esi * 2)) + _t629;
					_push(0x28700010);
					asm("wait");
					 *_t629 =  *_t629 + _t629;
					_t661 = __ecx | __edi[0x34];
					 *_t629 =  *_t629 + _t629;
					_push(es);
					 *_t661 =  *_t661 + _t704;
					_t756 =  *_t661;
					L4:
					asm("adc [0x109872], eax");
					if(_t756 < 0) {
						L8:
						 *_t629 =  *_t629 + _t629;
						_t661 = _t661 | _t733[0x34];
						 *_t629 =  *_t629 + _t629;
						_push(es);
						 *_t704 =  *_t704 + _t661;
						 *_t661 =  *_t661 + _t629;
						asm("adc [eax], al");
						 *_t704 =  *_t704 + _t629;
						 *_t734 =  *_t734 + _t629;
						 *_t734 =  *_t734 + _t629;
						_t747 = _t747 - 1;
						 *_t733 =  *_t733 + _t661;
						 *_t629 =  *_t629 + _t629;
						 *_t629 =  *_t629 + _t629;
						asm("adc esi, [eax]");
						_t629 = _t629 +  *_t629;
						asm("aad 0x0");
						 *_t629 =  *_t629 + _t629;
						asm("adc [eax], eax");
						 *_t661 =  *_t661 + _t704;
						goto L9;
					} else {
						if(_t756 < 0) {
							L14:
							_t630 = _t629 - 0x367e2617;
							 *_t630 =  *_t630 + _t630;
							_t432 = _t630 + 0xfe;
							_push(es);
							 *0x250a0000 = _t432;
							 *((intOrPtr*)(_t636 + _t734 * 2)) =  *((intOrPtr*)(_t636 + _t734 * 2)) + _t432;
							asm("movsb");
							 *_t432 =  *_t432 + _t432;
							_t661 = _t660 |  *_t636;
							if(_t661 > 0) {
								 *_t432 =  *_t432 + _t432;
								_t632 = _t432 + 0x25 - 0x367e2617;
								 *_t632 =  *_t632 + _t632;
								_t427 = _t632 + 0xfe;
								_push(es);
								 *[ds:eax] =  *[ds:eax] + _t427;
								_push(es);
								if ( *[ds:eax] >= 0) goto L10;
								L16:
								 *0x250a0000 = _t427;
							}
						} else {
							asm("adc [eax], al");
							if(_t756 >= 0) {
								asm("wait");
								goto L8;
							}
							L9:
							 *((intOrPtr*)(_t734 + 0x2d)) =  *((intOrPtr*)(_t734 + 0x2d)) + _t636;
							 *_t629 =  *_t629 + _t629;
							 *0x0000007F =  *((intOrPtr*)(0x7f)) + _t704;
							_t427 = 0x10;
							 *_t734 =  *_t734 + 0x10;
							 *((intOrPtr*)(_t734 + 0x37)) =  *((intOrPtr*)(_t734 + 0x37)) + _t636;
							 *((intOrPtr*)(0x10)) =  *((intOrPtr*)(0x10)) + 0x10;
							 *0x7e26172d =  *0x7e26172d + _t427;
							 *[ss:eax] =  *[ss:eax] + _t427;
							_t629 = _t427 + 0xfe;
							_push(es);
							 *_t734 =  *_t734 + _t629;
							if( *_t734 >= 0) {
								goto L4;
							} else {
								 *_t629 =  *_t629 + _t629;
								_t427 = (_t629 |  *0x3780) + 0x73;
								asm("movsb");
								 *_t427 =  *_t427 + _t427;
								goto L12;
							}
						}
					}
				}
				asm("outsd");
				asm("cmpsb");
				 *_t432 =  *_t432 + _t432;
				_t433 = _t432 |  *_t432;
				_pop(es);
				asm("outsd");
				while(1) {
					asm("cmpsb");
					 *_t433 =  *_t433 + _t433;
					_t434 = _t433 |  *_t433;
					 *(_t733 - 0x5a) =  *(_t733 - 0x5a) | _t661;
					 *_t434 =  *_t434 + _t434;
					_t435 = _t434 |  *_t434;
					if(_t435 <= 0) {
						goto L23;
					}
					 *_t435 =  *_t435 + _t435;
					_t437 = _t435 + 0x72;
					asm("repne adc [eax], al");
					if(_t437 < 0) {
						L31:
						_t620 = _t437 + 0x25 - 0x367e2617;
						 *_t620 =  *_t620 + _t620;
						_t435 = _t620 + 0xfe;
						_push(es);
						_t661 = _t661 + 1;
						 *_t435 =  *_t435 + _t435;
						_push(es);
						if( *_t435 >= 0) {
							L25:
							 *0x7e26172d =  *0x7e26172d + _t435;
							 *[ss:eax] =  *[ss:eax] + _t435;
							_t433 = _t435 + 0xfe;
							_push(es);
							asm("aas");
							 *_t433 =  *_t433 + _t433;
							_push(es);
							if( *_t433 >= 0) {
								continue;
							} else {
								 *_t433 =  *_t433 + _t433;
								_t435 = (_t433 |  *0x3a80) + 0x73;
								asm("movsb");
								 *_t435 =  *_t435 + _t435;
								_t661 = _t661 |  *_t704;
								if(_t661 <= 0) {
									goto L33;
								} else {
									 *_t435 =  *_t435 + _t435;
									_t627 = _t435 + 0x25 - 0x367e2617;
									 *_t627 =  *_t627 + _t627;
									_push(es);
									_t435 = _t627 + 0xff;
									 *_t435 =  *_t435 + _t435;
									_push(es);
									if( *_t435 >= 0) {
										goto L22;
									} else {
										 *_t435 =  *_t435 + _t435;
										L29:
										 *_t704 =  *_t704 + _t661;
										_t437 = (_t435 & 0x00003b80) + 0x73;
										asm("movsb");
										 *_t437 =  *_t437 + _t437;
										_t661 = _t661 |  *_t636;
										if(_t661 > 0) {
											 *_t437 =  *_t437 + _t437;
											goto L31;
										}
									}
								}
							}
						} else {
							 *_t435 =  *_t435 + _t435;
							L33:
							_t623 = (_t435 |  *0x3c80) + 0x73;
							asm("movsb");
							 *_t623 =  *_t623 + _t623;
							_t661 = _t661 |  *(_t734 + _t623);
							asm("outsd");
							asm("movsd");
							 *_t623 =  *_t623 + _t623;
							_t624 = _t623 |  *_t623;
							_pop(es);
							asm("outsd");
							asm("movsd");
							 *_t624 =  *_t624 + _t624;
							_t625 = _t624 |  *_t624;
							 *(_t733 - 0x5b) =  *(_t733 - 0x5b) | _t661;
							 *_t625 =  *_t625 + _t625;
							_t437 = _t625 |  *_t625;
							_push(es);
							asm("outsd");
							asm("cmpsb");
							 *_t437 =  *_t437 + _t437;
						}
					} else {
						_push(es);
						 *_t437 =  *_t437 + _t437;
						_t435 = _t437 + 0x6f;
						asm("cmpsd");
						 *_t435 =  *_t435 + _t435;
						_t661 = _t661 |  *(_t661 + 0x28010000 + _t734 * 2);
						L22:
						 *((intOrPtr*)(_t435 + 0x6f0a0000)) =  *((intOrPtr*)(_t435 + 0x6f0a0000)) - _t661;
						_t435 = _t435 ^ 0x00000000;
						 *_t734 =  *_t734 + _t435;
						 *_t435 =  *_t435 + _t661;
						 *_t435 =  *_t435 ^ _t435;
						 *_t734 =  *_t734 + _t435;
						 *_t704 =  *_t704 + _t661;
						 *_t435 =  *_t435 + _t435;
						 *_t636 =  *_t636 + _t704;
						goto L23;
					}
					L34:
					 *_t704 =  *_t704 + _t661;
					 *_t733 =  *_t733 + _t437;
					asm("outsd");
					asm("cmpsb");
					 *_t437 =  *_t437 + _t437;
					_t438 = _t437 |  *_t437;
					 *(_t733 - 0x5a) =  *(_t733 - 0x5a) | _t661;
					 *_t438 =  *_t438 + _t438;
					asm("sbb esi, [eax]");
					_t441 = (_t438 |  *_t438) -  *(_t438 |  *_t438) + 0x8000;
					 *_t704 =  *_t704 + _t704;
					 *_t441 =  *_t441 + _t441;
					asm("adc [eax], eax");
					 *_t441 =  *_t441 + _t661;
					asm("stosb");
					 *_t441 =  *_t441 + _t441;
					_t705 = _t704 |  *(_t704 - 0x6f);
					asm("adc [eax], eax");
					if(_t705 < 0) {
						L37:
						_t57 = _t705 - 9;
						 *_t57 =  *(_t705 - 9) | _t705;
						_t788 =  *_t57;
						asm("adc [eax], eax");
						if(_t788 < 0) {
							goto L47;
						} else {
							asm("std");
							asm("adc [eax], eax");
							if (_t788 < 0) goto L44;
							while(1) {
								_pop(es);
								if(_t788 < 0) {
									continue;
								} else {
									asm("adc [eax], eax");
									goto L42;
								}
								goto L45;
							}
							goto L44;
						}
					} else {
						asm("adc eax, 0xa0a0000");
						_t636[0x1828000] = _t636[0x1828000] - _t661;
						 *0xb0a0000 =  *0xb0a0000 - _t705;
						_pop(es);
						 *_t733 =  *_t733 - _t661;
						 *_t705 =  *_t705 + _t661;
						 *((intOrPtr*)(_t734 - 0x54)) =  *((intOrPtr*)(_t734 - 0x54)) + _t636;
						 *_t441 =  *_t441 + _t441;
						_t708 = _t705 |  *(_t705 - 0x65);
						asm("adc [eax], eax");
						if(_t708 < 0) {
							L42:
							if(_t788 >= 0) {
								asm("wait");
								L44:
								 *_t441 =  *_t441 + _t441;
								 *_t441 =  *_t441 + _t441;
								_t616 = _t441 |  *_t441;
								_t708 = _t636 + _t705;
								_t661 = _t661 |  *(_t733 - 0x52) |  *_t616;
								_t617 = _t616 - 7;
								_t733[0x42] = _t733[0x42] | _t661;
								 *_t617 =  *_t617 + _t617;
								_t618 = _t617 |  *_t617;
								_t918 = _t918 +  *_t618;
								asm("ficom word [esi]");
								_t441 = _t618 | 0x002c7e00;
								 *((intOrPtr*)(_t661 + _t661)) =  *((intOrPtr*)(_t661 + _t661)) + _t441;
								asm("outsd");
								asm("sbb [eax], al");
								 *_t708 =  *_t708 + _t661;
							}
							L45:
							asm("outsd");
							asm("sbb eax, [eax]");
							 *_t734 =  *_t734 + _t441;
							 *_t441 =  *_t441 + _t441;
							asm("fiadd word [eax]");
							_t447 = _t441 -  *_t661;
							asm("sbb al, 0x0");
							 *_t708 =  *_t708 + _t447;
							 *_t636 = _t636 +  *_t636;
							 *_t447 =  *_t447 + _t447;
							_pop(_t636);
							 *_t636 =  *_t636 + _t661;
							 *_t447 =  *_t447 + _t447;
							 *_t447 =  *_t447 + _t447;
							 *_t447 =  *_t447 + _t447;
							 *_t447 =  *_t447 + _t447;
							_push(0x12160069);
							 *_t447 =  *_t447 + _t447;
							 *_t636 = _t636 +  *_t636;
							 *_t636 =  *_t636 ^ _t447;
							 *_t741 =  *_t741 + _t661;
							 *_t447 =  *_t447 + _t447;
							asm("adc eax, [eax]");
							 *_t661 =  *_t661 + _t708;
							_t64 = _t708 + 1;
							 *_t64 =  *(_t708 + 1) + _t708;
							_t790 =  *_t64;
							asm("adc al, [eax]");
							if(_t790 >= 0) {
								 *_t661 =  !( *_t661);
								 *((intOrPtr*)(_t447 + 0x17)) =  *((intOrPtr*)(_t447 + 0x17)) + _t708;
								asm("invalid");
								L47:
								if (_t790 <= 0) goto L48;
								 *_t661 =  *_t661 + _t441;
								_t733[0x140a0000] = _t733[0x140a0000] - _t661;
								 *_t636 =  *_t636 + 1;
								_t443 = (_t441 |  *_t734) - 0x2f;
								 *((intOrPtr*)(_t734 - 0x54)) =  *((intOrPtr*)(_t734 - 0x54)) + _t636;
								 *_t443 =  *_t443 + _t443;
								_t706 = _t705 |  *(_t705 - 0x65);
								asm("adc [eax], eax");
								if(_t706 < 0) {
									L53:
									_pop(es);
									_t444 = _t443 - 7;
									_pop(es);
									asm("outsd");
									_t706 = _t706 + 1;
									 *_t444 =  *_t444 + _t444;
									_t445 = _t444 |  *_t444;
									_t918 = _t918 +  *_t445;
									_t443 = _t445 -  *_t445;
								} else {
									asm("outsd");
									do {
										asm("lodsd");
										 *_t443 =  *_t443 + _t443;
										_t661 = _t661 |  *_t636;
										 *_t733 =  *_t733 + _t443;
										_t792 =  *_t733;
									} while (_t792 < 0);
									asm("adc [eax], eax");
									if(_t792 >= 0) {
										asm("outsd");
										_t443 = 0;
										 *_t706 =  *_t706 + _t661;
										 *0 =  *0;
										asm("fimul word [ebx]");
										goto L53;
									}
								}
								 *_t443 =  *_t443 + _t443;
								 *_t661 =  *_t661 + _t443;
								asm("adc [eax], al");
								 *_t706 =  *_t706 + _t443;
								 *_t733 =  *_t733 + _t661;
								 *_t661 =  *_t661 + _t706;
								_t446 = _t443 + 1;
								 *_t636 =  *_t636 + _t661;
								 *_t446 =  *_t446 + _t446;
								 *_t446 =  *_t446 + _t446;
								asm("sbb esi, [eax]");
								_t447 = _t446 +  *_t446;
								_pop(_t707);
								 *_t447 =  *_t447 + _t447;
								 *((intOrPtr*)(_t447 + _t447)) =  *((intOrPtr*)(_t447 + _t447)) + _t707;
								 *_t661 =  *_t661 + _t707;
								 *_t447 =  *_t447 + _t447;
								 *((intOrPtr*)(_t661 + 0x6f0a0000)) =  *((intOrPtr*)(_t661 + 0x6f0a0000)) - _t661;
								asm("stosb");
								 *_t447 =  *_t447 + _t447;
								_t708 = _t707 |  *(_t707 - 0x6f);
								_t794 = _t708;
							}
						} else {
							asm("outsd");
							asm("lodsd");
							 *_t441 =  *_t441 + _t441;
							_t661 = _t661 |  *(_t441 + _t441);
							goto L37;
						}
					}
					_t448 = _t661;
					_t662 = _t447;
					asm("adc [eax], eax");
					if(_t794 >= 0) {
						asm("adc eax, 0xa0a0000");
						 *((intOrPtr*)(_t662 + 0x60a0000)) =  *((intOrPtr*)(_t662 + 0x60a0000)) - _t708;
						 *((intOrPtr*)(_t708 + 0xb0a0000)) =  *((intOrPtr*)(_t708 + 0xb0a0000)) - _t708;
						_pop(es);
						_t636[0x1828000] = _t636[0x1828000] - _t662;
						 *0x280a0000 =  *0x280a0000 - _t708;
						_t636 = 0;
						 *_t708 =  *_t708 + _t662;
						 *_t448 =  *_t448 + _t662;
						asm("stosd");
						 *_t448 =  *_t448 + _t448;
						_t662 = _t662 |  *_t448;
					}
					 *_t733 =  *_t733 - _t662;
					 *_t708 =  *_t708 + _t662;
					 *_t448 =  *_t448 + _t448;
					asm("ficom word [esi]");
					_t449 = _t448;
					if(_t449 > 0) {
						 *_t449 =  *_t449 + _t449;
						_t613 = _t449 + 8;
						asm("outsd");
						asm("sbb [eax], al");
						 *_t708 =  *_t708 + _t662;
						asm("outsd");
						asm("sbb [eax], al");
						 *_t734 =  *_t734 + _t613;
						 *_t613 =  *_t613 + _t613;
						asm("fiadd word [eax]");
						_t614 = _t613 -  *_t613;
						 *_t662 =  *_t662 + _t614;
						asm("adc [eax], al");
						 *_t614 =  *_t614 + _t614;
						 *_t662 =  *_t662 + _t614;
						 *((intOrPtr*)(_t708 + 0x43)) =  *((intOrPtr*)(_t708 + 0x43)) + _t614;
						 *_t734 =  *_t734 + _t708;
						asm("adc al, [eax]");
						 *_t662 =  *_t662 + _t614;
						asm("adc esi, [eax]");
						_t449 = _t614 +  *_t614 &  *(_t614 +  *_t614);
						 *_t449 =  *_t449 + _t449;
					}
					 *_t734 =  *_t734 + _t662;
					 *_t449 =  *_t449 + _t449;
					_t798 =  *_t449;
					while(1) {
						asm("adc [eax], eax");
						if(_t798 >= 0) {
							asm("adc al, [eax]");
						}
						 *((intOrPtr*)(_t449 + 0x72)) =  *((intOrPtr*)(_t449 + 0x72)) + _t708;
						 *_t662 =  !( *_t662);
						 *((intOrPtr*)(_t449 + 0x14)) =  *((intOrPtr*)(_t449 + 0x14)) + _t708;
						_t733[0x140a0000] = _t733[0x140a0000] - _t662;
						 *_t636 =  *_t636 + 1;
						 *_t733 =  *_t733 + _t708;
						_t452 = (_t449 |  *_t734) - 5 + 0x16;
						_t741 = _t741 |  *_t636 |  *_t636;
						 *_t733 =  *_t733 + _t452;
						asm("sbb esi, [eax]");
						_t449 = _t452 -  *_t452 +  *((intOrPtr*)(_t452 -  *_t452));
						 *_t449 =  *_t449 + _t449;
						asm("adc eax, 0x110000");
						_t636[0x1c828000] = _t636[0x1c828000] - _t662;
						 *((intOrPtr*)(_t449 + 0x28)) =  *((intOrPtr*)(_t449 + 0x28)) + _t708;
						asm("adc eax, 0xa0a0000");
						_push(es);
						 *_t733 =  *_t733 - _t662;
						 *_t708 =  *_t708 + _t662;
						 *_t734 =  *_t734 + _t449;
						if( *_t734 >= 0) {
							continue;
						} else {
							 *_t449 =  *_t449 + _t449;
							_t663 = _t662 |  *_t636;
							 *_t733 =  *_t733 + _t449;
							if( *_t733 > 0) {
								 *_t449 =  *_t449 + _t449;
								_t611 = _t449 + 0x6f;
								 *_t708 =  *_t708;
								 *_t611 =  *_t611 + _t611;
								asm("fimul word [ebx]");
								_pop(es);
								_t612 = _t611 - 7;
								_pop(es);
								asm("outsd");
								_t708 = _t708 + 1;
								 *_t612 =  *_t612 + _t612;
								_t449 = _t612 |  *_t612;
								asm("fsubr qword [edx]");
								 *0 =  *0 + _t449;
								asm("adc [eax], al");
								 *_t708 =  *_t708 + _t449;
								 *_t733 = _t636 +  *_t733;
								 *_t449 =  *_t449 + _t708;
								asm("das");
								 *_t636 =  *_t636;
								 *_t449 =  *_t449 + _t449;
								break;
							}
						}
						L67:
						 *((intOrPtr*)(_t449 + _t449)) =  *((intOrPtr*)(_t449 + _t449)) - _t708;
						 *_t708 =  *_t708 + _t663;
						 *_t708 =  *_t708 + _t663;
						 *_t449 =  *_t449 + _t449;
						 *_t636 =  *_t636 + _t708;
						 *_t708 =  *_t708 ^ _t449;
						 *_t733 =  *_t733 + _t708;
						 *_t449 =  *_t449 + _t449;
						 *_t449 =  *_t449 + _t449;
						 *_t449 =  *_t449 + _t449;
						_pop(ds);
						asm("adc [eax], ch");
						 *_t449 = _t449;
						 *_t708 =  *_t708 + _t663;
						 *_t733 =  *_t733 & 0x00000000;
						 *((intOrPtr*)(_t636 + _t636)) =  *((intOrPtr*)(_t636 + _t636)) + _t449;
						 *((intOrPtr*)(_t449 - 0x7ff60000)) =  *((intOrPtr*)(_t449 - 0x7ff60000)) - _t663;
						 *_t449 =  *_t449 - _t449;
						_t733[_t636] = _t733[_t636] + _t449;
						asm("daa");
						 *((intOrPtr*)(_t449 - 0x7ff60000)) =  *((intOrPtr*)(_t449 - 0x7ff60000)) - _t663;
						 *_t449 =  *_t449 - _t449;
						 *((intOrPtr*)(_t708 + _t734 * 2)) =  *((intOrPtr*)(_t708 + _t734 * 2)) + _t449;
						 *0x80700012 = _t449;
						_t454 = _t449 -  *_t449;
						 *((intOrPtr*)(_t708 + _t734 * 2)) =  *((intOrPtr*)(_t708 + _t734 * 2)) + _t454;
						 *0x80700013 = _t454;
						_t455 = _t454 -  *_t454;
						 *((intOrPtr*)(_t708 + _t734 * 2)) =  *((intOrPtr*)(_t708 + _t734 * 2)) + _t455;
						asm("fild word [eax]");
						_t121 = _t455 + 0x16;
						 *_t121 =  *((intOrPtr*)(_t455 + 0x16)) + _t708;
						if( *_t121 < 0) {
							 *_t455 =  *_t455 + _t455;
							_push(es);
							 *((char*)(_t455 + _t455)) =  *((char*)(_t455 + _t455));
							_t610 = _t455 + 0x7e -  *((intOrPtr*)(_t455 + 0x7e));
							 *((intOrPtr*)(_t636 + _t734 * 2)) =  *((intOrPtr*)(_t636 + _t734 * 2)) + _t610;
							_t455 = _t610 ^  *_t610;
							 *_t734 =  *_t734 + _t455;
							 *0x2a040000 =  *0x2a040000;
						}
						_t456 = _t455 + 0x2a;
						 *_t636 = _t636 +  *_t636;
						while(1) {
							asm("sbb esi, [eax]");
							_t457 = _t456 + 0x6300;
							 *_t734 =  *_t734 + _t708;
							 *_t457 =  *_t457 + _t457;
							asm("adc [eax], eax");
							if( *_t457 <= 0) {
								break;
							}
							 *_t457 =  *_t457 + _t457;
							_t664 = _t663 |  *_t708;
							_t129 = _t708 - 0x33;
							 *_t129 =  *((intOrPtr*)(_t708 - 0x33)) + _t708;
							asm("adc eax, [eax]");
							if( *_t129 < 0) {
								L76:
								 *_t708 =  *_t708 ^ _t457;
								 *_t636 =  *_t636 + _t708;
								 *_t457 =  *_t457 + _t457;
								 *_t733 =  *_t733 + _t708;
								 *_t457 =  *_t457 + _t457;
							} else {
								_t708 = _t708 + 1;
								 *_t457 =  *_t457 + _t457;
								_t456 = _t457 |  *_t457;
								_t811 = _t456;
								es = es;
								if(_t811 < 0) {
									continue;
