Loading ...

Play interactive tourEdit tour

Analysis Report b2NaDSFu9T.exe

Overview

General Information

Sample Name:b2NaDSFu9T.exe
Analysis ID:402647
MD5:042aa11c6d49e1cca5923f02d1b0a5ae
SHA1:5a89ff2f9702a53fb638b8c7229ba868aaa58ae9
SHA256:3383218b916baf1a46989c4f253b29eb81e97ac763ab71615c81d85a18495f34
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

NanoCore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Nanocore RAT
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • b2NaDSFu9T.exe (PID: 5340 cmdline: 'C:\Users\user\Desktop\b2NaDSFu9T.exe' MD5: 042AA11C6D49E1CCA5923F02D1B0A5AE)
    • RegSvcs.exe (PID: 4892 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe MD5: 71369277D09DA0830C8C59F9E22BB23A)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": ".0.0.0,", "Mutex": "21f4355e-8257-4e77-8f1b-c822c6ea", "Group": "BUILD", "Domain1": "79.134.225.26", "Domain2": "nassiru1166main.ddns.net", "Port": 1133, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x2a02ad:$x1: NanoCore.ClientPluginHost
    • 0x3252cd:$x1: NanoCore.ClientPluginHost
    • 0x2a02ea:$x2: IClientNetworkHost
    • 0x32530a:$x2: IClientNetworkHost
    • 0x2a3e1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x328e3d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x2a0015:$a: NanoCore
      • 0x2a0025:$a: NanoCore
      • 0x2a0259:$a: NanoCore
      • 0x2a026d:$a: NanoCore
      • 0x2a02ad:$a: NanoCore
      • 0x325035:$a: NanoCore
      • 0x325045:$a: NanoCore
      • 0x325279:$a: NanoCore
      • 0x32528d:$a: NanoCore
      • 0x3252cd:$a: NanoCore
      • 0x2a0074:$b: ClientPlugin
      • 0x2a0276:$b: ClientPlugin
      • 0x2a02b6:$b: ClientPlugin
      • 0x325094:$b: ClientPlugin
      • 0x325296:$b: ClientPlugin
      • 0x3252d6:$b: ClientPlugin
      • 0x2a019b:$c: ProjectData
      • 0x3251bb:$c: ProjectData
      • 0x2a0ba2:$d: DESCrypto
      • 0x325bc2:$d: DESCrypto
      • 0x2a856e:$e: KeepAlive
      Process Memory Space: b2NaDSFu9T.exe PID: 5340JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0x1018d:$x1: NanoCore.ClientPluginHost
        • 0x951ad:$x1: NanoCore.ClientPluginHost
        • 0x101ca:$x2: IClientNetworkHost
        • 0x951ea:$x2: IClientNetworkHost
        • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        • 0x98d1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
          0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
          • 0xfef5:$a: NanoCore
          • 0xff05:$a: NanoCore
          • 0x10139:$a: NanoCore
          • 0x1014d:$a: NanoCore
          • 0x1018d:$a: NanoCore
          • 0x94f15:$a: NanoCore
          • 0x94f25:$a: NanoCore
          • 0x95159:$a: NanoCore
          • 0x9516d:$a: NanoCore
          • 0x951ad:$a: NanoCore
          • 0xff54:$b: ClientPlugin
          • 0x10156:$b: ClientPlugin
          • 0x10196:$b: ClientPlugin
          • 0x94f74:$b: ClientPlugin
          • 0x95176:$b: ClientPlugin
          • 0x951b6:$b: ClientPlugin
          • 0x1007b:$c: ProjectData
          • 0x9509b:$c: ProjectData
          • 0x10a82:$d: DESCrypto
          • 0x95aa2:$d: DESCrypto
          • 0x1844e:$e: KeepAlive
          0.2.b2NaDSFu9T.exe.41a1120.2.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
          • 0xe38d:$x1: NanoCore.ClientPluginHost
          • 0xe3ca:$x2: IClientNetworkHost
          • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
          0.2.b2NaDSFu9T.exe.41a1120.2.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
          • 0xe105:$x1: NanoCore Client.exe
          • 0xe38d:$x2: NanoCore.ClientPluginHost
          • 0xf9c6:$s1: PluginCommand
          • 0xf9ba:$s2: FileCommand
          • 0x1086b:$s3: PipeExists
          • 0x16622:$s4: PipeCreated
          • 0xe3b7:$s5: IClientLoggingHost
          Click to see the 2 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: NanoCoreShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe, ProcessId: 4892, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpackMalware Configuration Extractor: NanoCore {"Version": ".0.0.0,", "Mutex": "21f4355e-8257-4e77-8f1b-c822c6ea", "Group": "BUILD", "Domain1": "79.134.225.26", "Domain2": "nassiru1166main.ddns.net", "Port": 1133, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8"}
          Multi AV Scanner detection for submitted fileShow sources
          Source: b2NaDSFu9T.exeVirustotal: Detection: 17%Perma Link
          Source: b2NaDSFu9T.exeReversingLabs: Detection: 17%
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPE
          Source: b2NaDSFu9T.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
          Source: b2NaDSFu9T.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: mscorrc.pdb source: b2NaDSFu9T.exe, 00000000.00000002.263181372.0000000005110000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04F50460
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04F50451
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04F505A8
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04F50598

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49707 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49716 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49721 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49724 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49728 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49729 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49730 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49731 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49738 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49744 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49745 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49746 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49750 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49759 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49760 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49761 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49762 -> 79.134.225.26:1133
          Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.7:49763 -> 79.134.225.26:1133
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: 79.134.225.26
          Source: Malware configuration extractorURLs: nassiru1166main.ddns.net
          Source: global trafficTCP traffic: 192.168.2.7:49707 -> 79.134.225.26:1133
          Source: Joe Sandbox ViewIP Address: 79.134.225.26 79.134.225.26
          Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.26
          Source: b2NaDSFu9T.exeString found in binary or memory: https://github.com/unguest
          Source: b2NaDSFu9T.exeString found in binary or memory: https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
          Source: b2NaDSFu9T.exe, 00000000.00000002.258151442.0000000001069000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_04F60032 NtQuerySystemInformation,0_2_04F60032
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_04F60007 NtQuerySystemInformation,0_2_04F60007
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B942900_2_02B94290
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B926200_2_02B92620
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B974680_2_02B97468
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B939880_2_02B93988
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B931800_2_02B93180
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B951300_2_02B95130
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B942820_2_02B94282
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B96AF80_2_02B96AF8
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B96AE80_2_02B96AE8
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B97ED00_2_02B97ED0
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B95E280_2_02B95E28
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B96E200_2_02B96E20
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B9BA200_2_02B9BA20
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B95E190_2_02B95E19
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B926100_2_02B92610
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B96E100_2_02B96E10
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B972680_2_02B97268
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B972580_2_02B97258
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B97E540_2_02B97E54
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B94FFF0_2_02B94FFF
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B930D00_2_02B930D0
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B9BC380_2_02B9BC38
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B950380_2_02B95038
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B970180_2_02B97018
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B970080_2_02B97008
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B974590_2_02B97459
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B9B5980_2_02B9B598
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B93DE80_2_02B93DE8
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B939380_2_02B93938
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B939780_2_02B93978
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_04F501330_2_04F50133
          Source: b2NaDSFu9T.exeBinary or memory string: OriginalFilename vs b2NaDSFu9T.exe
          Source: b2NaDSFu9T.exe, 00000000.00000002.263411006.0000000005260000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll( vs b2NaDSFu9T.exe
          Source: b2NaDSFu9T.exe, 00000000.00000002.263841980.00000000057A0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs b2NaDSFu9T.exe
          Source: b2NaDSFu9T.exe, 00000000.00000002.263181372.0000000005110000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs b2NaDSFu9T.exe
          Source: b2NaDSFu9T.exe, 00000000.00000002.258151442.0000000001069000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs b2NaDSFu9T.exe
          Source: b2NaDSFu9T.exeBinary or memory string: OriginalFilenameInterfaceTypeAttribute.exe6 vs b2NaDSFu9T.exe
          Source: b2NaDSFu9T.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: b2NaDSFu9T.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/3@0/1
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\b2NaDSFu9T.exe.logJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{21f4355e-8257-4e77-8f1b-c822c6ea3cbe}
          Source: b2NaDSFu9T.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: b2NaDSFu9T.exeVirustotal: Detection: 17%
          Source: b2NaDSFu9T.exeReversingLabs: Detection: 17%
          Source: unknownProcess created: C:\Users\user\Desktop\b2NaDSFu9T.exe 'C:\Users\user\Desktop\b2NaDSFu9T.exe'
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: b2NaDSFu9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: b2NaDSFu9T.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: b2NaDSFu9T.exeStatic file information: File size 1141760 > 1048576
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
          Source: b2NaDSFu9T.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x115800
          Source: b2NaDSFu9T.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: mscorrc.pdb source: b2NaDSFu9T.exe, 00000000.00000002.263181372.0000000005110000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_007C8A79 push cs; iretd 0_2_007C8BA4
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_007C9E79 push cs; retf 0_2_007C9E84
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_007C9477 push cs; ret 0_2_007C9484
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_007C9E87 push cs; retf 0_2_007C9EA0
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeCode function: 0_2_02B99072 push cs; ret 0_2_02B99073
          Source: initial sampleStatic PE information: section name: .text entropy: 7.96059480846

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: b2NaDSFu9T.exe PID: 5340, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeWindow / User API: threadDelayed 364Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeWindow / User API: foregroundWindowGot 645Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeWindow / User API: foregroundWindowGot 731Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exe TID: 3888Thread sleep time: -100818s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exe TID: 4920Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exe TID: 2840Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeThread delayed: delay time: 100818Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: b2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Allocates memory in foreign processesShow sources
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 402000Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 420000Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 422000Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 824008Jump to behavior
          Source: C:\Users\user\Desktop\b2NaDSFu9T.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeJump to behavior
          Source: RegSvcs.exe, 00000001.00000003.316775849.0000000000E52000.00000004.00000001.sdmpBinary or memory string: Program Manager
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.b2NaDSFu9T.exe.41a1120.2.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection312Masquerading1Input Capture1Security Software Discovery11Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection312NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsSystem Information Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          b2NaDSFu9T.exe18%VirustotalBrowse
          b2NaDSFu9T.exe17%ReversingLabsByteCode-MSIL.Backdoor.NanoBot

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          79.134.225.260%Avira URL Cloudsafe
          nassiru1166main.ddns.net0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          79.134.225.26true
          • Avira URL Cloud: safe
          unknown
          nassiru1166main.ddns.nettrue
          • Avira URL Cloud: safe
          unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://github.com/unguestb2NaDSFu9T.exefalse
            high
            https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssb2NaDSFu9T.exe, 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmpfalse
              high
              https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGPropertyb2NaDSFu9T.exefalse
                high

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                79.134.225.26
                unknownSwitzerland
                6775FINK-TELECOM-SERVICESCHtrue