								} else {
									asm("adc eax, [eax]");
									if(_t811 >= 0) {
										_t747 = _t747 + 1;
										 *_t456 =  *_t456 + _t456;
										_t604 = _t456 | 0x00000008;
										ss = es;
										 *_t664 =  *_t664 + _t604;
										asm("outsd");
										 *0 =  *0 + _t664;
										asm("sbb al, 0x9a");
										asm("fimul word [ebx]");
										_pop(es);
										_t607 = (_t604 & 0x9d0a1f16 |  *(_t604 & 0x9d0a1f16)) - 7;
										_pop(es);
										asm("outsd");
										_t708 = 1;
										 *_t607 =  *_t607 + _t607;
										_t608 = _t607 |  *_t607;
										_t918 = _t918 +  *_t608;
										asm("ficom word [esi]");
										_t457 = _t608 | 0x002e7e00;
										 *((intOrPtr*)(_t664 + _t664)) =  *((intOrPtr*)(_t664 + _t664)) + _t457;
										asm("outsd");
										asm("sbb [eax], al");
										 *((intOrPtr*)(1)) =  *((intOrPtr*)(1)) + _t664;
										break;
									}
								}
							}
							 *_t664 =  *_t664 + _t708;
							_t636[0xd] = _t636[0xd] + _t708;
						}
						_t664 = _t663 | _t733[0x1b];
						 *_t457 =  *_t457 + _t457;
						_push(es);
						 *_t457 =  *_t457 + _t457;
						asm("fiadd word [eax]");
						asm("adc eax, [ebx+ebp]");
						 *_t664 =  *_t664 + _t708;
						_t457 = _t457 + 0x2a;
						 *_t664 =  *_t664 + _t457;
						asm("sbb al, 0x0");
						 *_t708 =  *_t708 + _t457;
						 *_t636 =  *_t636 + _t708;
						_t733[_t734] = _t733[_t734] + _t457;
						 *_t636 =  *_t636 + _t664;
						 *_t457 =  *_t457 + _t457;
						 *_t457 =  *_t457 + _t457;
						 *_t457 =  *_t457 + _t457;
						es = es;
						 *_t734 = _t636 +  *_t734;
						_t741 = _t741 + 1;
						 *_t734 =  *_t734 + _t708;
						asm("adc al, [eax]");
						 *_t664 =  *_t664 + _t457;
						asm("adc esi, [eax]");
						goto L76;
					}
					 *_t449 =  *_t449 + _t449;
					 *_t708 =  *_t708 + _t449;
					_t663 = 0 +  *_t449;
					goto L67;
					L23:
					 *_t704 =  *_t704 ^ _t435;
					_t636[0x4400000] = _t636 + _t636[0x4400000];
					 *_t435 =  *_t435 + _t435;
					asm("adc [eax], eax");
					if( *_t435 <= 0) {
						goto L29;
					} else {
						 *_t435 =  *_t435 + _t435;
						goto L25;
					}
					goto L34;
				}
			}










































































                                                                                0x0028400b
                                                                                0x0028400b
                                                                                0x0028400b
                                                                                0x0028400b
                                                                                0x0028400b
                                                                                0x0028400c
                                                                                0x0028400e
                                                                                0x00284010
                                                                                0x00284011
                                                                                0x00284012
                                                                                0x00284014
                                                                                0x00284016
                                                                                0x00284018
                                                                                0x0028401b
                                                                                0x0028401d
                                                                                0x0028401f
                                                                                0x00284020
                                                                                0x00284020
                                                                                0x00284022
                                                                                0x00284025
                                                                                0x00284027
                                                                                0x0028402e
                                                                                0x0028402f
                                                                                0x00284032
                                                                                0x00284034
                                                                                0x00284039
                                                                                0x0028403b
                                                                                0x00284041
                                                                                0x00284044
                                                                                0x0028404b
                                                                                0x0028405d
                                                                                0x0028406a
                                                                                0x0028406f
                                                                                0x00284072
                                                                                0x00284077
                                                                                0x00284079
                                                                                0x0028407a
                                                                                0x0028407a
                                                                                0x00284083
                                                                                0x00284088
                                                                                0x0028408b
                                                                                0x00284091
                                                                                0x00284093
                                                                                0x00284095
                                                                                0x00284097
                                                                                0x0028409c
                                                                                0x0028411c
                                                                                0x0028411c
                                                                                0x0028411e
                                                                                0x00000000
                                                                                0x00284120
                                                                                0x00284120
                                                                                0x00284122
                                                                                0x00000000
                                                                                0x00284122
                                                                                0x0028409e
                                                                                0x0028409e
                                                                                0x002840a0
                                                                                0x002840a3
                                                                                0x002840a8
                                                                                0x002840a9
                                                                                0x002840ab
                                                                                0x002840ae
                                                                                0x002840b0
                                                                                0x002840b1
                                                                                0x002840b1
                                                                                0x002840b2
                                                                                0x002840b2
                                                                                0x002840b8
                                                                                0x002840c1
                                                                                0x002840c1
                                                                                0x002840c3
                                                                                0x002840c6
                                                                                0x002840c8
                                                                                0x002840c9
                                                                                0x002840cb
                                                                                0x002840cd
                                                                                0x002840cf
                                                                                0x002840d1
                                                                                0x002840d3
                                                                                0x002840d5
                                                                                0x002840d6
                                                                                0x002840d8
                                                                                0x002840da
                                                                                0x002840dc
                                                                                0x002840de
                                                                                0x002840e0
                                                                                0x002840e2
                                                                                0x002840e4
                                                                                0x002840e6
                                                                                0x00000000
                                                                                0x002840ba
                                                                                0x002840ba
                                                                                0x00284124
                                                                                0x00284124
                                                                                0x00284129
                                                                                0x0028412b
                                                                                0x0028412d
                                                                                0x00284133
                                                                                0x0028413b
                                                                                0x0028413e
                                                                                0x0028413f
                                                                                0x00284141
                                                                                0x00284143
                                                                                0x00284145
                                                                                0x00284149
                                                                                0x0028414e
                                                                                0x00284150
                                                                                0x00284152
                                                                                0x00284153
                                                                                0x00284156
                                                                                0x00284157
                                                                                0x00284158
                                                                                0x00284158
                                                                                0x00284158
                                                                                0x002840bc
                                                                                0x002840bc
                                                                                0x002840be
                                                                                0x002840c0
                                                                                0x00000000
                                                                                0x002840c0
                                                                                0x002840e8
                                                                                0x002840e8
                                                                                0x002840eb
                                                                                0x002840f1
                                                                                0x002840f4
                                                                                0x002840f6
                                                                                0x002840f8
                                                                                0x002840fb
                                                                                0x002840fc
                                                                                0x00284103
                                                                                0x00284106
                                                                                0x00284108
                                                                                0x0028410b
                                                                                0x0028410d
                                                                                0x00000000
                                                                                0x0028410f
                                                                                0x0028410f
                                                                                0x00284117
                                                                                0x00284119
                                                                                0x0028411a
                                                                                0x00000000
                                                                                0x0028411a
                                                                                0x0028410d
                                                                                0x002840ba
                                                                                0x002840b8
                                                                                0x0028417e
                                                                                0x0028417f
                                                                                0x00284180
                                                                                0x00284182
                                                                                0x00284184
                                                                                0x00284185
                                                                                0x00284186
                                                                                0x00284186
                                                                                0x00284187
                                                                                0x00284189
                                                                                0x0028418b
                                                                                0x0028418e
                                                                                0x00284190
                                                                                0x00284192
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00284194
                                                                                0x00284196
                                                                                0x00284198