                General Information

                Joe Sandbox Version:32.0.0 Black Diamond
                Analysis ID:402647
                Start date:03.05.2021
                Start time:11:34:42
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 7m 44s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:b2NaDSFu9T.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:26
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@3/3@0/1
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 0.3% (good quality ratio 0.3%)
                • Quality average: 77%
                • Quality standard deviation: 0%
                HCA Information:
                • Successful, ratio: 82%
                • Number of executed functions: 91
                • Number of non-executed functions: 19
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                Warnings:
                Show All
                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                11:35:53API Interceptor1x Sleep call for process: b2NaDSFu9T.exe modified
                11:35:55API Interceptor1060x Sleep call for process: RegSvcs.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                79.134.225.26Original title deed.xlsxGet hashmaliciousBrowse
                  PpkzTxJVyC.exeGet hashmaliciousBrowse
                    Original title deed.xlsxGet hashmaliciousBrowse
                      jk55xlWn7a.exeGet hashmaliciousBrowse
                        Qds5xiJaAX.exeGet hashmaliciousBrowse
                          INVOICE.xlsxGet hashmaliciousBrowse
                            owrCPP2YTC.exeGet hashmaliciousBrowse
                              reorder17032021.PDF.exeGet hashmaliciousBrowse
                                re-order15032021.PDF.exeGet hashmaliciousBrowse
                                  new order15032021.PDF.exeGet hashmaliciousBrowse
                                    CLEW enquiry 2021.PDF.exeGet hashmaliciousBrowse
                                      payment proof.png.exeGet hashmaliciousBrowse
                                        0001.exeGet hashmaliciousBrowse
                                          Purchase Order 2021-311743-045.xls.exeGet hashmaliciousBrowse
                                            CLEW enquiry 2021.PDF.exeGet hashmaliciousBrowse
                                              Purchase.exeGet hashmaliciousBrowse
                                                Quote.exeGet hashmaliciousBrowse
                                                  Quotation.exeGet hashmaliciousBrowse
                                                    invoicedHusrLjViL.exeGet hashmaliciousBrowse
                                                      SecuriteInfo.com.BehavesLike.Win32.Generic.jc.exeGet hashmaliciousBrowse

                                                        Domains

                                                        No context

                                                        ASN

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        FINK-TELECOM-SERVICESCHOriginal title deed.xlsxGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        ORDER INQUIRY.docGet hashmaliciousBrowse
                                                        • 79.134.225.52
                                                        To1sRo1E8P.exeGet hashmaliciousBrowse
                                                        • 79.134.225.25
                                                        BhTxt5BUvy.exeGet hashmaliciousBrowse
                                                        • 79.134.225.25
                                                        SCAN_ORDER & SAMPLES.exeGet hashmaliciousBrowse
                                                        • 79.134.225.52
                                                        Apr-advance payment #5972939.exeGet hashmaliciousBrowse
                                                        • 79.134.225.9
                                                        PpkzTxJVyC.exeGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        Original title deed.xlsxGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        swift copy.exeGet hashmaliciousBrowse
                                                        • 79.134.225.48
                                                        swift copy.exeGet hashmaliciousBrowse
                                                        • 79.134.225.48
                                                        jk55xlWn7a.exeGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        Qds5xiJaAX.exeGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        INVOICE.xlsxGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        UPSSHIPMENT_CONFIRMATION_CBJ19051700013_11Z35Q6Q80446518864888.docGet hashmaliciousBrowse
                                                        • 79.134.225.91
                                                        Payment-Confirmation_Copy.exeGet hashmaliciousBrowse
                                                        • 79.134.225.108
                                                        owrCPP2YTC.exeGet hashmaliciousBrowse
                                                        • 79.134.225.26
                                                        Payment Advice-BCS_ECS9522020090915390034_3159_952.jarGet hashmaliciousBrowse
                                                        • 79.134.225.59
                                                        nciv84yXK1.exeGet hashmaliciousBrowse
                                                        • 79.134.225.7
                                                        Rechnung.exeGet hashmaliciousBrowse
                                                        • 79.134.225.39
                                                        ENrYP02wGO.exeGet hashmaliciousBrowse
                                                        • 79.134.225.91

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\b2NaDSFu9T.exe.log
                                                        Process:C:\Users\user\Desktop\b2NaDSFu9T.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):664
                                                        Entropy (8bit):5.288448637977022
                                                        Encrypted:false
                                                        SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                                        MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                                        SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                                        SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                                        SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                                        Malicious:true
                                                        Reputation:moderate, very likely benign file
                                                        Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                                                        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                        Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):432
                                                        Entropy (8bit):7.012278113302776
                                                        Encrypted:false
                                                        SSDEEP:12:X4LEnybgCF7wHJyCe8O6LEnybgCF7wHJyCe8Oh:IQnybgCyHJ5lQnybgCyHJ5i
                                                        MD5:9D28662484E30E8B7C123705C7B0C8E6
                                                        SHA1:BFB9A9E2BDC178B5E8FE1CDFB68D65D8D7F4840A
                                                        SHA-256:F699DB97FD0C37997AA67809552C1B2C6500E07660D0540055896615F12A90D7
                                                        SHA-512:58303088530E6548BBFB1800A52221CE5A29E33A48442DD16524EB1021850E902C0E01FE9035CC8C794E966AFD6A7FA950974E3F1B320A8F37F6090C6D7D3820
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|X
                                                        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                        Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8
                                                        Entropy (8bit):3.0
                                                        Encrypted:false
                                                        SSDEEP:3:cmr8tn:cNtn
                                                        MD5:0DC2073C953398D28C9D8E44EEA5ADA1
                                                        SHA1:FA0FA923069FACF1AF850D9672C0FC451328C71E
                                                        SHA-256:7376B029584CD7CC2E8EB49E35D9243124AFA2AC557B6141C94788BADD19002A
                                                        SHA-512:83053423035A70D10B0FD614E2267EBE4E6995920E0CF5439CF42E4CFFFB201E3C89E2BFCB9608B0BB9D12B813B0BB0ADC2EBB6A989E2394C7AE162044D84951
                                                        Malicious:true
                                                        Reputation:low
                                                        Preview: ...Ib..H

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.956232639570589
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Windows Screen Saver (13104/52) 0.07%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        File name:b2NaDSFu9T.exe
                                                        File size:1141760
                                                        MD5:042aa11c6d49e1cca5923f02d1b0a5ae
                                                        SHA1:5a89ff2f9702a53fb638b8c7229ba868aaa58ae9
                                                        SHA256:3383218b916baf1a46989c4f253b29eb81e97ac763ab71615c81d85a18495f34
                                                        SHA512:6d0551584f1f4c5391012111be3bc251026d3db6a531ab7a8ce0d41cf278a254bc8a0bc66690a1a93c3bf52c2c1c70e7fcd94e4b8812bcea95efa8bda86d7184
                                                        SSDEEP:24576:jVdIEYuS48YvtC/X4kRxlhtJftkKrEMAtugu+/a:jEjX48uAzJEMZry
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..X...........w... ........@.. ....................................@................................

                                                        File Icon

                                                        Icon Hash:00828e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x517792
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                        Time Stamp:0x608FA4A3 [Mon May 3 07:22:11 2021 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:v2.0.50727
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1177400x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1180000xed0.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x11a0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x1157980x115800False0.960257425394data7.96059480846IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x1180000xed00x1000False0.3740234375data4.74787952307IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x11a0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        RT_VERSION0x1180900x3a4data
                                                        RT_MANIFEST0x1184440xa85XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Version Infos

                                                        DescriptionData
                                                        Translation0x0000 0x04b0
                                                        LegalCopyrightCopyright 2018
                                                        Assembly Version1.0.0.0
                                                        InternalNameInterfaceTypeAttribute.exe
                                                        FileVersion1.0.1.35
                                                        CompanyNameUnguest
                                                        LegalTrademarksUnguest
                                                        CommentsA light media player
                                                        ProductNameLightWatch
                                                        ProductVersion1.0.1.35
                                                        FileDescriptionLightWatch
                                                        OriginalFilenameInterfaceTypeAttribute.exe

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        05/03/21-11:35:57.731947TCP2025019ET TROJAN Possible NanoCore C2 60B497071133192.168.2.779.134.225.26
                                                        05/03/21-11:36:04.057658TCP2025019ET TROJAN Possible NanoCore C2 60B497161133192.168.2.779.134.225.26
                                                        05/03/21-11:36:10.300646TCP2025019ET TROJAN Possible NanoCore C2 60B497211133192.168.2.779.134.225.26
                                                        05/03/21-11:36:16.535954TCP2025019ET TROJAN Possible NanoCore C2 60B497241133192.168.2.779.134.225.26
                                                        05/03/21-11:36:32.356162TCP2025019ET TROJAN Possible NanoCore C2 60B497281133192.168.2.779.134.225.26
                                                        05/03/21-11:36:38.604791TCP2025019ET TROJAN Possible NanoCore C2 60B497291133192.168.2.779.134.225.26
                                                        05/03/21-11:36:44.807678TCP2025019ET TROJAN Possible NanoCore C2 60B497301133192.168.2.779.134.225.26
                                                        05/03/21-11:36:51.125432TCP2025019ET TROJAN Possible NanoCore C2 60B497311133192.168.2.779.134.225.26
                                                        05/03/21-11:36:57.381214TCP2025019ET TROJAN Possible NanoCore C2 60B497381133192.168.2.779.134.225.26
                                                        05/03/21-11:37:03.896572TCP2025019ET TROJAN Possible NanoCore C2 60B497441133192.168.2.779.134.225.26
                                                        05/03/21-11:37:13.224491TCP2025019ET TROJAN Possible NanoCore C2 60B497451133192.168.2.779.134.225.26
                                                        05/03/21-11:37:19.689841TCP2025019ET TROJAN Possible NanoCore C2 60B497461133192.168.2.779.134.225.26
                                                        05/03/21-11:37:29.259378TCP2025019ET TROJAN Possible NanoCore C2 60B497501133192.168.2.779.134.225.26
                                                        05/03/21-11:37:35.503934TCP2025019ET TROJAN Possible NanoCore C2 60B497591133192.168.2.779.134.225.26
                                                        05/03/21-11:37:41.765593TCP2025019ET TROJAN Possible NanoCore C2 60B497601133192.168.2.779.134.225.26
                                                        05/03/21-11:37:48.076433TCP2025019ET TROJAN Possible NanoCore C2 60B497611133192.168.2.779.134.225.26
                                                        05/03/21-11:37:54.385213TCP2025019ET TROJAN Possible NanoCore C2 60B497621133192.168.2.779.134.225.26
                                                        05/03/21-11:38:00.574763TCP2025019ET TROJAN Possible NanoCore C2 60B497631133192.168.2.779.134.225.26

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 3, 2021 11:35:57.175148964 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:35:57.595338106 CEST11334970779.134.225.26192.168.2.7
                                                        May 3, 2021 11:35:57.595468044 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:35:57.731946945 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:35:58.683852911 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:35:59.095221043 CEST11334970779.134.225.26192.168.2.7
                                                        May 3, 2021 11:35:59.095515966 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:35:59.475019932 CEST11334970779.134.225.26192.168.2.7
                                                        May 3, 2021 11:35:59.625859976 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:35:59.975164890 CEST11334970779.134.225.26192.168.2.7
                                                        May 3, 2021 11:35:59.975369930 CEST497071133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:03.701108932 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:04.056865931 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:04.056981087 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:04.057657957 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:04.483517885 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:04.483618975 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:04.535276890 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:04.535418987 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:04.915105104 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:04.915201902 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:05.275497913 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:05.277007103 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:05.735222101 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:05.735450983 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:05.873095989 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:06.155128956 CEST11334971679.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:06.155272961 CEST497161133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:09.895852089 CEST497211133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:10.295373917 CEST11334972179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:10.295598984 CEST497211133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:10.300646067 CEST497211133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:11.184920073 CEST497211133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:12.092092037 CEST497211133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:12.483063936 CEST11334972179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:12.483128071 CEST497211133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:16.109191895 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:16.535310984 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:16.535440922 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:16.535953999 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:16.975370884 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:16.975955009 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:17.075939894 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:17.076164007 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:17.455312014 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:17.458092928 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:17.564977884 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:17.565160036 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:17.863342047 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:17.864617109 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:18.236253977 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:18.483088017 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:18.835776091 CEST11334972479.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:18.835900068 CEST497241133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:22.543319941 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:22.895484924 CEST11334972579.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:22.895659924 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:23.134715080 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:23.857887030 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:24.216471910 CEST11334972579.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:24.216588974 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:24.623435974 CEST11334972579.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:24.936151028 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:24.936708927 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:25.323057890 CEST11334972579.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:25.324203014 CEST497251133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:28.954962015 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:31.967937946 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:32.355309963 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:32.355513096 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:32.356162071 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:32.755695105 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:32.755803108 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:32.935302019 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:32.936120033 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:33.225116968 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:33.227468014 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:33.355937958 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:33.358747959 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:33.776004076 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:34.218465090 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:34.623622894 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:34.623821020 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:37.735433102 CEST11334972879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:37.735807896 CEST497281133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:38.235639095 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:38.603579044 CEST11334972979.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:38.603712082 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:38.604790926 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:39.037123919 CEST11334972979.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:39.037262917 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:39.178581953 CEST11334972979.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:39.178910017 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:39.562207937 CEST11334972979.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:39.796814919 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:40.223459959 CEST11334972979.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:40.422703028 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:40.819509983 CEST11334972979.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:40.819602966 CEST497291133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:44.439085960 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:44.806266069 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:44.806550026 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:44.807677984 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:45.243351936 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:45.243669033 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:45.315788984 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:45.316051960 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:45.675178051 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:45.675410986 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:46.054255962 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:46.054393053 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:46.524089098 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:46.524578094 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:46.704169035 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:46.971729040 CEST11334973079.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:46.972565889 CEST497301133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:50.720520020 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:51.121427059 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:51.124901056 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:51.125432014 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:51.575300932 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:51.575481892 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:51.663295984 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:51.663439035 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:51.995423079 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:51.995719910 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:52.055345058 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:52.404304981 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:52.404422045 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:52.855268002 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:52.855398893 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:52.939629078 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:53.335131884 CEST11334973179.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:53.335197926 CEST497311133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:56.955949068 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:57.376564026 CEST11334973879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:57.380486965 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:57.381213903 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:58.204518080 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:58.575469017 CEST11334973879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:58.575623035 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:58.972543955 CEST11334973879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:59.330426931 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:36:59.735358953 CEST11334973879.134.225.26192.168.2.7
                                                        May 3, 2021 11:36:59.735481977 CEST497381133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:03.431855917 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:03.895447969 CEST11334974479.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:03.895607948 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:03.896572113 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:04.362009048 CEST11334974479.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:04.362688065 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:04.404028893 CEST11334974479.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:04.404421091 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:04.755207062 CEST11334974479.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:04.761480093 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:05.642630100 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:05.799334049 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:06.024451017 CEST11334974479.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:06.024600029 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:06.155391932 CEST11334974479.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:06.155472994 CEST497441133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:09.816222906 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:12.815054893 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:13.223360062 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:13.223948956 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:13.224490881 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:13.663769960 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:13.663918972 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:13.735486031 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:13.736114025 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:14.075105906 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:14.075207949 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:14.472498894 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:14.472604036 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:14.995152950 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:14.995335102 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:15.221925974 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:15.395771980 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:15.395848036 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:15.575145960 CEST11334974579.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:15.575259924 CEST497451133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:19.251374960 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:19.685560942 CEST11334974679.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:19.689208984 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:19.689841032 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:20.550096989 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:20.896074057 CEST11334974679.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:20.896208048 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:21.315521002 CEST11334974679.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:21.727108955 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:22.095381021 CEST11334974679.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:22.095489025 CEST497461133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:25.739156008 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:28.893728018 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:29.255350113 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:29.255439997 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:29.259377956 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:29.675230026 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:29.675394058 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:29.835203886 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:29.836247921 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:30.095314026 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:30.095423937 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:30.283109903 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:30.283220053 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:30.551378012 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:30.553307056 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:30.743343115 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:30.743438959 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:30.975174904 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:30.975298882 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:31.113794088 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:31.135611057 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:31.135684013 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:31.303210974 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:31.303330898 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:31.344166994 CEST11334975079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:31.344243050 CEST497501133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:35.130980015 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:35.503276110 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:35.503386021 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:35.503933907 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:35.959127903 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:35.959300995 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:36.038273096 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:36.038470984 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:36.435445070 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:36.435661077 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:36.777559996 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:36.777698040 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:37.255541086 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:37.255662918 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:37.349136114 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:37.635200024 CEST11334975979.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:37.635289907 CEST497591133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:41.366235971 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:41.764653921 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:41.764853001 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:41.765593052 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:42.295483112 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:42.295746088 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:42.415210962 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:42.415417910 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:42.695240974 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:42.695467949 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:42.855477095 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:42.855736017 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:43.063380957 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:43.063657999 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:43.275245905 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:43.275389910 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:43.495148897 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:43.495332956 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:43.615475893 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:43.911772013 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:43.912015915 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:44.015336037 CEST11334976079.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:44.015667915 CEST497601133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:47.635305882 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:48.075356007 CEST11334976179.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:48.075469971 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:48.076432943 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:48.503351927 CEST11334976179.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:48.503626108 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:48.617268085 CEST11334976179.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:48.617419958 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:48.955564022 CEST11334976179.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:48.955677986 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:49.375871897 CEST11334976179.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:49.376141071 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:49.943365097 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:49.975102901 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:50.369410038 CEST11334976179.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:50.369503021 CEST497611133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:53.993360996 CEST497621133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:54.384253025 CEST11334976279.134.225.26192.168.2.7
                                                        May 3, 2021 11:37:54.384483099 CEST497621133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:54.385212898 CEST497621133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:55.162393093 CEST497621133192.168.2.779.134.225.26
                                                        May 3, 2021 11:37:56.194441080 CEST497621133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:00.211968899 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:00.573558092 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:00.573913097 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:00.574763060 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:01.012358904 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:01.075212955 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:01.075807095 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:01.447921991 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:01.449681997 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:01.895262957 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:02.023863077 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:02.049216986 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:02.394028902 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:02.409523010 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:02.823709965 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:02.824639082 CEST497631133192.168.2.779.134.225.26
                                                        May 3, 2021 11:38:03.223331928 CEST11334976379.134.225.26192.168.2.7
                                                        May 3, 2021 11:38:03.223412991 CEST497631133192.168.2.779.134.225.26

                                                        Code Manipulations

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Start time:11:35:52
                                                        Start date:03/05/2021
                                                        Path:C:\Users\user\Desktop\b2NaDSFu9T.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\b2NaDSFu9T.exe'
                                                        Imagebase:0x7c0000
                                                        File size:1141760 bytes
                                                        MD5 hash:042AA11C6D49E1CCA5923F02D1B0A5AE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.258945318.0000000002F4B000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, Author: Florian Roth
                                                        • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.260256472.0000000003F11000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                        Reputation:low

                                                        General

                                                        Start time:11:35:54
                                                        Start date:03/05/2021
                                                        Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                        Imagebase:0x750000
                                                        File size:32768 bytes
                                                        MD5 hash:71369277D09DA0830C8C59F9E22BB23A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Reputation:moderate