                                                                                0x0028419b
                                                                                0x0028421b
                                                                                0x0028421d
                                                                                0x00284222
                                                                                0x00284224
                                                                                0x00284226
                                                                                0x00284227
                                                                                0x00284228
                                                                                0x0028422a
                                                                                0x0028422b
                                                                                0x002841d0
                                                                                0x002841d0
                                                                                0x002841d7
                                                                                0x002841da
                                                                                0x002841dc
                                                                                0x002841dd
                                                                                0x002841de
                                                                                0x002841e0
                                                                                0x002841e1
                                                                                0x00000000
                                                                                0x002841e3
                                                                                0x002841e3
                                                                                0x002841eb
                                                                                0x002841ed
                                                                                0x002841ee
                                                                                0x002841f0
                                                                                0x002841f2
                                                                                0x00000000
                                                                                0x002841f4
                                                                                0x002841f4
                                                                                0x002841f8
                                                                                0x002841fd
                                                                                0x00284201
                                                                                0x00284202
                                                                                0x00284203
                                                                                0x00284205
                                                                                0x00284206
                                                                                0x00000000
                                                                                0x00284208
                                                                                0x00284208
                                                                                0x00284209
                                                                                0x00284209
                                                                                0x00284210
                                                                                0x00284212
                                                                                0x00284213
                                                                                0x00284215
                                                                                0x00284217
                                                                                0x00284219
                                                                                0x00000000
                                                                                0x00284219
                                                                                0x00284217
                                                                                0x00284206
                                                                                0x002841f2
                                                                                0x0028422d
                                                                                0x0028422d
                                                                                0x0028422f
                                                                                0x00284235
                                                                                0x00284237
                                                                                0x00284238
                                                                                0x0028423a
                                                                                0x0028423d
                                                                                0x0028423e
                                                                                0x0028423f
                                                                                0x00284241
                                                                                0x00284243
                                                                                0x00284244
                                                                                0x00284245
                                                                                0x00284246
                                                                                0x00284248
                                                                                0x0028424a
                                                                                0x0028424d
                                                                                0x0028424f
                                                                                0x00284251
                                                                                0x00284252
                                                                                0x00284253
                                                                                0x00284254
                                                                                0x00284254
                                                                                0x0028419d
                                                                                0x0028419d
                                                                                0x0028419e
                                                                                0x002841a0
                                                                                0x002841a2
                                                                                0x002841a3
                                                                                0x002841a5
                                                                                0x002841ab
                                                                                0x002841ab
                                                                                0x002841b1
                                                                                0x002841b3
                                                                                0x002841b5
                                                                                0x002841b7
                                                                                0x002841b9
                                                                                0x002841bb
                                                                                0x002841bd
                                                                                0x002841bf
                                                                                0x00000000
                                                                                0x002841bf
                                                                                0x00284255
                                                                                0x00284255
                                                                                0x00284257
                                                                                0x00284259
                                                                                0x0028425a
                                                                                0x0028425b
                                                                                0x0028425d
                                                                                0x0028425f
                                                                                0x00284262
                                                                                0x00284268
                                                                                0x0028426a
                                                                                0x0028426f
                                                                                0x00284271
                                                                                0x00284273
                                                                                0x00284275
                                                                                0x0028427c
                                                                                0x0028427d
                                                                                0x0028427f
                                                                                0x00284282
                                                                                0x00284284
                                                                                0x002842b0
                                                                                0x002842b0
                                                                                0x002842b0
                                                                                0x002842b0
                                                                                0x002842b3
                                                                                0x002842b5
                                                                                0x00000000
                                                                                0x002842b7
                                                                                0x002842b7
                                                                                0x002842b8
                                                                                0x002842ba
                                                                                0x002842bb
                                                                                0x002842bb
                                                                                0x002842bc
                                                                                0x00000000
                                                                                0x002842be
                                                                                0x002842be
                                                                                0x00000000
                                                                                0x002842be
                                                                                0x00000000
                                                                                0x002842bc
                                                                                0x00000000
                                                                                0x002842bb
                                                                                0x00284286
                                                                                0x00284286
                                                                                0x0028428b
                                                                                0x00284291
                                                                                0x00284297
                                                                                0x00284298
                                                                                0x0028429b
                                                                                0x0028429d
                                                                                0x002842a0
                                                                                0x002842a2
                                                                                0x002842a5
                                                                                0x002842a7
                                                                                0x002842c0
                                                                                0x002842c0
                                                                                0x002842c2
                                                                                0x002842c3
                                                                                0x002842c3
                                                                                0x002842c8
                                                                                0x002842ca
                                                                                0x002842cc
                                                                                0x002842ce
                                                                                0x002842d0
                                                                                0x002842d2
                                                                                0x002842d5
                                                                                0x002842d7
                                                                                0x002842d9
                                                                                0x002842db
                                                                                0x002842dd
                                                                                0x002842e2
                                                                                0x002842e5
                                                                                0x002842e6
                                                                                0x002842e8
                                                                                0x002842e8
                                                                                0x002842ea
                                                                                0x002842ea
                                                                                0x002842eb
                                                                                0x002842ed
                                                                                0x002842ef
                                                                                0x002842f1
                                                                                0x002842f3
                                                                                0x002842f5
                                                                                0x002842f7
                                                                                0x002842f9
                                                                                0x002842fb
                                                                                0x002842fd
                                                                                0x002842fe
                                                                                0x00284300
                                                                                0x00284302