                                                        Disassembly

                                                        Code Analysis

                                                        Reset < >

                                                          Executed Functions

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: JG.l
                                                          • API String ID: 0-4013676639
                                                          • Opcode ID: 4008f28e5a5d9efb2dd457c5d20a847928be68c676d20cc0db2e6f4b05660bde
                                                          • Instruction ID: e21153417aea2a48a55ded0465865d57314f04764ccf5a9ad3def857d1660fe3
                                                          • Opcode Fuzzy Hash: 4008f28e5a5d9efb2dd457c5d20a847928be68c676d20cc0db2e6f4b05660bde
                                                          • Instruction Fuzzy Hash: 8BE1A1B0D09209DFDB09CFA8C5904EEFBB5FF59310B9495A9D402AB261D734EA41CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: JG.l
                                                          • API String ID: 0-4013676639
                                                          • Opcode ID: d25247ee5c6f5ffc371ee607abcedfd8dd438eaaee031e2415e12014d96f4f6e
                                                          • Instruction ID: fefce9fca6c79ce8e262c20d57586fb525736610d459b558122cdff69036a471
                                                          • Opcode Fuzzy Hash: d25247ee5c6f5ffc371ee607abcedfd8dd438eaaee031e2415e12014d96f4f6e
                                                          • Instruction Fuzzy Hash: DDE1B1B0D05209CFDB19CFA8C5908EEFBB5FF99310B5495A9D402AB261D734EA41CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL ref: 04F6006D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262954234.0000000004F60000.00000040.00000001.sdmp, Offset: 04F60000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 154a8064bdc9008b486cc83170e047085b650054d30a0ed40d44fa92110c2b82
                                                          • Instruction ID: 30267a73fde84361b57cccf8ff22a1c5675109c756a4ba8b27c9cc3083b647f9
                                                          • Opcode Fuzzy Hash: 154a8064bdc9008b486cc83170e047085b650054d30a0ed40d44fa92110c2b82
                                                          • Instruction Fuzzy Hash: D21194714097C0AFD7228F25DC44A52FFB4EF16214F0884DFED858B563D276A519CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL ref: 04F6006D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262954234.0000000004F60000.00000040.00000001.sdmp, Offset: 04F60000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 40194bdacf49e5680c8246b9baed24bd7850f24761fef586d07969c4b211be56
                                                          • Instruction ID: ef00b5aa1afce374f2673404c4461e28468d2816af49ccf88fa0ba0913c72394
                                                          • Opcode Fuzzy Hash: 40194bdacf49e5680c8246b9baed24bd7850f24761fef586d07969c4b211be56
                                                          • Instruction Fuzzy Hash: 8A018F31900740DFDB20CF59E884B61FFA0EF08724F18C49ADD8A4B252D275A419DB72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: JG.l
                                                          • API String ID: 0-4013676639
                                                          • Opcode ID: df23fe7c689988ed0977a91fc8e3f11a5ebee59f8c7acafa641a21bc161deb9b
                                                          • Instruction ID: 9516d213ea78062c39899ed8ae32be87e28bf69cee4a412eebe3c5cb1d8bf081
                                                          • Opcode Fuzzy Hash: df23fe7c689988ed0977a91fc8e3f11a5ebee59f8c7acafa641a21bc161deb9b
                                                          • Instruction Fuzzy Hash: 98C14C70D0520ADFCB15CFA4D6808AEFBB1FF49350B6495A9C402BB264D734EA81CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 1?~
                                                          • API String ID: 0-4217192049
                                                          • Opcode ID: 459958b649fde50bddec87cad26ffb8e13b58a36278ea44cb17645d3d56e5d10
                                                          • Instruction ID: 45e91dbe15a81042b57b2776f10961c68359667316407257d9055ed2a5cf2a6d
                                                          • Opcode Fuzzy Hash: 459958b649fde50bddec87cad26ffb8e13b58a36278ea44cb17645d3d56e5d10
                                                          • Instruction Fuzzy Hash: 3AA146B4E05249DFCB04CFA9C8956ADBFF2FF99300F1480AAD406AB265DB359942CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 1?~
                                                          • API String ID: 0-4217192049
                                                          • Opcode ID: c8999cb47b74efd99fff37c082d4a8ddc3d88a813f7881ea7d7f9b0c52ee0885
                                                          • Instruction ID: 442047acc3f8376cadc038c3814411e3bc279d306a903b0db004cf799b00e840
                                                          • Opcode Fuzzy Hash: c8999cb47b74efd99fff37c082d4a8ddc3d88a813f7881ea7d7f9b0c52ee0885
                                                          • Instruction Fuzzy Hash: 0071D374D05219DFCF44CFA9C984AADBBF2FF88300F24816AD415AB264DB355A41CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b43b8105b20ae7a2356d9b536e62f140a58202a167cdc8a63c582ecab21c223d
                                                          • Instruction ID: 5e7e212ebf6556931eb748e2e6523eb4b4756ffd2e45b4e86ecc35f2d129dead
                                                          • Opcode Fuzzy Hash: b43b8105b20ae7a2356d9b536e62f140a58202a167cdc8a63c582ecab21c223d
                                                          • Instruction Fuzzy Hash: 64814EB1E056988BDB19CF7B98512D9FFF7AFD5200F18C0FAC448AB225EA3009468F41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262940960.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 374166808f40b6040a253c5df1f3663a2a5a45067b93d61d451b2846854ae904
                                                          • Instruction ID: fb2ebb4fb89bb93e9a3ce19095d28ca3c84fc44eb5eafeb91fe45c031648bd4a
                                                          • Opcode Fuzzy Hash: 374166808f40b6040a253c5df1f3663a2a5a45067b93d61d451b2846854ae904
                                                          • Instruction Fuzzy Hash: DF618F71E19219DFCB14CFE4E5845ADFBB5FB4A300F00691AD906BB268EB34A902CF05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a0c41b7d6dbde478c8b2e53e7680e7ec2aeac530f1dc341ee9d087463e391ff
                                                          • Instruction ID: effeea3e69c1bf30b90a0910059d9f8c75b146a217938eabd78cce7ae8ba9dc6
                                                          • Opcode Fuzzy Hash: 6a0c41b7d6dbde478c8b2e53e7680e7ec2aeac530f1dc341ee9d087463e391ff
                                                          • Instruction Fuzzy Hash: 09512970D052199FDF08CFA6C8846AEBBF2FB89310F14D1AAC516B7260D7349941CF65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 088bbc1c1bdc48fd778fc80494a5848b2c0690ab96dd66d847d7b2ab8a616d02
                                                          • Instruction ID: 4acf98b517feb1cf5d126e480c1fe45cbefa57006a0dfeb3708ae21adfaed5be
                                                          • Opcode Fuzzy Hash: 088bbc1c1bdc48fd778fc80494a5848b2c0690ab96dd66d847d7b2ab8a616d02
                                                          • Instruction Fuzzy Hash: F9512771D092198FDF08CFA6C8806AEFBF2EB88310F14D1AAC525B7261D7349941CF69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3f308fb852a513e0f194c3ca7a0b344aec0214f57ad09775de6621dcbc279a2
                                                          • Instruction ID: 61d0b983807b72ec07f5c82736ab83ba56fbc2719d5856a56b5a8dc7449cdf4e
                                                          • Opcode Fuzzy Hash: c3f308fb852a513e0f194c3ca7a0b344aec0214f57ad09775de6621dcbc279a2
                                                          • Instruction Fuzzy Hash: 9951DF74D05609DFCB04CFA8C580AAEFBF6FB88300F2481EAD415AB255C734AA41CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4dd9ce14634a35fafba1eb693b7c4f6c0c1c65f00a747fc834bf32976041696e
                                                          • Instruction ID: 10d2926dcced4d574e907f65b7e029b2975174e1150a1a56962f1915c3b23eaf
                                                          • Opcode Fuzzy Hash: 4dd9ce14634a35fafba1eb693b7c4f6c0c1c65f00a747fc834bf32976041696e
                                                          • Instruction Fuzzy Hash: CD510470D052199FDF08CFA6C5806AEFBF2EB88310F14D1AAD529B7254D7349A41CF69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 41cb01906f0437eee6f7dd388257cbb862f06629a37dce18add4df7675ab25dc
                                                          • Instruction ID: 342701516050fde1f7b2b0ee8bdc85e073c90485ff552cd8a4431d84a837a36e
                                                          • Opcode Fuzzy Hash: 41cb01906f0437eee6f7dd388257cbb862f06629a37dce18add4df7675ab25dc
                                                          • Instruction Fuzzy Hash: BF31D7B1E016189FEB18CFAAD84079EFBF7BFC9310F14C1AAD408A6254DB705A818F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75ce87347c620d5567c6e30b1e0bf7fa5041dffcafa612329f7604a9eef6c3ee
                                                          • Instruction ID: 8004a1914f210155db8619ce1832bd49166bbc181430be0554d8bf0f6de4d0cb
                                                          • Opcode Fuzzy Hash: 75ce87347c620d5567c6e30b1e0bf7fa5041dffcafa612329f7604a9eef6c3ee
                                                          • Instruction Fuzzy Hash: 7821C571E016189FEB18CF6BD84069EFAF7AFC9210F18C1BAD808AB254DB345942CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c95933b3823848b1745754ad21ec1c26f5ac9efbcc68080830967deaa77c214d
                                                          • Instruction ID: c5a16a10627a99022b9a7331322dbb119990e529d4e3088e07a32f54c2c95f80
                                                          • Opcode Fuzzy Hash: c95933b3823848b1745754ad21ec1c26f5ac9efbcc68080830967deaa77c214d
                                                          • Instruction Fuzzy Hash: 0E21E6B1E006188BEB18CF9BD8443DEFBF6AFC9310F14C16AD508AA258DB751955CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a9f8cc0b2a54f2e4005ddec6242ab18f0ef12fd3765ee832aee40d4323128de
                                                          • Instruction ID: e2d057bcbee01a8a97924f3300fd0e0ac58cc92500bd024834b5804ffd1027c9
                                                          • Opcode Fuzzy Hash: 6a9f8cc0b2a54f2e4005ddec6242ab18f0ef12fd3765ee832aee40d4323128de
                                                          • Instruction Fuzzy Hash: 3B21BA71E116189FEB18CF6BD84068EBAF3AFC9300F18C1B6D848AB254DB745942CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dca7088c98464f97edd63e110c163f2bab34f19e8943f73dd0d3b309cc33187a
                                                          • Instruction ID: b927d09fc8130d7c452c9c1a99c3f8b02f7ff595610a162adac14fa245873164
                                                          • Opcode Fuzzy Hash: dca7088c98464f97edd63e110c163f2bab34f19e8943f73dd0d3b309cc33187a
                                                          • Instruction Fuzzy Hash: 9821EAB0D046588BEB18CFA6D8443DEBBF2AFC9310F14C1AAD409AA254DB741946CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 04F601B9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262954234.0000000004F60000.00000040.00000001.sdmp, Offset: 04F60000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 2591fa93fbfd54eae06192ede72ab5aeb139b2b989223d372616e531f1f87527
                                                          • Instruction ID: c480f5a4d542fba6a1dfbfc26b07df35ada805b26fec5cc4db6b48896dc24e3d
                                                          • Opcode Fuzzy Hash: 2591fa93fbfd54eae06192ede72ab5aeb139b2b989223d372616e531f1f87527
                                                          • Instruction Fuzzy Hash: 4A218C714093C09FDB238F25DC44A52FFB4EF17210F0985DBE9858F163D225A959DB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 04F601B9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262954234.0000000004F60000.00000040.00000001.sdmp, Offset: 04F60000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: fdbc1816fbc60a271d6bbf74c853559d148f4085344f11c752f09e335bc977a9
                                                          • Instruction ID: 89448642daf3f3e3db2a12e1b8e0394c102557c71ede6df4eb6d35f7b78fa3b2
                                                          • Opcode Fuzzy Hash: fdbc1816fbc60a271d6bbf74c853559d148f4085344f11c752f09e335bc977a9