                                                                                0x00284304
                                                                                0x00284306
                                                                                0x00284308
                                                                                0x0028430d
                                                                                0x0028430f
                                                                                0x00284311
                                                                                0x00284313
                                                                                0x00284316
                                                                                0x00284318
                                                                                0x0028431a
                                                                                0x0028431c
                                                                                0x0028431c
                                                                                0x0028431c
                                                                                0x0028431f
                                                                                0x00284321
                                                                                0x00284323
                                                                                0x00284325
                                                                                0x00284328
                                                                                0x00284329
                                                                                0x00284329
                                                                                0x0028432b
                                                                                0x0028432d
                                                                                0x00284333
                                                                                0x00284337
                                                                                0x00284339
                                                                                0x0028433c
                                                                                0x0028433e
                                                                                0x00284341
                                                                                0x00284343
                                                                                0x0028435c
                                                                                0x0028435c
                                                                                0x0028435d
                                                                                0x0028435f
                                                                                0x00284360
                                                                                0x00284361
                                                                                0x00284362
                                                                                0x00284364
                                                                                0x00284366
                                                                                0x00284368
                                                                                0x00284345
                                                                                0x00284345
                                                                                0x00284346
                                                                                0x00284346
                                                                                0x00284347
                                                                                0x00284349
                                                                                0x0028434b
                                                                                0x0028434b
                                                                                0x0028434b
                                                                                0x0028434f
                                                                                0x00284351
                                                                                0x00284353
                                                                                0x00284354
                                                                                0x00284356
                                                                                0x00284358
                                                                                0x0028435a
                                                                                0x00000000
                                                                                0x0028435a
                                                                                0x00284351
                                                                                0x00284369
                                                                                0x0028436b
                                                                                0x0028436d
                                                                                0x0028436f
                                                                                0x00284371
                                                                                0x00284373
                                                                                0x00284375
                                                                                0x00284376
                                                                                0x00284378
                                                                                0x0028437a
                                                                                0x0028437c
                                                                                0x0028437e
                                                                                0x00284380
                                                                                0x00284381
                                                                                0x00284383
                                                                                0x00284386
                                                                                0x00284388
                                                                                0x0028438a
                                                                                0x00284390
                                                                                0x00284391
                                                                                0x00284393
                                                                                0x00284393
                                                                                0x00284393
                                                                                0x002842a9
                                                                                0x002842a9
                                                                                0x002842aa
                                                                                0x002842ab
                                                                                0x002842ad
                                                                                0x00000000
                                                                                0x002842ad
                                                                                0x002842a7
                                                                                0x00284395
                                                                                0x00284395
                                                                                0x00284396
                                                                                0x00284398
                                                                                0x0028439a
                                                                                0x0028439f
                                                                                0x002843a5
                                                                                0x002843ab
                                                                                0x002843ac
                                                                                0x002843b2
                                                                                0x002843b8
                                                                                0x002843ba
                                                                                0x002843bc
                                                                                0x002843be
                                                                                0x002843bf
                                                                                0x002843c1
                                                                                0x002843c1
                                                                                0x002843c2
                                                                                0x002843c5
                                                                                0x002843c7
                                                                                0x002843c9
                                                                                0x002843cb
                                                                                0x002843cd
                                                                                0x002843cf
                                                                                0x002843d1
                                                                                0x002843d3
                                                                                0x002843d4
                                                                                0x002843d6
                                                                                0x002843d8
                                                                                0x002843d9
                                                                                0x002843db
                                                                                0x002843dd
                                                                                0x002843df
                                                                                0x002843e1
                                                                                0x002843e3
                                                                                0x002843e5
                                                                                0x002843e7
                                                                                0x002843e9
                                                                                0x002843eb
                                                                                0x002843ee
                                                                                0x002843f0
                                                                                0x002843f2
                                                                                0x002843f4
                                                                                0x002843f8
                                                                                0x002843fa
                                                                                0x002843fa
                                                                                0x002843fb
                                                                                0x002843fd
                                                                                0x002843fd
                                                                                0x002843ff
                                                                                0x002843ff
                                                                                0x00284401
                                                                                0x00284403
                                                                                0x00284403
                                                                                0x00284404
                                                                                0x00284407
                                                                                0x00284409
                                                                                0x0028440c
                                                                                0x00284412
                                                                                0x00284418
                                                                                0x0028441c
                                                                                0x0028441e
                                                                                0x00284420
                                                                                0x00284424
                                                                                0x00284426
                                                                                0x0028442a
                                                                                0x0028442c
                                                                                0x00284431
                                                                                0x00284439
                                                                                0x0028443c
                                                                                0x00284441
                                                                                0x00284442
                                                                                0x00284445
                                                                                0x00284447
                                                                                0x00284449
                                                                                0x00000000
                                                                                0x0028444b
                                                                                0x0028444b
                                                                                0x0028444d
                                                                                0x0028444f
                                                                                0x00284451
                                                                                0x00284453
                                                                                0x00284455
                                                                                0x00284459
                                                                                0x0028445b
                                                                                0x0028445d
                                                                                0x0028445f
                                                                                0x00284460
                                                                                0x00284462
                                                                                0x00284463
                                                                                0x00284464
                                                                                0x00284465
                                                                                0x00284467
                                                                                0x00284469
                                                                                0x0028446b
                                                                                0x0028446d
                                                                                0x0028446f
                                                                                0x00284471
                                                                                0x00284473
                                                                                0x00284475
                                                                                0x00284476
                                                                                0x00284478
                                                                                0x00000000
                                                                                0x00284478
                                                                                0x00284451
                                                                                0x0028447e
                                                                                0x0028447e
                                                                                0x00284481
                                                                                0x00284483
                                                                                0x00284485
                                                                                0x00284487
                                                                                0x00284489
                                                                                0x0028448b
                                                                                0x0028448e
                                                                                0x00284490
                                                                                0x00284492
                                                                                0x00284494
                                                                                0x00284495
                                                                                0x00284497
                                                                                0x00284499
                                                                                0x0028449b
                                                                                0x0028449e
                                                                                0x002844a1
                                                                                0x002844a7
                                                                                0x002844a9
                                                                                0x002844ac
                                                                                0x002844ad
                                                                                0x002844b3
                                                                                0x002844b5
                                                                                0x002844b8
                                                                                0x002844bd
                                                                                0x002844bf
                                                                                0x002844c2
                                                                                0x002844c7
                                                                                0x002844c9
                                                                                0x002844cc
                                                                                0x002844ce
                                                                                0x002844ce
                                                                                0x002844d1
                                                                                0x002844d3
                                                                                0x002844d5
                                                                                0x002844d6
                                                                                0x002844dc
                                                                                0x002844de
                                                                                0x002844e1
                                                                                0x002844e3
                                                                                0x002844e5
                                                                                0x002844e5
                                                                                0x002844e9
                                                                                0x002844eb
                                                                                0x002844ec
                                                                                0x002844ec
                                                                                0x002844ee
                                                                                0x002844f3
                                                                                0x002844f5
                                                                                0x002844f7
                                                                                0x002844f9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x002844fb
                                                                                0x002844fd
                                                                                0x002844ff
                                                                                0x002844ff
                                                                                0x00284502
                                                                                0x00284504
                                                                                0x00284579
                                                                                0x00284579
                                                                                0x0028457b
                                                                                0x0028457d
                                                                                0x0028457f
                                                                                0x00284581
                                                                                0x00284506
                                                                                0x00284506
                                                                                0x00284507
                                                                                0x0028450a
                                                                                0x0028450a
                                                                                0x0028450c
                                                                                0x0028450d
                                                                                0x00000000
                                                                                0x0028450f
                                                                                0x0028450f
                                                                                0x00284511
                                                                                0x00284513
                                                                                0x00284514
                                                                                0x00284517
                                                                                0x00284519
                                                                                0x0028451d
                                                                                0x00284524
                                                                                0x00284527
                                                                                0x00284529
                                                                                0x0028452d
                                                                                0x0028452f
                                                                                0x00284530
                                                                                0x00284532
                                                                                0x00284533
                                                                                0x00284534
                                                                                0x00284535
                                                                                0x00284537
                                                                                0x00284539
                                                                                0x0028453b
                                                                                0x0028453d
                                                                                0x00284542
                                                                                0x00284545
                                                                                0x00284546
                                                                                0x00284548
                                                                                0x00000000
                                                                                0x00284548
                                                                                0x00284511
                                                                                0x0028450d
                                                                                0x00284582
                                                                                0x00284584
                                                                                0x00284584
                                                                                0x00284549
                                                                                0x0028454c
                                                                                0x0028454e
                                                                                0x0028454f
                                                                                0x00284551
                                                                                0x00284554
                                                                                0x00284557
                                                                                0x00284559
                                                                                0x0028455b
                                                                                0x0028455d
                                                                                0x0028455f
                                                                                0x00284561
                                                                                0x00284563
                                                                                0x00284566
                                                                                0x00284568
                                                                                0x0028456a
                                                                                0x0028456c
                                                                                0x0028456e
                                                                                0x0028456f
                                                                                0x00284571
                                                                                0x00284572
                                                                                0x00284574
                                                                                0x00284576
                                                                                0x00284578
                                                                                0x00000000
                                                                                0x00284578
                                                                                0x00284479
                                                                                0x0028447b
                                                                                0x0028447d
                                                                                0x00000000
                                                                                0x002841c1
                                                                                0x002841c1
                                                                                0x002841c3
                                                                                0x002841c9
                                                                                0x002841cb
                                                                                0x002841cd
                                                                                0x00000000
                                                                                0x002841cf
                                                                                0x002841cf
                                                                                0x00000000
                                                                                0x002841cf
                                                                                0x00000000
                                                                                0x002841cd

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463602874.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                                                                • Associated: 00000000.00000002.463555726.0000000000280000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.463691971.0000000000292000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6d4e437a4b7a3d850fab8a5e499e35be8401ec91c8af0d278c68da10b6688024
                                                                                • Instruction ID: ce372f644eb4d86ba3e3e252adce5a77ae968c39637604254cf7972868019284
                                                                                • Opcode Fuzzy Hash: 6d4e437a4b7a3d850fab8a5e499e35be8401ec91c8af0d278c68da10b6688024
                                                                                • Instruction Fuzzy Hash: 469232A640F7C24FC713AB749CB5291BFB1AE17214B1E49CBC4C1CF0A3E618596AD762
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A48A64, Relevance: .6, Instructions: 622COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 63e5dcfeb7c859cc0f552dbe348498f95327e56ed4f46611e345088b6c83cb97
                                                                                • Instruction ID: f553982b295df9a61d4186d6c9f25a09f30afd606e1390ec662c18210ea62a89
                                                                                • Opcode Fuzzy Hash: 63e5dcfeb7c859cc0f552dbe348498f95327e56ed4f46611e345088b6c83cb97
                                                                                • Instruction Fuzzy Hash: C8328E34A442188FDB24DFA8C8517AEB7F2AFC5304F15816DE10AEB385DF349D458BA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C6420, Relevance: .3, Instructions: 315COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8fc11dfbcccf6abcb3a476f0768cb2e1f8695bb802e724d215a7a6cb7e5e4be6
                                                                                • Instruction ID: 6afbfb2b8b9ddebab2d9809f2c1cfc5fcc6e0c766d137644e128096c7fedac5f
                                                                                • Opcode Fuzzy Hash: 8fc11dfbcccf6abcb3a476f0768cb2e1f8695bb802e724d215a7a6cb7e5e4be6
                                                                                • Instruction Fuzzy Hash: B612A4F1C12746AAE330CF65ED9C5893BA1F7A5328F904228D2612AED1D7BC194BCF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A49D68, Relevance: .3, Instructions: 280COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.467766240.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aa49e1bfb05ffa9f95b2e5af9cd111e8601eea1499c2f0129302a2349340cba6
                                                                                • Instruction ID: b9a0e6cea8b5ff4b73a27f3664ab58cd544bbe52af89fff704e781eba54cc088
                                                                                • Opcode Fuzzy Hash: aa49e1bfb05ffa9f95b2e5af9cd111e8601eea1499c2f0129302a2349340cba6