                                                          • Instruction Fuzzy Hash: 53017C359003449FDB20CF45D884B65FBA0EF04320F18849ADD4A4B256D375A559DF62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 331496e7bd2a5175c89e05cf5d748fb2878de957aa4adeb154588f307ce5e96b
                                                          • Instruction ID: c3a163091f2d16c37cf7a315c55e114424e245956e5c57c69c085d4a84081459
                                                          • Opcode Fuzzy Hash: 331496e7bd2a5175c89e05cf5d748fb2878de957aa4adeb154588f307ce5e96b
                                                          • Instruction Fuzzy Hash: 1231E875E116289BDF24CFAAD841BADBBB6EF89300F4480EAD609A7351D7705A80CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <
                                                          • API String ID: 0-4251816714
                                                          • Opcode ID: fbda003f5782481dc9209147b548676267feb6c7e7fad1570126cefee52954f0
                                                          • Instruction ID: 46e965c8294866eaa38f282e468810c034ba7c321387c429846f041be5c8e75f
                                                          • Opcode Fuzzy Hash: fbda003f5782481dc9209147b548676267feb6c7e7fad1570126cefee52954f0
                                                          • Instruction Fuzzy Hash: 27F06274C08328CBDBA4CF25D884AD8BB75BB5A304F2086EDC00977264CB325AC1DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @~ws
                                                          • API String ID: 0-1296895436
                                                          • Opcode ID: b0fbd0f88350aa8b481ca35d473f2749b1ab7c63dfae4ae32d38b082c81e66b3
                                                          • Instruction ID: 60c8a8300bcfab7a1d153481b3c3473f6f9b5b88aef5cce96190fc11021a777f
                                                          • Opcode Fuzzy Hash: b0fbd0f88350aa8b481ca35d473f2749b1ab7c63dfae4ae32d38b082c81e66b3
                                                          • Instruction Fuzzy Hash: BDC01274C082098BDF90CFA1C841BADB3BAAB46300F20A0F69009A7200EA344A40CF1A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49a1f9e48de55fb7a201f80353ec8bf5c93046474b24014935862de9f82aa729
                                                          • Instruction ID: a579069f8d98651b7029182183e628b8267f6afb9f878c58f62b1fabee5bc19b
                                                          • Opcode Fuzzy Hash: 49a1f9e48de55fb7a201f80353ec8bf5c93046474b24014935862de9f82aa729
                                                          • Instruction Fuzzy Hash: 7291C274E01218CFDB14DFA9C894BADBBF2BF49314F1045A9D409AB3A1DB359985CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aaef2cd33589bf245cc1b7a002de7750c845989b3e1ccbdedf55bf59cc97c8fc
                                                          • Instruction ID: 898edd1dbdaaaf5c0262d31b2328433fb3c8597ecd5214a575a9c71a2fe6d48a
                                                          • Opcode Fuzzy Hash: aaef2cd33589bf245cc1b7a002de7750c845989b3e1ccbdedf55bf59cc97c8fc
                                                          • Instruction Fuzzy Hash: D871E374D00218CFDB64DFA9C894BADBBF2BF49314F1085A9D409AB3A1DB359985CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 41bbbf2c204ee624a0c2aed2bb154f2212b875e9b3e9062e42b82cd19c96a3fa
                                                          • Instruction ID: ca39c62eb6db2394f25b26fae0b4cbac49c01a2f9edc51df4d911aa4bd1d631b
                                                          • Opcode Fuzzy Hash: 41bbbf2c204ee624a0c2aed2bb154f2212b875e9b3e9062e42b82cd19c96a3fa
                                                          • Instruction Fuzzy Hash: 8471D775A002198FCF15CF68D880BA9BBB2BF49314F5485E5D918AB35AD730E982CF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7286debe232a7d7c130923461fea2bb3f8552514e518fee3318c6d6a0e3c40bc
                                                          • Instruction ID: 10211fe151123c31f7f65fadf0b4ff3099382810a8c2c6939ce2d0eaf252316f
                                                          • Opcode Fuzzy Hash: 7286debe232a7d7c130923461fea2bb3f8552514e518fee3318c6d6a0e3c40bc
                                                          • Instruction Fuzzy Hash: 6A61F974E04144AFCB04DFA9D480A9CFBB2BF49324F58C2E5D958AB35AC730E982CB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0a28117b51358327538c61127a740c14594f970f97e0ea53da38baad3d34e0d
                                                          • Instruction ID: 24355cf365fe8ab173824270e34c4dafbcb66210001fff17eedb1bb2c75b3dea
                                                          • Opcode Fuzzy Hash: c0a28117b51358327538c61127a740c14594f970f97e0ea53da38baad3d34e0d
                                                          • Instruction Fuzzy Hash: 9751CE74D0560ADFCB04DF99C580AAEFBF6FB88300F2495AAD415BB254D730AA41CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7398f2fb25d266ae24c06b95c47beda867eba5094b1c1efd5a438c54e5c5fb21
                                                          • Instruction ID: 4dc6e88b4fffcdb61d1707a773efddb4253b68d16b7b1b499e97ffc247dcc714
                                                          • Opcode Fuzzy Hash: 7398f2fb25d266ae24c06b95c47beda867eba5094b1c1efd5a438c54e5c5fb21
                                                          • Instruction Fuzzy Hash: ED516E70901249CFEB14EF64E984A9DBFB9FB88310F1181A9E809E7354DB70AD86CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0707c43ee7d3781157ff5527ea42324ef9a1f73ac2f79ec92994e3fb970ef99a
                                                          • Instruction ID: 0ae3bed54aca8910d6b20327de2f53e8b9f5f48270869a9c8d9f6e501a6058e3
                                                          • Opcode Fuzzy Hash: 0707c43ee7d3781157ff5527ea42324ef9a1f73ac2f79ec92994e3fb970ef99a
                                                          • Instruction Fuzzy Hash: 41519D78A08618DFDF10DFA9C884BADBBF1EB4D310F1044A9E506AB3A1D734A941DF60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fdc5607777097ab0d471339b81fefa786da806ca8401758d98f41681c4eceeb2
                                                          • Instruction ID: 343d254b9f0b7bb8b8c8a012f247d95c9ebf5c174e74ceaaf062cfdc04dc486a
                                                          • Opcode Fuzzy Hash: fdc5607777097ab0d471339b81fefa786da806ca8401758d98f41681c4eceeb2
                                                          • Instruction Fuzzy Hash: 8E416BB8A04618DFDF10DFA9C884BADBBF1EB4D310F1054A5E906AB3A1D734A940DF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 210281fc40a396e1ac41d1d8bc669cb36811ccfaf0b015c94a940a4d08853407
                                                          • Instruction ID: 400ca7683df57049aa44d8191f5ddd3df48bb43cffc20549bf7b89976462ae3c
                                                          • Opcode Fuzzy Hash: 210281fc40a396e1ac41d1d8bc669cb36811ccfaf0b015c94a940a4d08853407
                                                          • Instruction Fuzzy Hash: 7E410771D002098FCF09DFEAD8445EEBBB2BF89314F14C56AD414BB268DB715946CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1299e9952c8f0de6dd435912d02267bef1a895e5f83ca8ea432aad4826641f77
                                                          • Instruction ID: 57d5fd1ffef1e3be279041567dae5ab0d5aa63079654b4efd9b53688f63c855a
                                                          • Opcode Fuzzy Hash: 1299e9952c8f0de6dd435912d02267bef1a895e5f83ca8ea432aad4826641f77
                                                          • Instruction Fuzzy Hash: 8541F771D002098FCF08DFEAD8405AEFBB2BF89314F14C56AD514BB268DB715946CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec22321b1bfbb58f752dc69aef842a23a2c3c9fa43803ad0e4a49ab7b8258c98
                                                          • Instruction ID: 4fa19946764c49aaaf3599d1022f4136d8aa63b5bba7c4e1a93bd506588af3da
                                                          • Opcode Fuzzy Hash: ec22321b1bfbb58f752dc69aef842a23a2c3c9fa43803ad0e4a49ab7b8258c98
                                                          • Instruction Fuzzy Hash: 7F314870D25218DFDB08DFA9E5809DEBBF5FB8A240F14A46AE409F7214D7309940CF68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7aa2850e9582dd6d3ec8122bc398c9e3fd567107ef4ca6569e8fcbeb5e86212e
                                                          • Instruction ID: cb5e27f5b2877710844212ee82ed9a73bc3ebd8dbd6c4e507c4d07d316e0cc3f
                                                          • Opcode Fuzzy Hash: 7aa2850e9582dd6d3ec8122bc398c9e3fd567107ef4ca6569e8fcbeb5e86212e
                                                          • Instruction Fuzzy Hash: 1931B4B4D05209DFCB48DFA9D980A9DBBF2FF88310F11856AE804A7364D7355941DF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2c39eb357b670e3e722469d00269fe32f4cba823484926fe8959a0362e0f679
                                                          • Instruction ID: c58393f934823b1e63130948e48811843b0a16e0373f92c696b60798b415a032
                                                          • Opcode Fuzzy Hash: b2c39eb357b670e3e722469d00269fe32f4cba823484926fe8959a0362e0f679
                                                          • Instruction Fuzzy Hash: B03172B4E11219DFDB48DFA9D980AAEBBF2BF88300F108569E805B7364DB316941DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7b847150dfd74952803febee7a730663c1d521ba5091289d7f268a495d508c2
                                                          • Instruction ID: 9c293e1018d99db93789cec06ce3151afc845e90567289db6ff0f206fbddc728
                                                          • Opcode Fuzzy Hash: e7b847150dfd74952803febee7a730663c1d521ba5091289d7f268a495d508c2
                                                          • Instruction Fuzzy Hash: 4E31E674D04209DFCB44CFA9C480AAEBBF1FB89310F1195AAD815A7754D778AA41CF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 89ad6e0e3f3b43475edda4885943fbad5363d52b5ecf02924953f3c2c5842c71
                                                          • Instruction ID: f519ba0d89a2fad15120cc5e20c0e5f21abac8e860131a2d0d47f564da4b91f2
                                                          • Opcode Fuzzy Hash: 89ad6e0e3f3b43475edda4885943fbad5363d52b5ecf02924953f3c2c5842c71
                                                          • Instruction Fuzzy Hash: BE312874E0420ADFCB04CFAAC48199EBBF1FF89300F2599EAD415AB254D734AA41CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b52928f68202053126445cfb83cd418655da2d319817d2bf1e600aef9ec9e0b
                                                          • Instruction ID: 0226882aa4e6964e8d7e69ca4403b746906004b874005d064de43fe6de38eef3
                                                          • Opcode Fuzzy Hash: 4b52928f68202053126445cfb83cd418655da2d319817d2bf1e600aef9ec9e0b
                                                          • Instruction Fuzzy Hash: 5531E874D04209DFCB44CF99C480AAEBBF5FB88300F1195AAD815A7714D774AA41CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cd4e21b15d418d5438e93f8edcb60eb6600aed96ace28f6d35a0331179e4b5a
                                                          • Instruction ID: e790b1030892636464525ce1f660937d7058b88b8d2d10bb92ce2e28706e4d16
                                                          • Opcode Fuzzy Hash: 4cd4e21b15d418d5438e93f8edcb60eb6600aed96ace28f6d35a0331179e4b5a
                                                          • Instruction Fuzzy Hash: 032117B0E04609EFCB08CF9AC58199EBBF5FF88300F2099EAD415AB214D734AA41CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 850a4d926d55781a5b865cf844c2ec946d1af5b52e5bc2fd39efb8a5a5cfc3cb
                                                          • Instruction ID: 732870ec4749cc0974a45e1e5a9694562252c8ec416d973db702bd09773cec3c
                                                          • Opcode Fuzzy Hash: 850a4d926d55781a5b865cf844c2ec946d1af5b52e5bc2fd39efb8a5a5cfc3cb
                                                          • Instruction Fuzzy Hash: A611966080E3C49FD7179B7488767AA7FB09F07214F1944DFD481DB293D5295909C7A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fd34e9a57646b787221c270c586bacea981b49f6d315587f2f846e65be85cc8
                                                          • Instruction ID: 0420a48fe534753fb1f874d692ad33cb1603d113fdd7b01865d21019c2b4a999
                                                          • Opcode Fuzzy Hash: 5fd34e9a57646b787221c270c586bacea981b49f6d315587f2f846e65be85cc8
                                                          • Instruction Fuzzy Hash: 773182B4E11218DFCB54DFA8D984A9CBBB2FF49304F6081AAD809E7361DB31A941DF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28a20121b0d5677a6e015d70631692226894151b45595aaed6cd12cca52a2cab
                                                          • Instruction ID: d9ac56e60e3f68134203997a02a985750ef6cf183e8308905c81d4defddc94e3
                                                          • Opcode Fuzzy Hash: 28a20121b0d5677a6e015d70631692226894151b45595aaed6cd12cca52a2cab