                                                                                • Instruction Fuzzy Hash: 76C16D74E002589FDF14CFA9C98079EBBF2AF94300F15C1AAE409AB255DB74D985CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 003C3BC4, Relevance: .3, Instructions: 265COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.463960635.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8ccf2317b1faa7243463b6cfc5bc0d13bf219f08ec38e35ada9a8c623d00bf05
                                                                                • Instruction ID: 166adbcf821fe2917ce74d7e282c4e72bde907d36e31be6052a5092418639115
                                                                                • Opcode Fuzzy Hash: 8ccf2317b1faa7243463b6cfc5bc0d13bf219f08ec38e35ada9a8c623d00bf05
                                                                                • Instruction Fuzzy Hash: F3A15F32E006198FCF16DFA5C844ADDB7B6FF85300B15856AE905EB221EB35AD85CB40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Analysis Process: JSChk2v3o9.exe PID: 5276 Parent PID: 3388 JSChk2v3o9.exeCOMMON

                                                                                Executed Functions

                                                                                Function 00C29068, Relevance: 1.7, APIs: 1, Instructions: 190COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00C292AE
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 4c7bcdef7ba37885ed703643858f4d26447ce1c7fef28da376d18b95e4ceab1a
                                                                                • Instruction ID: 5cc4fa343d4e1c790b89061fab3812c4541ceb2541107c6cdd3873215e6fdf90
                                                                                • Opcode Fuzzy Hash: 4c7bcdef7ba37885ed703643858f4d26447ce1c7fef28da376d18b95e4ceab1a
                                                                                • Instruction Fuzzy Hash: BD712270A00B158FDB24DF2AE44575AB7F1FF88304F008A2DE45ADBA50DB34E9598B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C2D320, Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C2F68A
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: fcbb9e6101da39977c8fe6bb93460273be7b1e9a1b0beacce8e7fec5057f3fae
                                                                                • Instruction ID: d0c1642fbda7d6365e3ae3fe1a1c44fe627e7ebe8ff08943f8b9fe0bbfb7c702
                                                                                • Opcode Fuzzy Hash: fcbb9e6101da39977c8fe6bb93460273be7b1e9a1b0beacce8e7fec5057f3fae
                                                                                • Instruction Fuzzy Hash: C55120B1C043489FDB11CFA9D880ADEBFB1BF49314F25812AE818AB260D7749945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C2F56C, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C2F68A
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: b3ed4ecb4560818d15c8bd4bd1021f97606400c092325fcd067202922e08dc24
                                                                                • Instruction ID: 58697f609d05874e6e23f5488bef8538392abec1e7c0439dddb6ed8598318bd1
                                                                                • Opcode Fuzzy Hash: b3ed4ecb4560818d15c8bd4bd1021f97606400c092325fcd067202922e08dc24
                                                                                • Instruction Fuzzy Hash: 9651C2B1D003599FDF14CFA9D884ADEBBB5FF48314F24812AE819AB210D7759946CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C2D33C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C2F68A
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 443b3fe7f99cace7920d40bf34986f7570775edf6732412005639f4fd79462b9
                                                                                • Instruction ID: 96488154ce233220f78880a0c7b3c7508e9e146972992a16fc013225777e3411
                                                                                • Opcode Fuzzy Hash: 443b3fe7f99cace7920d40bf34986f7570775edf6732412005639f4fd79462b9
                                                                                • Instruction Fuzzy Hash: 5A51CFB1D0035D9FDB14CFA9D884ADEBBB5FF48314F24812AE819AB210D7749945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C29020, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C2B23E,?,?,?,?,?), ref: 00C2B2FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 6983f7be9ba590fa2ce8fe716527a694c78134a1928ce7475ace19a92b5c0734
                                                                                • Instruction ID: d46bc3897ab3d39d6a28b3940f57f47588ec76c75b90098771e5c4108cc493fc
                                                                                • Opcode Fuzzy Hash: 6983f7be9ba590fa2ce8fe716527a694c78134a1928ce7475ace19a92b5c0734
                                                                                • Instruction Fuzzy Hash: 7D21E5B5900258DFDB10CFAAD884AEEBBF8EB48324F14841AE914A7310D374A954DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C2B270, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C2B23E,?,?,?,?,?), ref: 00C2B2FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 972493f84877edd75a359a66f7ede308a3510aaf7b9661995099badca4c0d1ff
                                                                                • Instruction ID: 2bbb29bcf3b14537399e2113a21bc6ca0d987a0f206d211489a8de01b2be2806
                                                                                • Opcode Fuzzy Hash: 972493f84877edd75a359a66f7ede308a3510aaf7b9661995099badca4c0d1ff
                                                                                • Instruction Fuzzy Hash: 002123B5900249DFDB00CFA9D484ADEFBF4FB48324F14841AE968A3350C778AA54CF61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 071810E0, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PeekMessageW.USER32(?,?,?,?,?), ref: 07181150
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.475459809.0000000007180000.00000040.00000001.sdmp, Offset: 07180000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessagePeek
                                                                                • String ID:
                                                                                • API String ID: 2222842502-0
                                                                                • Opcode ID: 0c3e65855e40974998a868649ef31cea6c09324537d4ca44ecf018fe594a8c76
                                                                                • Instruction ID: 0249667f851078ef361572058504ebcbaaf32704d1e3972b6a42ed91450ae7b1
                                                                                • Opcode Fuzzy Hash: 0c3e65855e40974998a868649ef31cea6c09324537d4ca44ecf018fe594a8c76
                                                                                • Instruction Fuzzy Hash: 2E1129B2C00249DFCB10DF9AD884BDEBBF8EB48324F148429E918A3340C378A545DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06D84DB0, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetWindowTextW.USER32(?,00000000), ref: 06D84E22
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.474525527.0000000006D80000.00000040.00000001.sdmp, Offset: 06D80000, based on PE: false
                                                                                Similarity
                                                                                • API ID: TextWindow
                                                                                • String ID:
                                                                                • API String ID: 530164218-0
                                                                                • Opcode ID: fca0d03ae93c3e0adc6835bf6c22d960379b2c22f0fed5a1ab107d0ca0e9a913
                                                                                • Instruction ID: 6639453d26d7f0c0e0970f5c49c3d081f73569c81d25b2d39f03ecaadfdc0d4e
                                                                                • Opcode Fuzzy Hash: fca0d03ae93c3e0adc6835bf6c22d960379b2c22f0fed5a1ab107d0ca0e9a913
                                                                                • Instruction Fuzzy Hash: 781117B6C006498FDB11DF9AD844BDEBBF4EB48320F14842AE868A7640D338A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C28C94, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C29329,00000800,00000000,00000000), ref: 00C2953A
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 0125798bd67b6fa53ffabed71384d7e99a7b5d98f7395ae38c755ff8b4b9a43e
                                                                                • Instruction ID: 6a4197ed85724e864aa00db8768f273e5bbe5b2dcb47f5fe50f57a9a0d362246
                                                                                • Opcode Fuzzy Hash: 0125798bd67b6fa53ffabed71384d7e99a7b5d98f7395ae38c755ff8b4b9a43e
                                                                                • Instruction Fuzzy Hash: 8B1114B69002499FDB10DFAAD444BDEFBF4EB88324F10852AE919B7600C375A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C294C9, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C29329,00000800,00000000,00000000), ref: 00C2953A
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 6bd60be63ddd73c9f5c6bbaa08309848404662340dd29d284fd050eba264f843
                                                                                • Instruction ID: 876c0d66fd72173df4e4d98c0ac3de44eed618bfdfa3f36f883ff6776f1bf195
                                                                                • Opcode Fuzzy Hash: 6bd60be63ddd73c9f5c6bbaa08309848404662340dd29d284fd050eba264f843
                                                                                • Instruction Fuzzy Hash: 3F112CB6D002498FCB10DF99D444BDEFBF4EB48310F108529E515A7700C3759545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 071813B0, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0718141D
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.475459809.0000000007180000.00000040.00000001.sdmp, Offset: 07180000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: d8a720f1045c00934957f36b233fdea5d7f27ea964ece22a37806bb8e84f580f
                                                                                • Instruction ID: 45b88500b164914faa0c401cf2166bfbe28f28db7322ae31db76089a4a854689
                                                                                • Opcode Fuzzy Hash: d8a720f1045c00934957f36b233fdea5d7f27ea964ece22a37806bb8e84f580f
                                                                                • Instruction Fuzzy Hash: E41129B28002499FCB10DF99D844BEEBBF8EB48320F14842AE914A3740D378A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06D84DB8, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetWindowTextW.USER32(?,00000000), ref: 06D84E22
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.474525527.0000000006D80000.00000040.00000001.sdmp, Offset: 06D80000, based on PE: false
                                                                                Similarity
                                                                                • API ID: TextWindow
                                                                                • String ID:
                                                                                • API String ID: 530164218-0
                                                                                • Opcode ID: 97e62201b34a962b31c189e7f89d3d5086bf49838b33b5a0f6a200be3c8cc8c5
                                                                                • Instruction ID: f97c5466f4b9c3b836b68f27ac6b54eb4ff47ae9580cc2631d38a3acf791d211
                                                                                • Opcode Fuzzy Hash: 97e62201b34a962b31c189e7f89d3d5086bf49838b33b5a0f6a200be3c8cc8c5
                                                                                • Instruction Fuzzy Hash: 7F11F6B6D006498FDB10DF9AD844BDEFBF4EB88320F14842AE859A7640D378A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 071810E8, Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PeekMessageW.USER32(?,?,?,?,?), ref: 07181150
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.475459809.0000000007180000.00000040.00000001.sdmp, Offset: 07180000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessagePeek
                                                                                • String ID:
                                                                                • API String ID: 2222842502-0
                                                                                • Opcode ID: f9ed76d7161ba093d5374da1afabd800dade4157b3da41a5b0d1ca82448b7a66
                                                                                • Instruction ID: d6c2265fe30ef012a403312722064ebc899815807b31652974adf39645b5d284
                                                                                • Opcode Fuzzy Hash: f9ed76d7161ba093d5374da1afabd800dade4157b3da41a5b0d1ca82448b7a66
                                                                                • Instruction Fuzzy Hash: 50110AB5C002499FDB10DF9AD844BDEBBF8FB48320F148429E958A7240C378A545DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 071813B8, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0718141D
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.475459809.0000000007180000.00000040.00000001.sdmp, Offset: 07180000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: 5ea31972c4c57d21de0aef9953ac907f352f52494587ac9a90e200566a930c68
                                                                                • Instruction ID: c061fa575f7f1ab8ae5a0f94b84bf982b19185084ee3776c95a53dcf89f17d5f
                                                                                • Opcode Fuzzy Hash: 5ea31972c4c57d21de0aef9953ac907f352f52494587ac9a90e200566a930c68
                                                                                • Instruction Fuzzy Hash: EC1104B18002499FDB10DF9AD884BDEFBF8EB48320F14842AE914A3640D378A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06D8A921, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,?,?,?), ref: 06D8A985
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.474525527.0000000006D80000.00000040.00000001.sdmp, Offset: 06D80000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: acdf783c2ef7d50087ee8d8687615c72c99aacf53b45880870c0136a5c42f04e
                                                                                • Instruction ID: d8fdf9071405caefccc49cf4200874a5bf2bac20609196b47cc20ebf9850a8b5
                                                                                • Opcode Fuzzy Hash: acdf783c2ef7d50087ee8d8687615c72c99aacf53b45880870c0136a5c42f04e
                                                                                • Instruction Fuzzy Hash: 85113AB58003499FDB10DF9AC845BEEFBF8EB48324F14841AE954A3740D379A644CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C27758, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 00C277CD
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: 938e6d0a26c12c842f6b91973530285f04df9260b0983be88adac11f7afcb75d
                                                                                • Instruction ID: 633af057b6f6b2420767c9990e806c1b5bfb3029d2f6bacb970681e2bd08e3d2
                                                                                • Opcode Fuzzy Hash: 938e6d0a26c12c842f6b91973530285f04df9260b0983be88adac11f7afcb75d
                                                                                • Instruction Fuzzy Hash: 2521DF75804394CFDB12CF68D1443EEBFF0AB09318F54849EC495A7692C7789644CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C27768, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 00C277CD
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: 5eb71219d05b8af0b9bc2196911cb75a690fad07b2e3e71dfb832e08e7c303c1
                                                                                • Instruction ID: c8cbf6d07af49984c6ecab9ed904ee43d06c94713d8e77bb0aa6181757f9621e
                                                                                • Opcode Fuzzy Hash: 5eb71219d05b8af0b9bc2196911cb75a690fad07b2e3e71dfb832e08e7c303c1
                                                                                • Instruction Fuzzy Hash: 901188B5804398CFDB11DF99D4443EEBFF4AB09328F14846DD455A3681C778AA44CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06D8A928, Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,?,?,?), ref: 06D8A985
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.474525527.0000000006D80000.00000040.00000001.sdmp, Offset: 06D80000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 5595e563efb766a971b0e5b506b2424f44c5878779ef7585b12127f7c7908f3b
                                                                                • Instruction ID: a8a72c0ff381a7f331b7f3c0ad40cb37ed544033775988da3a103a8894698b20
                                                                                • Opcode Fuzzy Hash: 5595e563efb766a971b0e5b506b2424f44c5878779ef7585b12127f7c7908f3b
                                                                                • Instruction Fuzzy Hash: 111118B58003499FDB10DF9AC845BEEFBF8EB48324F14841AE954A7740D379A544CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00C29248, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00C292AE
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467527036.0000000000C20000.00000040.00000001.sdmp, Offset: 00C20000, based on PE: false
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 2c9dcfdc24fbb586c90542dfd104544955075493ef2768a210b1efc931e6c151
                                                                                • Instruction ID: 3adb5d8191b3efc6b18d4275d7eddf345e75454f55b78ea1ed03c2194230f5b4
                                                                                • Opcode Fuzzy Hash: 2c9dcfdc24fbb586c90542dfd104544955075493ef2768a210b1efc931e6c151
                                                                                • Instruction Fuzzy Hash: 1E11E0B5C006599FDB10DF9AD844BDEFBF4EB88324F14842AD829A7600C379A645CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07181C88, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.475459809.0000000007180000.00000040.00000001.sdmp, Offset: 07180000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DispatchMessage
                                                                                • String ID:
                                                                                • API String ID: 2061451462-0
                                                                                • Opcode ID: 2da52ad3e7668429d7014b4e5d6d098bfca8c3b6897d13b3c464777e3a60f103
                                                                                • Instruction ID: b92dffa72b3d3b9126cda231190f91225c7f47c5931ff709679dd8c8932eed39
                                                                                • Opcode Fuzzy Hash: 2da52ad3e7668429d7014b4e5d6d098bfca8c3b6897d13b3c464777e3a60f103
                                                                                • Instruction Fuzzy Hash: 0B11E0B5C006499FCB10DF9AD844BDEBBF4EB48324F14852AE819A7240D378A545CFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06D86200, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SendMessageW.USER32(?,?,?,?), ref: 06D8625D
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.474525527.0000000006D80000.00000040.00000001.sdmp, Offset: 06D80000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 20f78a7d396b599fe68890532601854864beac609a0ec0cb8f74e824dd0458a1
                                                                                • Instruction ID: 765f2e92cd05c00fb5a0fb653784dd47d654e0180c0600abf1ce179a1a156ab2
                                                                                • Opcode Fuzzy Hash: 20f78a7d396b599fe68890532601854864beac609a0ec0cb8f74e824dd0458a1
                                                                                • Instruction Fuzzy Hash: EB11E5B58003499FDB20DF99D888BDEBBF8EB48324F10845AE918A7700C379A554CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06D861FF, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SendMessageW.USER32(?,?,?,?), ref: 06D8625D
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.474525527.0000000006D80000.00000040.00000001.sdmp, Offset: 06D80000, based on PE: false
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 78e150a9a9ebb69376cc4753e5aefe22245d98e3c08a1c7541cdb69ad4fcb13e
                                                                                • Instruction ID: 6f2e5865252613a17ccc765ee33012475bd15a6d4ae21fcd7075cfcc99da2a00
                                                                                • Opcode Fuzzy Hash: 78e150a9a9ebb69376cc4753e5aefe22245d98e3c08a1c7541cdb69ad4fcb13e
                                                                                • Instruction Fuzzy Hash: 8411E5B58002499FDB20DF99D888BDEBBF8EB48324F10845AE918A7700C379A554CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07181C90, Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.475459809.0000000007180000.00000040.00000001.sdmp, Offset: 07180000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DispatchMessage
                                                                                • String ID:
                                                                                • API String ID: 2061451462-0
                                                                                • Opcode ID: dc26bdc431a4f18e542f8fb1ab5b60c3e0a64814030c9048a0318811380d173e
                                                                                • Instruction ID: 85a946c1c823858b7a67df5d66fdd0c4e6bb4078f305659320fa32fe1a805acd
                                                                                • Opcode Fuzzy Hash: dc26bdc431a4f18e542f8fb1ab5b60c3e0a64814030c9048a0318811380d173e
                                                                                • Instruction Fuzzy Hash: 2A11D0B5C006499FCB10DF9AD844BDEFBF4EB48324F10852AE819A7640D378A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508BF5C, Relevance: .3, Instructions: 341COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7ebe682fdf7708b664d64cdee4f010bfabe043d8006da847f7039a2cf7520d0e
                                                                                • Instruction ID: 2e90feae60e4e8b0fc007a341058d4be56fa953e2af7baa78c97937111f6843f
                                                                                • Opcode Fuzzy Hash: 7ebe682fdf7708b664d64cdee4f010bfabe043d8006da847f7039a2cf7520d0e
                                                                                • Instruction Fuzzy Hash: 92B1D031A05208CFDB21EFA5D940ABEBBF6FF84304F20856DD149AB282DB319955CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508EE40, Relevance: .1, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4d4edc05e109cf0ee9def00ee2913aedaa4da54f4e976a2ca3fed6b8057f1165
                                                                                • Instruction ID: e5b8b5eed327b766c1e00143aa0d00edfd6bc56b42cafcad6dff2494ec16fbb8
                                                                                • Opcode Fuzzy Hash: 4d4edc05e109cf0ee9def00ee2913aedaa4da54f4e976a2ca3fed6b8057f1165
                                                                                • Instruction Fuzzy Hash: C8417C70E1811BABDB41BFB4E859EBE7BF2FB45340F100426E4D2E7294F634C9918A90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508F830, Relevance: .1, Instructions: 120COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4a18ada0345dff292203ca1db840b295a712a52760b9920cd5ac0192b9de03b7
                                                                                • Instruction ID: e20254665871a3d655915fb86826a03cea36a1ec8f7963686ed6efc9e98da598
                                                                                • Opcode Fuzzy Hash: 4a18ada0345dff292203ca1db840b295a712a52760b9920cd5ac0192b9de03b7
                                                                                • Instruction Fuzzy Hash: E0417D70E0811BEFCB41BFB4E949EBE7BF2AB45240F100426D4D2E7255F63489918A91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508E4A2, Relevance: .1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4e950026673cabb80ed6820732f5ab31890f19a02b0c810655ba8660e4e1b8db
                                                                                • Instruction ID: fac89dd17c0d10b8a5571fa8622b25dcafe853524e9b487b88582e66a1e2a287
                                                                                • Opcode Fuzzy Hash: 4e950026673cabb80ed6820732f5ab31890f19a02b0c810655ba8660e4e1b8db
                                                                                • Instruction Fuzzy Hash: 47414531A05218DFEB25AFA5D9449ADFFB2FF48304F218159D5417B296CB3199A1CF40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508F9C1, Relevance: .1, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a495cffc2273ee11faa3a9c9f9af48687d7134a8cc1b8393137150a0820cfd51
                                                                                • Instruction ID: fd4aa1c508709dbf296d28676e855e406687e12c3c1055dcf7d476c6c157fce9
                                                                                • Opcode Fuzzy Hash: a495cffc2273ee11faa3a9c9f9af48687d7134a8cc1b8393137150a0820cfd51
                                                                                • Instruction Fuzzy Hash: 3631E631A00206AFCB14AF79D844EEEBBF5FF89350F14866AE486D7210DB34E545CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508E1E0, Relevance: .1, Instructions: 91COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 45367a74c4d325f36ff48347d7a6388a4f12eed746f7fef063c51cd9c17461bd
                                                                                • Instruction ID: e360ab926a67592e7542494ec38cc1da8979c7b2b3c0a91a5e09c317e19f6f18
                                                                                • Opcode Fuzzy Hash: 45367a74c4d325f36ff48347d7a6388a4f12eed746f7fef063c51cd9c17461bd
                                                                                • Instruction Fuzzy Hash: 9F315931A001188FCB14EFA8D995EEDBBF5FF49304F2441AAE545EB261DB319E40CB60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508F6D8, Relevance: .1, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 02f27c80cabb34d04fa20405f29de2c914623461fe9db918913a5af27f07c83e
                                                                                • Instruction ID: 003940550ac8862614eea29d9800832f0e9b188c31a47ea2ba37de39dae32a68
                                                                                • Opcode Fuzzy Hash: 02f27c80cabb34d04fa20405f29de2c914623461fe9db918913a5af27f07c83e
                                                                                • Instruction Fuzzy Hash: 35319030914608CFCB01FFB4D954AEEBBB6AF46300F10856AE0456B261DB31A948CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508BF4C, Relevance: .1, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 884d29a9a22f08c8751a79870104c077502d45f7874550c138f712772f7be9e0
                                                                                • Instruction ID: 19449c9f89866c4e7533ad323cf2e7c435ebdf9fddf5b95b8a9591fcf9d95f69
                                                                                • Opcode Fuzzy Hash: 884d29a9a22f08c8751a79870104c077502d45f7874550c138f712772f7be9e0
                                                                                • Instruction Fuzzy Hash: 2321D830E08216D7CB25BF68E4489BEBBBAFF41240B505566D9CB67244EB31D9148A91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BDD01C, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467329785.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d8991a3619ca41d87b71c722c3632ab3c79c2b852fa0b1ef99dc564d8685dca1
                                                                                • Instruction ID: 2ac5bfacc25b4b4268013b91b275e3705dd9f0e0b21ac30e95c55d028295023c
                                                                                • Opcode Fuzzy Hash: d8991a3619ca41d87b71c722c3632ab3c79c2b852fa0b1ef99dc564d8685dca1
                                                                                • Instruction Fuzzy Hash: 2521F2B5508240DFCB14DF24D8D0B26FBA5FB88314F24C5AAE9894B346D336D847CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BDD1D4, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467329785.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ccab0fab3ee94bed120985701773ed15668e27e535f97ecd1fa9a6f3090e3112
                                                                                • Instruction ID: e008f21bcd9e29f7c6b4cd0752f5ee39afd7d83c8af250f9a22534dee95d0949
                                                                                • Opcode Fuzzy Hash: ccab0fab3ee94bed120985701773ed15668e27e535f97ecd1fa9a6f3090e3112
                                                                                • Instruction Fuzzy Hash: 1C21F2B1604200EFDB05DF64D9C0B26FBA5FB84314F24C9EEE9894B346D336D846CA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508BF3C, Relevance: .1, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: accbc76f2b8af36238cfb7899dd2f9a83ee9f302674c39e61e429ca9049c268d
                                                                                • Instruction ID: f6f6fd788589eccc8ef0c067119503a4516492a2f2af2d612335647871f2294f
                                                                                • Opcode Fuzzy Hash: accbc76f2b8af36238cfb7899dd2f9a83ee9f302674c39e61e429ca9049c268d
                                                                                • Instruction Fuzzy Hash: F011C471F0410AEBCF21BA65E5489FE7FB5FB40300B244CA5D0C9B2294E2318D308E95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BDD005, Relevance: .1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467329785.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1b5720440e3a3eeef585f5aabe29fb98a693e84b5c1f460d682db1922a0ceb3d
                                                                                • Instruction ID: 933b86353b120e99239501822a5e7a8bd9f9fa578449f6ba222d8513e3501320
                                                                                • Opcode Fuzzy Hash: 1b5720440e3a3eeef585f5aabe29fb98a693e84b5c1f460d682db1922a0ceb3d
                                                                                • Instruction Fuzzy Hash: 4A2153755093809FCB12CF24D5A4715FF71EB45314F28C5DBD8898B657C33A984ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508FAC0, Relevance: .1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d929a4ec67e55f9c9c148481c9ba12b602c9b607ec54fc07da5e4d96a5271a50
                                                                                • Instruction ID: 374ebfb55ef3ed37cc92e83bedfd46ef8cfb61094f817e54a2db094bce195161
                                                                                • Opcode Fuzzy Hash: d929a4ec67e55f9c9c148481c9ba12b602c9b607ec54fc07da5e4d96a5271a50
                                                                                • Instruction Fuzzy Hash: 6E114C74A0061AEFCB10DFA8D0416BEBBF1EF48310F1084AAE559E7350E775AA51CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BDD1CF, Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.467329785.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
                                                                                • Instruction ID: 5129bb2b9ae114736662bfcca5ae8540d57af3793aec7a9df6712d09e94307ae
                                                                                • Opcode Fuzzy Hash: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
                                                                                • Instruction Fuzzy Hash: 9E118B75904280DFCB15DF14D5C4B15FBB1FB84324F28C6AAD8894B756D33AD84ACB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508E308, Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7e574be6622e533ea8c50fecddc665b594602daf6604298a1e283347b8cb3477
                                                                                • Instruction ID: 48ab8b9c85ed6f16b38c1a22e33038b663efa82121efe4e2105dc05b111e9ab6
                                                                                • Opcode Fuzzy Hash: 7e574be6622e533ea8c50fecddc665b594602daf6604298a1e283347b8cb3477
                                                                                • Instruction Fuzzy Hash: 60F0D672F04115BBCB327665E90DAFE7BE9E785210B184866D48AE3390E1308E144AD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508FAAF, Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2d4dc1a020bc0520c299d4515467a9528184a5ca4dc4e385bd5be78bc4bdd51f
                                                                                • Instruction ID: abdc4d68498838203a0be451d2202558aed9e5c3f44cd86b2cd6d6410186c930
                                                                                • Opcode Fuzzy Hash: 2d4dc1a020bc0520c299d4515467a9528184a5ca4dc4e385bd5be78bc4bdd51f
                                                                                • Instruction Fuzzy Hash: 5001F471B00111AFEB00EB78E0417FC7BE1DF49220F5480ADE549EB351DA35EE418B51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508F9D0, Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 960d65bda3cdab98da136daae201d8d42a8b10e9ad7800c630ad5a842b0bc4b4
                                                                                • Instruction ID: 7b3a47b12d02e8cf91c12f3b07ffef6058478a206c3f32f6d7d06588d9b1a960
                                                                                • Opcode Fuzzy Hash: 960d65bda3cdab98da136daae201d8d42a8b10e9ad7800c630ad5a842b0bc4b4