                                                          • Instruction Fuzzy Hash: 3B21F4B4E19209DFCF04CFA5D5855AEBBB6FB88300F20D5AAC805A7354DB349A42CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f3b2cc151c8d75df93a40b71a9d2c62976ca6d6c3cf9fe568da144de81f043a
                                                          • Instruction ID: e73924e64450ea02ec2e27144792ae3d48dcb9fa8b18c5bd5bce8316f64a39e3
                                                          • Opcode Fuzzy Hash: 8f3b2cc151c8d75df93a40b71a9d2c62976ca6d6c3cf9fe568da144de81f043a
                                                          • Instruction Fuzzy Hash: 4D01D630D09209DFCB05DFB0D9A959CBF71FB42200F24C1FAC80597256CA344916EF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a92578688b702f1d8bbc78a24fbe0f27d07745b1851171f48c62ea23f6af316
                                                          • Instruction ID: 266b04472875287497d4682347bf2d4fdda8a1d463796cde12ec89408e1de88d
                                                          • Opcode Fuzzy Hash: 2a92578688b702f1d8bbc78a24fbe0f27d07745b1851171f48c62ea23f6af316
                                                          • Instruction Fuzzy Hash: B0214A3090024EDFCB54EBA8E99589DBBB1FF40304B254169E501E7266DB786E09EF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258347590.0000000002BC0000.00000040.00000040.sdmp, Offset: 02BC0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 763c194aa2247cebbc92443d4670a2f9d8bfd7eaf308b690ea5fbbc3b88fdb9b
                                                          • Instruction ID: 2f5e1ae4bad6cb6876e87e3920dd9e60c90f48f0d18f913a0f62c3d5ef8f6cc8
                                                          • Opcode Fuzzy Hash: 763c194aa2247cebbc92443d4670a2f9d8bfd7eaf308b690ea5fbbc3b88fdb9b
                                                          • Instruction Fuzzy Hash: 8911B434208244DFD719DB14D980B26BB95EB88B18F38C9EEE9495B652C77BD803CE51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258347590.0000000002BC0000.00000040.00000040.sdmp, Offset: 02BC0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cedb13624501921af66646faa0be289b66e21dd921bdb301842e159604a077a8
                                                          • Instruction ID: a4af1ca432ec2c3eb020212acb6f78e5a96f410533478fe87f099416c02abe60
                                                          • Opcode Fuzzy Hash: cedb13624501921af66646faa0be289b66e21dd921bdb301842e159604a077a8
                                                          • Instruction Fuzzy Hash: EB214C355093C4DFD7078B60C890755BFB1AF46308F2989EFD8845B6A3C33A9806CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6277ea69588cf1a860a3f044610960b577434e41e177d151d873641bcb360e4b
                                                          • Instruction ID: f13adaed6917e3fb5b8745b54f52e3fcfb3f3c862781bd82140550de75dd1b79
                                                          • Opcode Fuzzy Hash: 6277ea69588cf1a860a3f044610960b577434e41e177d151d873641bcb360e4b
                                                          • Instruction Fuzzy Hash: 5F212C74D0924ADFCF50EFA4E884AEEBBB0FB45340F2055AAE806B3214D7355A45CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f2c5ee0793f94e80c714b84bc7b1573a34d01b0bdeb04baeec289256edd1202
                                                          • Instruction ID: 4e858ea2351ddee606bb8533baee0a0f692bebfb40c21a84dbaa8ab33286b904
                                                          • Opcode Fuzzy Hash: 0f2c5ee0793f94e80c714b84bc7b1573a34d01b0bdeb04baeec289256edd1202
                                                          • Instruction Fuzzy Hash: 7F115670D08208EFCB29CFA9D88099DFBF1EF89240B54D6AAD011AB210E3389B15DF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efb576723894957307edd3bbb86f774185cba464bd2671b01f941c2d6f8bfc64
                                                          • Instruction ID: d46197660e0354d7ec1862a5fc9cccabf46c1376207e3ea2acafad153c02edf2
                                                          • Opcode Fuzzy Hash: efb576723894957307edd3bbb86f774185cba464bd2671b01f941c2d6f8bfc64
                                                          • Instruction Fuzzy Hash: AF114C70D15209EBEF04DFA9D9415ADBBB9FF85310F2094AAD40AE7244D7305A00DF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 957179336236e64ac30903c134ba1f2cb775460d731e50e60ff9271cbb5205be
                                                          • Instruction ID: ecc1d120ada56da8b6c57ab12805eb3b12d8aef79f3f1ee19c6f9ff8e12ea4bb
                                                          • Opcode Fuzzy Hash: 957179336236e64ac30903c134ba1f2cb775460d731e50e60ff9271cbb5205be
                                                          • Instruction Fuzzy Hash: DD111374D04208EFCB29CFA9D98099DFBB5EF88340F54D5AAD415AB210E7359B11DF84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca05ba4f595871c41863e3bfe3b923bc25f5d61dfc3d73ab212a1480fe4ccece
                                                          • Instruction ID: e374c288236b62490fd8a888baf1121214ff6f3b24ec3d2927f1572a6e6a5a20
                                                          • Opcode Fuzzy Hash: ca05ba4f595871c41863e3bfe3b923bc25f5d61dfc3d73ab212a1480fe4ccece
                                                          • Instruction Fuzzy Hash: CD113D3090020EDBCB54FFA8E99599DBBB1FF40704B114168E501A7366DB786E09EF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c5480c7d3160d31946aab3b17bce393c7e3ae0f8865d2a10e847586565cf5e3
                                                          • Instruction ID: 7821ff961a9ce4416306478b4bbf73b64aac8bd7285254b60d4a1902fcaaeb9c
                                                          • Opcode Fuzzy Hash: 8c5480c7d3160d31946aab3b17bce393c7e3ae0f8865d2a10e847586565cf5e3
                                                          • Instruction Fuzzy Hash: F211E874D0520EDBCF20EFA4E884AEEBBB1FB44340F2059A5E805B3214D7315A55CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258347590.0000000002BC0000.00000040.00000040.sdmp, Offset: 02BC0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30751fbc213978199e8f5b9913e399bfc5233b22ea341aa202c1bcb5dddfcd25
                                                          • Instruction ID: 364042775fd1c3021461886412c944e6dff839b4cc653181387597f4cbcf8102
                                                          • Opcode Fuzzy Hash: 30751fbc213978199e8f5b9913e399bfc5233b22ea341aa202c1bcb5dddfcd25
                                                          • Instruction Fuzzy Hash: 8A01D6B65093C05FD7128F16EC50862FFB8EF86620749C0EFEC898B612D225A908CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd04a40f8a73624af1a8486cceb31f4c17f95f0b824ca7c5858bf4bc527bf9d6
                                                          • Instruction ID: e9b9475dc217f393674477a29c8fb21d65cf47c251228a9bb672197433450fac
                                                          • Opcode Fuzzy Hash: bd04a40f8a73624af1a8486cceb31f4c17f95f0b824ca7c5858bf4bc527bf9d6
                                                          • Instruction Fuzzy Hash: 01F0C2358493889FCB069F74DCA55DC7FB0EB43310F2442EAC841972A1C6341986EB21
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fa12d3d8d7253de40bdddaae7e3a39acc1fe5efa5784e7e23d05d52e4ebf6ec
                                                          • Instruction ID: 48243d139be4f89d43de0a1b9191a89bbb298bd2e3ede6b297489b107f16c562
                                                          • Opcode Fuzzy Hash: 2fa12d3d8d7253de40bdddaae7e3a39acc1fe5efa5784e7e23d05d52e4ebf6ec
                                                          • Instruction Fuzzy Hash: 1A017C74D08209DFDB05DFA5D5405AEBBB5FB89300F10D5AAD405A7244DB30AA00CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f911dc802e9bbdacfc8e898292b54598a6c0656adf6258d792ef466bfd99ac2
                                                          • Instruction ID: 0cdfc791674f704aff81aace7f4097068ea7c03f155be6751d24b85c4549df9f
                                                          • Opcode Fuzzy Hash: 2f911dc802e9bbdacfc8e898292b54598a6c0656adf6258d792ef466bfd99ac2
                                                          • Instruction Fuzzy Hash: 44011A38E04208AFCB05DFA9C885A9DBFF1EF49310F05C1A9D9189B362D6399955DF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce1ff376df88efc749c0df268c8cc9e42f9b7020c74b1c39398706e6f6575e78
                                                          • Instruction ID: d55061abf24472a0740405f2034f9dd14db83de417568279c6eea44e8bc3cf5e
                                                          • Opcode Fuzzy Hash: ce1ff376df88efc749c0df268c8cc9e42f9b7020c74b1c39398706e6f6575e78
                                                          • Instruction Fuzzy Hash: 46F0F630D4A2049FD705DBB4C990AAF7773DFC6210F2688E8C40637282CB744E05EA75
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90964ba860092e4a11340b5c3c0401277399863f80aa6eb88e84a3a756db1226
                                                          • Instruction ID: c358cba8bdaf24027181fd278e6b29c614ab265c6ddf8b719f52344efed84eca
                                                          • Opcode Fuzzy Hash: 90964ba860092e4a11340b5c3c0401277399863f80aa6eb88e84a3a756db1226
                                                          • Instruction Fuzzy Hash: E2F08C70D0120D9BDB54AFA9C85A7AFBEF4EB09300F10183AD011B3280DA7069448BE8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fc11d4ecc68d068f38092bfb63e50d900e0d6ed6294096c1e8dfe35d48815c1
                                                          • Instruction ID: f23f9f70f6b3d4fa40d6b59d6f5d2fddb9cf3d8f9171f7986c204f05af78e692
                                                          • Opcode Fuzzy Hash: 6fc11d4ecc68d068f38092bfb63e50d900e0d6ed6294096c1e8dfe35d48815c1
                                                          • Instruction Fuzzy Hash: 59F0C938A00208AFCB04DFA9D984A5DBFF5FF48300F55C095D90897361D634D950DF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2052e2f5c0df169e875d3cf6b960c4aec3b14fd1b68e8fdab33f568802815c74
                                                          • Instruction ID: 8546b939863ed74f0e64bf1d4c9c78fad985bb8cfed7d1d1f0f95cd1b6d2ba80
                                                          • Opcode Fuzzy Hash: 2052e2f5c0df169e875d3cf6b960c4aec3b14fd1b68e8fdab33f568802815c74
                                                          • Instruction Fuzzy Hash: 3FF09070D05209EFCB04DFA4D9A82ADBBB9FB86201F20C1B6C80A93255DB304A51EF56
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62db78b043735badea40f117fd5666446c495131b8f7c1d9017897d9ef8bdb61
                                                          • Instruction ID: b094c6b1085dfef1cdc1873674f8955116e539228153c544620e33e7e96446ee
                                                          • Opcode Fuzzy Hash: 62db78b043735badea40f117fd5666446c495131b8f7c1d9017897d9ef8bdb61
                                                          • Instruction Fuzzy Hash: 49F04930900248DFCB44EBA4D5A1ADDBB71EF41300F2042A9D9002B2A1DA746E81DBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7a14d6477c51b238084772d70e48033159de7f4a87057b23cb69340a99aca4e
                                                          • Instruction ID: 07a50c34adb8fb561b09e0e9af0bd7442b2d438c18256da8b4ab3682c3ba182f
                                                          • Opcode Fuzzy Hash: a7a14d6477c51b238084772d70e48033159de7f4a87057b23cb69340a99aca4e
                                                          • Instruction Fuzzy Hash: 4001A478949309DFCB40EFA8D48499DBBB0FB44210F1486EADC049B356D374AA45DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d71d8af73034331d7517934755c3b40d7693602113de2049bb3df6ff0112555
                                                          • Instruction ID: a0dac640bb8983a8eba872eb64683daf297ca2d287d51cdfa9c85f9c62f164cf
                                                          • Opcode Fuzzy Hash: 5d71d8af73034331d7517934755c3b40d7693602113de2049bb3df6ff0112555
                                                          • Instruction Fuzzy Hash: F6F03030E461089BD708DBB5C944F6F7377DFC6214F2258A4850623385CF745F41E5A9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258347590.0000000002BC0000.00000040.00000040.sdmp, Offset: 02BC0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                                          • Instruction ID: c7f469ce94a3afc4b4cc32c27b2c3aa6e5816bde8d8b7036b058ed7ff031c02f
                                                          • Opcode Fuzzy Hash: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                                          • Instruction Fuzzy Hash: 27F01D35108644DFC706DF44D940B15FBA6EB89718F24CAADE9491B752C737E813DE81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c114b944311c6b14554ed63e0e704a06d0383bccca5ef4a445faf599887f59
                                                          • Instruction ID: 27be210b4a14321c6d6de6e564d3c2cd0298ad02e67fd578e4709403088588d2
                                                          • Opcode Fuzzy Hash: 19c114b944311c6b14554ed63e0e704a06d0383bccca5ef4a445faf599887f59
                                                          • Instruction Fuzzy Hash: B2F08C3480A349DFCB16DFA8E8855ECBFB1EF46311F2042EAD88593261D3792A19DF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bffcd06916867f5d32ba9bd1d4b3ef840feb53e8a5706e8cf9e4d546aaaaf1f1
                                                          • Instruction ID: 8cad977524dd3bfae08370feb81970e8f4a5222d97d58d86026ef92ea9b0cc2d
                                                          • Opcode Fuzzy Hash: bffcd06916867f5d32ba9bd1d4b3ef840feb53e8a5706e8cf9e4d546aaaaf1f1
                                                          • Instruction Fuzzy Hash: CEF03434C4A208DFCB05EFB8C88859DBFB0EF06204F2046EAC840A7361DB788A51CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6d4c36b0f5597382ecac54699b38d361779938df292ee6549671a38fdddbc51
                                                          • Instruction ID: fe88027cf898ac0d1edb2f37af6b16f3f3d9e4af4784d7f4ad3f3900939ab0af
                                                          • Opcode Fuzzy Hash: e6d4c36b0f5597382ecac54699b38d361779938df292ee6549671a38fdddbc51
                                                          • Instruction Fuzzy Hash: 44F01C3490020CEFDB04FBA8D991AEEBB71EB81304F2042A8D90427391DA716E40EBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d883470da80342f8479cb5cb548ec39fad69e26f1271c23f2dbf2db362f7ae6f
                                                          • Instruction ID: bad065f27b7405d64fcbf63048731ce7aa7cbd69c80137f9229c307f4a940fc4
                                                          • Opcode Fuzzy Hash: d883470da80342f8479cb5cb548ec39fad69e26f1271c23f2dbf2db362f7ae6f
                                                          • Instruction Fuzzy Hash: 09F034B08082489FCB49DFB8C884AADBFB0FF0A300F1086EAD844A7361D3754A01DF01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e88b03be16656a4603f4f1bf8f23dc5ff24efc283d94e111eedc9e7778ac3bf6
                                                          • Instruction ID: e490ba3871b0d691680070061fa62fbe9ca96fc10235bcccf0ac4d192882a7ec
                                                          • Opcode Fuzzy Hash: e88b03be16656a4603f4f1bf8f23dc5ff24efc283d94e111eedc9e7778ac3bf6
                                                          • Instruction Fuzzy Hash: 4CF0AF78A0420DEFCB40EFA8D58499DBBB4FB48310F2086AADC04A7351D730AE41DF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258347590.0000000002BC0000.00000040.00000040.sdmp, Offset: 02BC0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 209a9a192832ac66b2d4bd9797da852f5cf2b24e07adbc3d65bc5eed051da61c
                                                          • Instruction ID: a2af14a101433f1335c26cbf5857621a03b3a65167804a66cdd8db48069626cc
                                                          • Opcode Fuzzy Hash: 209a9a192832ac66b2d4bd9797da852f5cf2b24e07adbc3d65bc5eed051da61c
                                                          • Instruction Fuzzy Hash: FCE06D766406004B9750CF0AEC81456FB98EB84630718C07FDC0D8B710D135B5048EA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01fda2a223a7eeb7b1d9ee20dd2b25c7ac798c7019e061e69a7afbe35937a7e7
                                                          • Instruction ID: 40d082b63e61fb5946da79a392d83338ae4b73642544c64b332e155df08b189e
                                                          • Opcode Fuzzy Hash: 01fda2a223a7eeb7b1d9ee20dd2b25c7ac798c7019e061e69a7afbe35937a7e7
                                                          • Instruction Fuzzy Hash: 6BF0ED74D0120CDFCB04EFB8D5485AEBBB0FB45705F6046A9C814A3350D7759A50DF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b460666452fda86a56095d8130caf229aa9b89c1efc65567805d4c2fd5033361
                                                          • Instruction ID: 4628a9468f7466527db65642c29a353d9cb828231e2087acefddbd83393d0b18
                                                          • Opcode Fuzzy Hash: b460666452fda86a56095d8130caf229aa9b89c1efc65567805d4c2fd5033361
                                                          • Instruction Fuzzy Hash: 99F0C975D0020DEFCF45EFA8DC40AADBBB5FB48300F1085AAE914A2250D7719661EF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f96ed14fb477d9c6e32173b7ae260ee80a8b227fb083b51aea5144922f36ba9
                                                          • Instruction ID: 60308c57df0ec8f5056fac7e15fa11e4bea56a748a05ad6a3eac91161b920697
                                                          • Opcode Fuzzy Hash: 9f96ed14fb477d9c6e32173b7ae260ee80a8b227fb083b51aea5144922f36ba9
                                                          • Instruction Fuzzy Hash: 1CE0E5B4D0020CEFCB04EFA8D984AADBBB5FB48301F1086AAE814A3350D7719A51DF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 351cb55c84101301de6876f2e6586737964441be63b0d8fa3f0e1d4632088c00
                                                          • Instruction ID: c0df268806413c7595c3132f13e3146117b6d229c07086ad5f08ae9d90d248b1
                                                          • Opcode Fuzzy Hash: 351cb55c84101301de6876f2e6586737964441be63b0d8fa3f0e1d4632088c00
                                                          • Instruction Fuzzy Hash: BBE0863480420CEFCB14EF64E9859ADBB35EB45301F1091A9DC0423350DB306A50EF68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49012aa0f40aac45c3ea4f6f90cb0baee84b629942d1cde3faa65020220543e1
                                                          • Instruction ID: 55cfbd53712ad7d77b5a2a52bced4e77b210d1ba2079edb02d35f732fc05db85
                                                          • Opcode Fuzzy Hash: 49012aa0f40aac45c3ea4f6f90cb0baee84b629942d1cde3faa65020220543e1
                                                          • Instruction Fuzzy Hash: 43E0463490930CDBCB18EFA9E5455ACBBB9EB45302F2081BAD84993350D7316A54DB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9fb932faaa7ad9853a1ac44ac42a3cf9d22a694892ea406bea0f386fa384cba
                                                          • Instruction ID: 235f4568b743782b35989d8b2a795a1132c6e140ea3ded11fe082ec3efa4b257
                                                          • Opcode Fuzzy Hash: d9fb932faaa7ad9853a1ac44ac42a3cf9d22a694892ea406bea0f386fa384cba
                                                          • Instruction Fuzzy Hash: BDE0C974D4834ACFCB05CFA4D8944DDBBB1AF46361B1106A9C56AAF255EB384C16DB10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e414755b0e5a33c3e561166d3ff5960c7001df44fc301ca60a2eecc111dcb0cd
                                                          • Instruction ID: b5506e1cac7f32493bdaaa4d408b88170e314e46b0d51b3f2835c68e8820e284
                                                          • Opcode Fuzzy Hash: e414755b0e5a33c3e561166d3ff5960c7001df44fc301ca60a2eecc111dcb0cd
                                                          • Instruction Fuzzy Hash: D6E0C974E01229DFEB60DB58DC41B9EFBB2BB45300F1055AAD948A7244D7345E81CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f0478f0fb8a1436f5b46273fb37a5b0cf156ca2d5a9192149463101fee70960
                                                          • Instruction ID: ea77d83ac2bd6f05a56f71af60aad9dbaf57935bb05d979b70e00d89a5fefae3
                                                          • Opcode Fuzzy Hash: 4f0478f0fb8a1436f5b46273fb37a5b0cf156ca2d5a9192149463101fee70960
                                                          • Instruction Fuzzy Hash: E9E0E5389042198FCB60DF98C58498CBBB1BB88350F1191E5D815AB368C630EA82CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ed52b4a1c9a8ab87f5e1078f4634394049db106acc6df42485368f7626c288c
                                                          • Instruction ID: 0123248164a1a43948ed135f8cc9f052c9d5a20708decbf27534f07dde1664b3
                                                          • Opcode Fuzzy Hash: 2ed52b4a1c9a8ab87f5e1078f4634394049db106acc6df42485368f7626c288c
                                                          • Instruction Fuzzy Hash: D0D01735D05108CBCB009FA4E0882ECB7B0EB89325F118666C214A3200C3314454CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9a78a49687a98426809c20ba5eebb376f36f23ef9f93d23e21d7a13333f2a53
                                                          • Instruction ID: 417fea97504cea908f93023f887645132657395bebd093cd11063ed5360f5ab7
                                                          • Opcode Fuzzy Hash: d9a78a49687a98426809c20ba5eebb376f36f23ef9f93d23e21d7a13333f2a53
                                                          • Instruction Fuzzy Hash: 86E0BD74E00208EFCB44EFA8D84869CBBF8EB48204F1081AAD80893750EA34AA54CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25655935935156a254c1274d17153bce561d326a74c2ab0ea6e11cd93056c45b
                                                          • Instruction ID: 05457292e10d16096443bae4e9345d14a83e90836752dc72358436695cc023fc
                                                          • Opcode Fuzzy Hash: 25655935935156a254c1274d17153bce561d326a74c2ab0ea6e11cd93056c45b
                                                          • Instruction Fuzzy Hash: D4E08C3092A149CFCB44CFE0EA811ADBBB6FB89344F54C87AC112AB188DB34991CCF00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20302bda9f7bf23f5be0998d8aa317e09182bd618a35625b16d70709725c342c
                                                          • Instruction ID: 13a36e24c0bec0edc007358333cf6399a9aca7f29048c886997f28edbcf2047b
                                                          • Opcode Fuzzy Hash: 20302bda9f7bf23f5be0998d8aa317e09182bd618a35625b16d70709725c342c
                                                          • Instruction Fuzzy Hash: CDE08274C09228CFDF40CFA5C880A9EBBB8BB49380F0050E5D00AA3380E634A980CF21
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3900eb4e84dfa9ec25b9fcabc34aefbd7759d5dc1e0c48c7d2c1acb8ec4409b1
                                                          • Instruction ID: 801ec3ed9cd8ae1e652d581655d0d0eeb0ad329587db3a634c0f8ce9f3c57022
                                                          • Opcode Fuzzy Hash: 3900eb4e84dfa9ec25b9fcabc34aefbd7759d5dc1e0c48c7d2c1acb8ec4409b1
                                                          • Instruction Fuzzy Hash: 35D0C936E05108CFCB009FB8E4440DCF771EB8D225F119266C614B3310C7319415CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95ce7984dd48f84346d8673517e095232368e60bd90aea7b024c56ef01b29af5
                                                          • Instruction ID: 89b9b127a3af578de9bd13de40c0c08f60365aeee789c71fb8409e0b500a0947
                                                          • Opcode Fuzzy Hash: 95ce7984dd48f84346d8673517e095232368e60bd90aea7b024c56ef01b29af5
                                                          • Instruction Fuzzy Hash: C6E04F3081531DDFCB90DF20ED80BACBBB6BB04300F0045A4C40DA6124DB305E89CF01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b297845597ff729b3cb039d9c2132ee9a438b27c23265a40612d6d2c0073ea1a
                                                          • Instruction ID: 85239b882d2bdcb268b3ef4fd269ed6c0e767c624f1b2ec2435239525399f646
                                                          • Opcode Fuzzy Hash: b297845597ff729b3cb039d9c2132ee9a438b27c23265a40612d6d2c0073ea1a
                                                          • Instruction Fuzzy Hash: 4CD0C775C041598BCF65CF60CC517EEB779AF06304F105596947AB3241D6345A41CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae48a1f544ce4054249181f5aa29ce70707192dee0f96deae3536a63c0fab78f
                                                          • Instruction ID: ea97d79e9fba94ef089501db144167a05f5d58abc4e30f438d0df68d3f62fce1
                                                          • Opcode Fuzzy Hash: ae48a1f544ce4054249181f5aa29ce70707192dee0f96deae3536a63c0fab78f
                                                          • Instruction Fuzzy Hash: 60D09E74D082599FDB90CF90C841B9DB7F9AB45340F1098E5850DA7150D6749A84CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70757fbf8a33dc1c78d3141fdb9026abc3397badc15958cac9be328b9c6b6ce1
                                                          • Instruction ID: 8815a46ed173a1a707dccecd1e8b51a4df38d1a0cf0c272471068f94444591d0
                                                          • Opcode Fuzzy Hash: 70757fbf8a33dc1c78d3141fdb9026abc3397badc15958cac9be328b9c6b6ce1
                                                          • Instruction Fuzzy Hash: EBD05278C08209CBCF80CB91C841A9EB3B9AB45380F00D0A68109AA284E7398A80CF1A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a69bff2ae4af40987a349422c7e0a834470cd191e37d1b86a18cbeb5273869b1
                                                          • Instruction ID: 40425d01fca372e4102368e6178f688498639d976ebf4b1e08c04a92c0fa4e25
                                                          • Opcode Fuzzy Hash: a69bff2ae4af40987a349422c7e0a834470cd191e37d1b86a18cbeb5273869b1
                                                          • Instruction Fuzzy Hash: E3C01274C041188BCF40CF94D4407DDB379AB45340F1091A5900973240D7744A84CF16
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3b11758699d93195fccc058577739f3da93c95d4328811a994fe3fb5714327b
                                                          • Instruction ID: 288327ac3b6f0e8813fffd2244d60fd92e09a44ebaa0da0608115bed59bd04bb
                                                          • Opcode Fuzzy Hash: e3b11758699d93195fccc058577739f3da93c95d4328811a994fe3fb5714327b
                                                          • Instruction Fuzzy Hash: 33C012B4C082198BCF80CF90C880B9DB3BAAB46300F2090E6850DB3200EA348A80CF1A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 705effecf0201986e53407ea830b31c915745d081f4db4d985b36d6bde1672f8
                                                          • Instruction ID: 1d9a03c92f73137fb532e0baa0f4e815f94579d2bfc0cc31f2172c16d496c3b7
                                                          • Opcode Fuzzy Hash: 705effecf0201986e53407ea830b31c915745d081f4db4d985b36d6bde1672f8
                                                          • Instruction Fuzzy Hash: E5D0127150A344CFC719DFB0D28444D7BB1EB46351F9045B8E0069F254C735D942CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $;17
                                                          • API String ID: 0-1489653689
                                                          • Opcode ID: bef06af3bb72f6f1162c1fe0995096eb55d6cbfafdbbb36fe0f37a09556b33e9
                                                          • Instruction ID: 52eafb37a2a3c2e9ec7fb7f67d34988e6dc0c87f2a6a571e87156973d0621a88
                                                          • Opcode Fuzzy Hash: bef06af3bb72f6f1162c1fe0995096eb55d6cbfafdbbb36fe0f37a09556b33e9
                                                          • Instruction Fuzzy Hash: 2651F3B0E0624ADFCF04CFA8C5819AEBBF5FF49300F2495AAD415A7244E734AA41DF65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $;17
                                                          • API String ID: 0-1489653689
                                                          • Opcode ID: a79eff943d99d0f18807f1484d4cbb24333bc7c8f428b3651f23dac70ae53dce
                                                          • Instruction ID: b750992a10548d766d3891b9b897b1a23e9b7eff0840d4c64d1d6836e136334c
                                                          • Opcode Fuzzy Hash: a79eff943d99d0f18807f1484d4cbb24333bc7c8f428b3651f23dac70ae53dce
                                                          • Instruction Fuzzy Hash: E051F5B0E0624ADFCF04CFA8C5819AEBBB5FB49300F2095AAD415B7200D734AA41CF65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: OQT
                                                          • API String ID: 0-2671719027
                                                          • Opcode ID: 1ef0c92a9ac00ad78ae02899f49c70c103d1da3b2752c5998698ff9cc8b92218
                                                          • Instruction ID: 2536c0980128abb632e01caf03f27204a75d19d2bb2e3ab89e42da088cef1a19
                                                          • Opcode Fuzzy Hash: 1ef0c92a9ac00ad78ae02899f49c70c103d1da3b2752c5998698ff9cc8b92218
                                                          • Instruction Fuzzy Hash: 67411471D0420A9FCF05CFAAC5815EEFBB5FF89310F2094AAC415AB254D7349642CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: OQT
                                                          • API String ID: 0-2671719027
                                                          • Opcode ID: 07dd153d14079d2fce4d6e1f618669226d380723082aa4724c957eabd5feecbd
                                                          • Instruction ID: 9e0e88f82286a655872f9f52e67181620a6204faba137212ac59804d97fbf530
                                                          • Opcode Fuzzy Hash: 07dd153d14079d2fce4d6e1f618669226d380723082aa4724c957eabd5feecbd
                                                          • Instruction Fuzzy Hash: DB41E371D0460A9FDF04CFAAC5815EEFBBABF99300F2094AAC415BB254D7349A42CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd4b074ae15aaa5f03b102cccec185e4cc5e424e01f36f6ec98416c2e1af79fd
                                                          • Instruction ID: 1d88cdc436f06e2af93b35f10638ab0fca3f68bb3753bcc2dc2f727f5d6f1bbd
                                                          • Opcode Fuzzy Hash: fd4b074ae15aaa5f03b102cccec185e4cc5e424e01f36f6ec98416c2e1af79fd
                                                          • Instruction Fuzzy Hash: FFA139B1D05209DFCF04CFA9E5815AEFBB1FF48318F5095AAD411AB258D734AA42CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4f2500e315f04567c9d1290f1aa60420cf941da6231fe62be3dede39d58e968
                                                          • Instruction ID: 440f9e5b2e567eebf17a1c13d03c3a25bd48e5a9baf588573b1c4356b3f49353
                                                          • Opcode Fuzzy Hash: d4f2500e315f04567c9d1290f1aa60420cf941da6231fe62be3dede39d58e968
                                                          • Instruction Fuzzy Hash: F8711974D04258DFDB14DFA9D58059DFBB6FF89308B24C2AAC414AB309D734AA42DF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b0ac09d3cf9771637510dd8a2f9560ad2a64213ae011c2798af659e350d3cbf
                                                          • Instruction ID: bcb37f6e978f3356267b058e5c2c6834486cd778c59133e0d6d04cd33b727a23
                                                          • Opcode Fuzzy Hash: 6b0ac09d3cf9771637510dd8a2f9560ad2a64213ae011c2798af659e350d3cbf
                                                          • Instruction Fuzzy Hash: F171FD34E65209EFCB10CFA9D584A9DFBF5FB48350F94D5AAE415AB220D738AA40CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44d78e52ddb364efde145326e17b849a0dcd8715882fce32ddbd67513e894573
                                                          • Instruction ID: 3f2f008205d96509dae71a692c62afea581b1d95fa8caaccdc9d0635b1e16182
                                                          • Opcode Fuzzy Hash: 44d78e52ddb364efde145326e17b849a0dcd8715882fce32ddbd67513e894573
                                                          • Instruction Fuzzy Hash: E971EE34E65209EFCB51CFA9D484A9DFBF1FB49350F54D5AAE415AB220C738AA40CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e0213c73ab27fe277e51d843029d5448355e82b3cebe7eac8b43b3fa96e72e2
                                                          • Instruction ID: bc1ce8e8d3640a7a789a47c8c128a16dc091f211e9737b249df959cfaf5c4879
                                                          • Opcode Fuzzy Hash: 0e0213c73ab27fe277e51d843029d5448355e82b3cebe7eac8b43b3fa96e72e2
                                                          • Instruction Fuzzy Hash: 5F61F4B4D252199FCF04CFAAC5809AEFBF2FB89200F1495AAD415BB314D7789A01DF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cf9246adce137086820ffb04ac254f190664aca1599f2960f770da144b164efb
                                                          • Instruction ID: a9fde0a9ef30a9ddf7b145725ec8ad058448dad4764c7f7e110e04b66a8e2452
                                                          • Opcode Fuzzy Hash: cf9246adce137086820ffb04ac254f190664aca1599f2960f770da144b164efb
                                                          • Instruction Fuzzy Hash: 7461C1B4D252199FCF04CFAAC5809AEFBF2FB89600F1495AAD415BB214D7389A01DF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 163e8449485f48c3ea7bbbd5ad7149c48ad51633134e7586ea306c2995b94023
                                                          • Instruction ID: b45b007544ea8cbc7ec097ba4f39fb651e9be7b592d052db0c5a2cdc30acd56b
                                                          • Opcode Fuzzy Hash: 163e8449485f48c3ea7bbbd5ad7149c48ad51633134e7586ea306c2995b94023
                                                          • Instruction Fuzzy Hash: 6C514A70D011099FCF04DFA9E540AAEBBB2FF89328F54C5A6D420B7298D7349941CF65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6f4cf50fe42d5ac78b15c91dfe9a66f2b7bca200d172bbd667da179c878f1a6f
                                                          • Instruction ID: 0f7faae59e3dae9a859358df2a667c914e8f20bd25b0a497ac3a9582e63330f1
                                                          • Opcode Fuzzy Hash: 6f4cf50fe42d5ac78b15c91dfe9a66f2b7bca200d172bbd667da179c878f1a6f
                                                          • Instruction Fuzzy Hash: C3513CB1E056188BDB68DF6B9D4479DFAF7AFC9200F14C1BAC50CA6264DB301A81CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 826f49e7cafe9da1957a06880f766c62c77d04f7c119e2ea65f3c34f4cf7c6bf
                                                          • Instruction ID: 0a465d0bbffaa771d48068198fe7cae3845fd262604b3e540e07b78b0233fe3e
                                                          • Opcode Fuzzy Hash: 826f49e7cafe9da1957a06880f766c62c77d04f7c119e2ea65f3c34f4cf7c6bf
                                                          • Instruction Fuzzy Hash: BA411AB1D2920ADFCF08CFE6C5814AEFBF1EB89310F2494AAD445AB244D7349A41DB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262940960.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ccfadd1ab081672e39145159a6524cd95cefdb2747544e928667ef7dd28509d4
                                                          • Instruction ID: 8952457ebcef7f82221c5d440a32a7eb169bae763dd2f0bcdf7ab90af183c386
                                                          • Opcode Fuzzy Hash: ccfadd1ab081672e39145159a6524cd95cefdb2747544e928667ef7dd28509d4
                                                          • Instruction Fuzzy Hash: DB313071E49218DECB10DFB9D5847FEBBF4AB4A310F106425D906F3261EA346542DB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3897a2069405b610e1d723ffce758245c89aace658fa2789bd5f7ba70b1ba902
                                                          • Instruction ID: d79b055b3802926f70bd62914ed3a4bbfe8e4ef0e88b7097c15f508519a4aac5
                                                          • Opcode Fuzzy Hash: 3897a2069405b610e1d723ffce758245c89aace658fa2789bd5f7ba70b1ba902
                                                          • Instruction Fuzzy Hash: 5D4108B0D2920ADBCF08CFD6D5815AEFBF2AB89300F2094AAD455BB244D7349A41DF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262940960.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d37382bc84101edabefc16aa52f0a50b710d11c63a7dd004b4ce215ea47f853c
                                                          • Instruction ID: d6084e50d4a0158141469a0f52533573642fea792884da7aa5317a8e2f784703
                                                          • Opcode Fuzzy Hash: d37382bc84101edabefc16aa52f0a50b710d11c63a7dd004b4ce215ea47f853c
                                                          • Instruction Fuzzy Hash: 9E312875E49219DECB10DFB8D484AFEBBF4AB4A300F205425E906B3261EB346542DB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.258321942.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5ccd4acf8a214a8dc41f76370c3f83d38453129c2ec7f031719aebab6c0e94a
                                                          • Instruction ID: 7f1481cf7a0710573b498e00c73100b229067fc104ea2d1e74ce7ffa1f403654
                                                          • Opcode Fuzzy Hash: f5ccd4acf8a214a8dc41f76370c3f83d38453129c2ec7f031719aebab6c0e94a
                                                          • Instruction Fuzzy Hash: E831D971E016189FEB18CF6BC84069EBAF3AFC9300F14C1AAD448A7255DB744A42CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262940960.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01988154f17e3c940089239a637326662cb7e453031cf6de915277dfc497a576
                                                          • Instruction ID: d1b3dff87f653892330ac35d916bb71319760d3dbf3174e634732e77e234f00a
                                                          • Opcode Fuzzy Hash: 01988154f17e3c940089239a637326662cb7e453031cf6de915277dfc497a576
                                                          • Instruction Fuzzy Hash: 971126B0D442599ECB10CFA9D854BEEBFF0AF4A300F14506AE844B3290D7345645DFA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262940960.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f4fff51817e79061839380d5d4465b1d114dd7dd30314c1548f601cb803438f8
                                                          • Instruction ID: 15e20bc07f99f1a46547114a65918b26defcefd61dc9e7a879fcecd0e2e9155a
                                                          • Opcode Fuzzy Hash: f4fff51817e79061839380d5d4465b1d114dd7dd30314c1548f601cb803438f8
                                                          • Instruction Fuzzy Hash: B7110AB0D44219DFCB54CFAAD855BEEBEF0AF4A300F14906AE404B3290DB349645DFA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%