                                                                                • Instruction Fuzzy Hash: 1D01863191060A9BCF10EF75D8448DEFB76FFC9318F118729E14567120EB71A599C790
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508BF94, Relevance: .0, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4f21714d7a1396feb1e43328582e6f3f11f8a39748dca883c4b8241178158884
                                                                                • Instruction ID: 7e06687571955f51f73fd6880ff38cb39410d123499ff38f70662a67850563c9
                                                                                • Opcode Fuzzy Hash: 4f21714d7a1396feb1e43328582e6f3f11f8a39748dca883c4b8241178158884
                                                                                • Instruction Fuzzy Hash: 79F0A730209355DFC716BB34D514969B7E5EF0630430588AEE1A9CB292C675EC81C741
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508E918, Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: db0826eeae1cbc4f08d577dd566be773f83c78356e7c5e4af4e278eb842ec94e
                                                                                • Instruction ID: 7a0257604395e8f23c30af7570acf058557f61a39cb117fb5d07b63d20d36d76
                                                                                • Opcode Fuzzy Hash: db0826eeae1cbc4f08d577dd566be773f83c78356e7c5e4af4e278eb842ec94e
                                                                                • Instruction Fuzzy Hash: E4E09230200211CFC314EF38D545A56B3E9EF01318710816DE05987791C772F850CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0508E8C8, Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.472868346.0000000005080000.00000040.00000001.sdmp, Offset: 05080000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6d5a57d5f2029cc337b673123f48778a65d52fa04683ae8c0c501741d691e251
                                                                                • Instruction ID: db9fadff084d5baac1a4c978ad9dcb43614f036ed8dd71baaa80db8adcdf5502
                                                                                • Opcode Fuzzy Hash: 6d5a57d5f2029cc337b673123f48778a65d52fa04683ae8c0c501741d691e251
                                                                                • Instruction Fuzzy Hash: CCE0263320235047EE517668F8047EA37CAC7812ACF018425E118AA285DBB8EA828FD0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Analysis Process: JSChk2v3o9.exe PID: 5608 Parent PID: 3388 JSChk2v3o9.exeCOMMON

                                                                                Executed Functions

                                                                                Function 00BCB042, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00BCB0B0
                                                                                • GetCurrentThread.KERNEL32 ref: 00BCB0ED
                                                                                • GetCurrentProcess.KERNEL32 ref: 00BCB12A
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BCB183
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: 3a4b0b8cbaa207db6cfa6432d21bda0e39e8c4b876b5f45e08a1862cc37d5957
                                                                                • Instruction ID: 05ff2d8ee2e9d64fa15fcb9eb71af7490443e4b90ca04e204b7fd39f6d57ce66
                                                                                • Opcode Fuzzy Hash: 3a4b0b8cbaa207db6cfa6432d21bda0e39e8c4b876b5f45e08a1862cc37d5957
                                                                                • Instruction Fuzzy Hash: 995154B09006498FDB11DFAAC989BEEBBF0FF49314F24849DE019A7251C7745984CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BCB050, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00BCB0B0
                                                                                • GetCurrentThread.KERNEL32 ref: 00BCB0ED
                                                                                • GetCurrentProcess.KERNEL32 ref: 00BCB12A
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BCB183
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: b329fa8963873839ef2dd9c548ab6316b4b1d8281f6f75283b957d4d00f751ce
                                                                                • Instruction ID: b1c18e9ee9ab37b79eccee15c55a5c1ad2b15a68302be450d06983c10756a745
                                                                                • Opcode Fuzzy Hash: b329fa8963873839ef2dd9c548ab6316b4b1d8281f6f75283b957d4d00f751ce
                                                                                • Instruction Fuzzy Hash: C95153B09006498FDB14EFAACA89BAEBBF4FF48314F24849DE019A7350C7745984CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BC9068, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00BC92AE
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 928222a97e94f8e83737774ed16d217f57f6a022138efd7b298bb1beb4abe35e
                                                                                • Instruction ID: 5f73aa694e24d39f5cb67f3dfc8dee37454935415df84f0fe9e9a6f748601083
                                                                                • Opcode Fuzzy Hash: 928222a97e94f8e83737774ed16d217f57f6a022138efd7b298bb1beb4abe35e
                                                                                • Instruction Fuzzy Hash: A0713270A00B059FEB24DF6AC449B5AB7F1FB88304F00896DE49ADBA40DB34E9458B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BCF56C, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00BCF68A
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: fa4e1222b1d57dd4af321b2fdb26b851c6b7457b96277851b13004c8d965f65c
                                                                                • Instruction ID: 1d54864a597276967af1495b7669533d91901c9fb6729950191026568b91f3d8
                                                                                • Opcode Fuzzy Hash: fa4e1222b1d57dd4af321b2fdb26b851c6b7457b96277851b13004c8d965f65c
                                                                                • Instruction Fuzzy Hash: 9451C0B1D002499FDB14CFAAC980ADEBFF6FF88314F24816AE419AB210D7759945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BCF578, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00BCF68A
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: abf9c737df6dab57e47c08a7d5abbcf78ce1e6481ce23a23bdfa1b43355a7195
                                                                                • Instruction ID: d6e3f5c0868b29aa81e09cb717cab709cc106c7ea488939516065999238a4611
                                                                                • Opcode Fuzzy Hash: abf9c737df6dab57e47c08a7d5abbcf78ce1e6481ce23a23bdfa1b43355a7195
                                                                                • Instruction Fuzzy Hash: 7F41A0B1D003099FDB14CFAAC984ADEBBF6FF88314F24816AE419AB250D7759945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BC76E8, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 00BC77CD
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: bb534f25c26bfc0e8c16314996dd8af6a4da6f49e612d34efd0f72d86a8ef47e
                                                                                • Instruction ID: 7253b16a2e28ebcd05ff197dd24c604354223d9615f0d495ff51376d60c5d6b4
                                                                                • Opcode Fuzzy Hash: bb534f25c26bfc0e8c16314996dd8af6a4da6f49e612d34efd0f72d86a8ef47e
                                                                                • Instruction Fuzzy Hash: A8314734D443858FCB11EF65D444BEABFF4EB25318F14489ED040AB282D7789A49DF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BCB270, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BCB2FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: a7fa199057c1ee7ca99de62eb9f77f73b42b460ae0c4ee086745cee699e3363b
                                                                                • Instruction ID: 2c39baa61a1398ab7eb64bff22c35be3cc8932ab1d2cdbeb01fc3c1f1f092582
                                                                                • Opcode Fuzzy Hash: a7fa199057c1ee7ca99de62eb9f77f73b42b460ae0c4ee086745cee699e3363b
                                                                                • Instruction Fuzzy Hash: E72125B59002499FDB10CFAAD485AEEFFF8FB48320F14801AE814A7310C374A944CF61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BCB278, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BCB2FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: eef9432bd7f1da1d7379b66814736b20ce8314e45acbab11fbe6eaa151b4a338
                                                                                • Instruction ID: 4673744449575b54bec0ea7f6c291928700dbb4fc8ba464cf080363a287fcf1c
                                                                                • Opcode Fuzzy Hash: eef9432bd7f1da1d7379b66814736b20ce8314e45acbab11fbe6eaa151b4a338
                                                                                • Instruction Fuzzy Hash: 7A21F3B59002489FDF10CFAAD984ADEFBF8FB48324F14801AE914A7310D374AA54CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BC8C94, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00BC9329,00000800,00000000,00000000), ref: 00BC953A
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 2ada58ee71e9c1f5e51903d02a48c33e084308bf51bd0b11da5ee53fad960a48
                                                                                • Instruction ID: 3e624b67cfa65435ced6f6feff0a76ba5b991e7f7f67fdf8144224cc4a1c789c
                                                                                • Opcode Fuzzy Hash: 2ada58ee71e9c1f5e51903d02a48c33e084308bf51bd0b11da5ee53fad960a48
                                                                                • Instruction Fuzzy Hash: BD1106B69003088FDB10DF9AC448BDEFBF4EB48324F10845EE515A7600C375A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BC7758, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 00BC77CD
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: 5c3f204badb155a5e0f5f9f036c056a342591d79f975c3462757cb2dff5b9350
                                                                                • Instruction ID: 32f887940c6bfb9c206ecd2a0ca1db37a89340e45cde8f03b76dcf2e6ed05917
                                                                                • Opcode Fuzzy Hash: 5c3f204badb155a5e0f5f9f036c056a342591d79f975c3462757cb2dff5b9350
                                                                                • Instruction Fuzzy Hash: 0021F075804389CFDB11DFA9C5047DAFFF8EB15318F14449AD080A7682C7789A48CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BC94CF, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00BC9329,00000800,00000000,00000000), ref: 00BC953A
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 92c17a9e7335d8605b944adeb427d52c3282e7024a9ac2ec1101cd1cdb2a24af
                                                                                • Instruction ID: d5e6d49cca9d72c2e3a6fa716629f5780c9c3bb1b9f942a7806081efe351c7e5
                                                                                • Opcode Fuzzy Hash: 92c17a9e7335d8605b944adeb427d52c3282e7024a9ac2ec1101cd1cdb2a24af
                                                                                • Instruction Fuzzy Hash: A31114B28003488FDB10CFAAD444BDEFBF4EB88320F14845EE459A7200C375A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00BC9248, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00BC92AE
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466744399.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 2138f1d6f69d398037ef82f91fdda763699caf33258726cba4a1a2d6c26c07f3
                                                                                • Instruction ID: c78242e912db736ed1c69c37d2830befb716aecb33d5b346edc4e52fc75ff33e
                                                                                • Opcode Fuzzy Hash: 2138f1d6f69d398037ef82f91fdda763699caf33258726cba4a1a2d6c26c07f3
                                                                                • Instruction Fuzzy Hash: B711E0B6C006499FDB10DF9AC448BDEFBF8EB88324F14845AD469A7600C375A645CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0080D3C8, Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.464754396.000000000080D000.00000040.00000001.sdmp, Offset: 0080D000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 809ba5920d04233756fd817bc4f74494b020846402bec65fe39e2a0fb1473eae
                                                                                • Instruction ID: 080202453a20f0184fdf8b9b3d2c9e996eee66d7f6f2c79673ef080f76dbb044
                                                                                • Opcode Fuzzy Hash: 809ba5920d04233756fd817bc4f74494b020846402bec65fe39e2a0fb1473eae
                                                                                • Instruction Fuzzy Hash: 462167B1504704DFDF50DF54DCC0B26BB65FB84328F24C5A8E9098B28AC336E816C7A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AFD01C, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466231654.0000000000AFD000.00000040.00000001.sdmp, Offset: 00AFD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bdd2578f1c3f569cbee3965da2298209142d0c55b46eda9c166e29853d31ff85
                                                                                • Instruction ID: a09b452fffd60ec37d09d981f11e30963a35fd638911fddd7cd15b4eebb79656
                                                                                • Opcode Fuzzy Hash: bdd2578f1c3f569cbee3965da2298209142d0c55b46eda9c166e29853d31ff85
                                                                                • Instruction Fuzzy Hash: 8521F571504248DFDB16DF64D8C0B26BB66FB84314F24C5A9FA0A4B246CB36D847CA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AFD1D4, Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466231654.0000000000AFD000.00000040.00000001.sdmp, Offset: 00AFD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 584f871688ac26869ec76b35231ee1c3c5c7ed916c25c87da34fdd1aea66a472
                                                                                • Instruction ID: b0b51b706932d42d5c796212268a9bfb84ecd41779e9790c3496e744c50dbb20
                                                                                • Opcode Fuzzy Hash: 584f871688ac26869ec76b35231ee1c3c5c7ed916c25c87da34fdd1aea66a472
                                                                                • Instruction Fuzzy Hash: DD2107B1504208EFDB02DF94D9C0B76BB66FB84314F24C9ADFA094B246C736D846DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AFD006, Relevance: .1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466231654.0000000000AFD000.00000040.00000001.sdmp, Offset: 00AFD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0bcf588f1b8a8918d73b35f39af7b7366e140c69b1907f18099fdb9c9a2c3cc4
                                                                                • Instruction ID: da529a8605929d4a4fe0fadbb5dea845d1c15565b49521fb2b0231cf56a36218
                                                                                • Opcode Fuzzy Hash: 0bcf588f1b8a8918d73b35f39af7b7366e140c69b1907f18099fdb9c9a2c3cc4
                                                                                • Instruction Fuzzy Hash: CD2192755093C48FCB03CF24D990715BF71EB46314F28C5EAD8498B657C33A980ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0080D3C3, Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.464754396.000000000080D000.00000040.00000001.sdmp, Offset: 0080D000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
                                                                                • Instruction ID: 698e29a787d15153941f76ad3c735e3c6c25f8159661461d4ebd90b13c8010b7
                                                                                • Opcode Fuzzy Hash: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
                                                                                • Instruction Fuzzy Hash: 0511B176504680CFDB11CF54D9C4B1ABF71FB94324F28C6A9D8094B656C336E85ACBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AFD1CF, Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.466231654.0000000000AFD000.00000040.00000001.sdmp, Offset: 00AFD000, based on PE: false
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
                                                                                • Instruction ID: 620a4b1b0f3eb333e790431e43daabd8edbadb89bc7716cc0ed485a36396c92a
                                                                                • Opcode Fuzzy Hash: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
                                                                                • Instruction Fuzzy Hash: 5111D075504284DFCB02CF50C5C0B65FB72FB84314F24C6AEE9494B656C33AD84ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions