Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKD.46243806.32106.30285

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.GenericKD.46243806.32106.30285 (renamed file extension from 30285 to exe)
Analysis ID:404310
MD5:cce6c363c0ff7ac663cd71c5906069a6
SHA1:98ad5e24bf99fbb4cf7bdcaa54b6d720064dc810
SHA256:b65eed317058df5ddd4247ec93ac2b555ae2c29b751ee455ceee3dd9b670ecad
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Creates an undocumented autostart registry key
Injects a PE file into a foreign processes
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Abnormal high CPU Usage
Antivirus or Machine Learning detection for unpacked file
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "bigazz@sixjan.xyzH^i?T2&gWQ({sixjan.xyz"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe PID: 1848JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe PID: 1848JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.428c788.2.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "bigazz@sixjan.xyzH^i?T2&gWQ({sixjan.xyz"}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeReversingLabs: Detection: 40%
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exeReversingLabs: Detection: 40%
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeVirustotal: Detection: 30%Perma Link
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeReversingLabs: Detection: 40%
          Source: 16.2.SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA4D92h0_2_05FA4A67
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA5032h0_2_05FA4A67
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA4D92h0_2_05FA4A67
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA5032h0_2_05FA4A67
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA4D92h0_2_05FA4BF4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA4D92h0_2_05FA4A98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 4x nop then jmp 05FA5032h0_2_05FA4A98
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpString found in binary or memory: http://mNVnNH.com
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://ocsp.digicert.com0A
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://ocsp.digicert.com0H
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://ocsp.digicert.com0I
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: https://discord.com/
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: https://discord.com/2
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: https://discord.com/6
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: https://discord.com/:
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeString found in binary or memory: https://www.digicert.com/CPS0
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.341547950.00000000013EB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess Stats: CPU usage > 98%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F1DF980_2_05F1DF98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F195B00_2_05F195B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F14F900_2_05F14F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F181E80_2_05F181E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F1ABE80_2_05F1ABE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F70CD00_2_05F70CD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F714320_2_05F71432
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F7E7A80_2_05F7E7A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F7E5400_2_05F7E540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F7E5360_2_05F7E536
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F7E7970_2_05F7E797
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F721500_2_05F72150
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA009E0_2_05FA009E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA64580_2_05FA6458
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA18500_2_05FA1850
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA193C0_2_05FA193C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA64480_2_05FA6448
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA1C080_2_05FA1C08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA37C00_2_05FA37C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05FA37B00_2_05FA37B0
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 16_2_02A34E4016_2_02A34E40
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 16_2_02A3EA8A16_2_02A3EA8A
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 16_2_02A34E3216_2_02A34E32
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe B65EED317058DF5DDD4247EC93AC2B555AE2C29B751EE455CEEE3DD9B670ECAD
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exe B65EED317058DF5DDD4247EC93AC2B555AE2C29B751EE455CEEE3DD9B670ECAD
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: invalid certificate
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.341547950.00000000013EB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.341092452.0000000000C70000.00000002.00020000.sdmpBinary or memory string: OriginalFilename44444.exe^ vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.345992042.0000000005C90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.346362509.0000000005F80000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBtuucsui.dll" vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.341983354.00000000031C2000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamehHjrmKPrlxwsmtWVgQPQZlucKNq.exe4 vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 0000000F.00000002.338937682.0000000000280000.00000002.00020000.sdmpBinary or memory string: OriginalFilename44444.exe^ vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.481465313.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamehHjrmKPrlxwsmtWVgQPQZlucKNq.exe4 vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000000.339515688.0000000000730000.00000002.00020000.sdmpBinary or memory string: OriginalFilename44444.exe^ vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.483591584.0000000000D3A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeBinary or memory string: OriginalFilename44444.exe^ vs SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: notpad.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal96.troj.evad.winEXE@5/5@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpadJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeVirustotal: Detection: 30%
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeReversingLabs: Detection: 40%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 0_2_05F1F66C pushad ; ret 0_2_05F1F66D
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeCode function: 16_2_02A31BAB push es; retf 16_2_02A31BB7
          Source: initial sampleStatic PE information: section name: .text entropy: 7.96408240927
          Source: initial sampleStatic PE information: section name: .text entropy: 7.96408240927
          Source: initial sampleStatic PE information: section name: .text entropy: 7.96408240927
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exeJump to dropped file

          Boot Survival:

          barindex
          Creates an undocumented autostart registry key Show sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpadJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exe\:Zone.Identifier:$DATAJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.346362509.0000000005F80000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeWindow / User API: threadDelayed 800Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeWindow / User API: threadDelayed 9009Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe TID: 4888Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe TID: 5812Thread sleep time: -20291418481080494s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe TID: 5848Thread sleep count: 800 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe TID: 5848Thread sleep count: 9009 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe TID: 5812Thread sleep count: 43 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000000.00000002.346362509.0000000005F80000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory written: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory written: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory written: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe base: 402000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory written: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe base: 46C000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory written: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe base: 46E000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeMemory written: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe base: 9EC008Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeProcess created: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484585171.0000000001580000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484585171.0000000001580000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484585171.0000000001580000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484585171.0000000001580000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected AgentTeslaShow sources
          Source: Yara matchFile source: 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe PID: 1848, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe PID: 1848, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected AgentTeslaShow sources
          Source: Yara matchFile source: 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe PID: 1848, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation211Registry Run Keys / Startup Folder11Process Injection212Masquerading1Input Capture1Query Registry1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Disable or Modify Tools1LSASS MemorySecurity Software Discovery311Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion131Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection212NTDSVirtualization/Sandbox Evasion131Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing3Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe31%VirustotalBrowse
          SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe40%ReversingLabsByteCode-MSIL.Downloader.Seraph

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe40%ReversingLabsByteCode-MSIL.Downloader.Seraph
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exe40%ReversingLabsByteCode-MSIL.Downloader.Seraph

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.428c788.2.unpack100%AviraHEUR/AGEN.1110362Download File
          16.2.SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
          0.2.SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.432c7a8.3.unpack100%AviraHEUR/AGEN.1110362Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
          https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
          https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
          https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
          https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
          https://discord.com/20%Avira URL Cloudsafe
          http://DynDns.comDynDNS0%URL Reputationsafe
          http://DynDns.comDynDNS0%URL Reputationsafe
          http://DynDns.comDynDNS0%URL Reputationsafe
          http://DynDns.comDynDNS0%URL Reputationsafe
          https://discord.com/0%URL Reputationsafe
          https://discord.com/0%URL Reputationsafe
          https://discord.com/0%URL Reputationsafe
          https://discord.com/0%URL Reputationsafe
          https://discord.com/60%Avira URL Cloudsafe
          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
          http://mNVnNH.com0%Avira URL Cloudsafe
          https://discord.com/:0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://127.0.0.1:HTTP/1.1SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          low
          https://api.ipify.org%GETMozilla/5.0SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          low
          https://discord.com/2SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exefalse
          • Avira URL Cloud: safe
          unknown
          http://DynDns.comDynDNSSecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          https://discord.com/SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exefalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          https://discord.com/6SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exefalse
          • Avira URL Cloud: safe
          unknown
          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haSecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          http://mNVnNH.comSecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe, 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://discord.com/:SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exefalse
          • Avira URL Cloud: safe
          unknown

          Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:32.0.0 Black Diamond
          Analysis ID:404310
          Start date:04.05.2021
          Start time:22:10:56
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 8m 47s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:SecuriteInfo.com.Trojan.GenericKD.46243806.32106.30285 (renamed file extension from 30285 to exe)
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:27
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal96.troj.evad.winEXE@5/5@0/0
          EGA Information:Failed
          HDC Information:
          • Successful, ratio: 0.1% (good quality ratio 0.1%)
          • Quality average: 62.5%
          • Quality standard deviation: 14.5%
          HCA Information:
          • Successful, ratio: 96%
          • Number of executed functions: 116
          • Number of non-executed functions: 13
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          Warnings:
          Show All
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          22:13:06API Interceptor359x Sleep call for process: SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exeIMG_05412_868_21.docxGet hashmaliciousBrowse
            C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exeIMG_05412_868_21.docxGet hashmaliciousBrowse

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe.log
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              File Type:ASCII text, with CRLF line terminators
              Category:modified
              Size (bytes):697
              Entropy (8bit):5.329165082425189
              Encrypted:false
              SSDEEP:12:Q3La/hzzAbDLI4M9tDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhat/DLI4M/DD:MLasXE4qpE4Ks2wKDE4KhK3VZ9pKhgLU
              MD5:0832DF9444C16D83CFAAE29AC72D03D6
              SHA1:AA245EF747FBA8996C83FC74147657D51467C058
              SHA-256:5039464C89038FB81B6DFF61330D29D31630C393AB578CDEC6628699E8906C76
              SHA-512:5C2F08CFC35E6579972E20C9241313B52B89D419B8EE0C51E248AFC094B3C816B09427E4806C5DDD0E050C3AC24ACB61CD2E8D78415BCEF01491F2D6FC8FFDD4
              Malicious:true
              Reputation:low
              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
              C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):343352
              Entropy (8bit):7.841371992370745
              Encrypted:false
              SSDEEP:6144:FL4Qez8X+5KBrIxuNWUwJm4OdB17ZDs0s7xHAVkYifH4TWcwb8tFHQK:V4Qez+YSSjUAmdr17Zw0+geYqH41wb88
              MD5:CCE6C363C0FF7AC663CD71C5906069A6
              SHA1:98AD5E24BF99FBB4CF7BDCAA54B6D720064DC810
              SHA-256:B65EED317058DF5DDD4247EC93AC2B555AE2C29B751EE455CEEE3DD9B670ECAD
              SHA-512:C3E28465D1FB8673D4B203D3A985AF370255E1381EA8D9DB910F213EFFC4F5C3CA0214497FA783396A25C4316D5CDDE6F05A35BBF44581EF5BC4C2FCD4F8FA1B
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 40%
              Joe Sandbox View:
              • Filename: IMG_05412_868_21.docx, Detection: malicious, Browse
              Reputation:low
              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..`.....................J......^.... ........@.. ....................................@.....................................K.......,G..............8....`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...,G.......H..................@..@.reloc.......`......................@..B................@.......H........J..$,...........w...y...........................................0...........:.........(/...8....&.....(...........s....o.... .>n.(5....:6...& .>n.(5.........%.(-.....:!...&& a>n.(5...('...&8....((...8....(*...8....*.................0..........(.........(....o.... ^>n.(5...(....o.....:....&8.....8....s.....:....&..o.....o....s.....9....&8.....8.....8....s.......s....s.........o...........o......o............o...........o.....(......o............9.....o.......*.4......
              C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe:Zone.Identifier
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Reputation:high, very likely benign file
              Preview: [ZoneTransfer]....ZoneId=0
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exe
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):343352
              Entropy (8bit):7.841371992370745
              Encrypted:false
              SSDEEP:6144:FL4Qez8X+5KBrIxuNWUwJm4OdB17ZDs0s7xHAVkYifH4TWcwb8tFHQK:V4Qez+YSSjUAmdr17Zw0+geYqH41wb88
              MD5:CCE6C363C0FF7AC663CD71C5906069A6
              SHA1:98AD5E24BF99FBB4CF7BDCAA54B6D720064DC810
              SHA-256:B65EED317058DF5DDD4247EC93AC2B555AE2C29B751EE455CEEE3DD9B670ECAD
              SHA-512:C3E28465D1FB8673D4B203D3A985AF370255E1381EA8D9DB910F213EFFC4F5C3CA0214497FA783396A25C4316D5CDDE6F05A35BBF44581EF5BC4C2FCD4F8FA1B
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 40%
              Joe Sandbox View:
              • Filename: IMG_05412_868_21.docx, Detection: malicious, Browse
              Reputation:low
              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..`.....................J......^.... ........@.. ....................................@.....................................K.......,G..............8....`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...,G.......H..................@..@.reloc.......`......................@..B................@.......H........J..$,...........w...y...........................................0...........:.........(/...8....&.....(...........s....o.... .>n.(5....:6...& .>n.(5.........%.(-.....:!...&& a>n.(5...('...&8....((...8....(*...8....*.................0..........(.........(....o.... ^>n.(5...(....o.....:....&8.....8....s.....:....&..o.....o....s.....9....&8.....8.....8....s.......s....s.........o...........o......o............o...........o.....(......o............9.....o.......*.4......
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exe:Zone.Identifier
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview: [ZoneTransfer]....ZoneId=0

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.841371992370745
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
              • Win32 Executable (generic) a (10002005/4) 49.97%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              File size:343352
              MD5:cce6c363c0ff7ac663cd71c5906069a6
              SHA1:98ad5e24bf99fbb4cf7bdcaa54b6d720064dc810
              SHA256:b65eed317058df5ddd4247ec93ac2b555ae2c29b751ee455ceee3dd9b670ecad
              SHA512:c3e28465d1fb8673d4b203d3a985af370255e1381ea8d9db910f213effc4f5c3ca0214497fa783396a25c4316d5cdde6f05a35bbf44581ef5bc4c2fcd4f8fa1b
              SSDEEP:6144:FL4Qez8X+5KBrIxuNWUwJm4OdB17ZDs0s7xHAVkYifH4TWcwb8tFHQK:V4Qez+YSSjUAmdr17Zw0+geYqH41wb88
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..`.....................J......^.... ........@.. ....................................@................................

              File Icon

              Icon Hash:0378d8d6dad83047

              Static PE Info

              General

              Entrypoint:0x44f05e
              Entrypoint Section:.text
              Digitally signed:true
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x60908048 [Mon May 3 22:59:20 2021 UTC]
              TLS Callbacks:
              CLR (.Net) Version:v4.0.30319
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Authenticode Signature

              Signature Valid:false
              Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
              Signature Validation Error:The digital signature of the object did not verify
              Error Number:-2146869232
              Not Before, Not After
              • 3/13/2018 5:00:00 PM 2/18/2021 4:00:00 AM
              Subject Chain
              • CN=Discord Inc., O=Discord Inc., L=San Francisco, S=California, C=US, SERIALNUMBER=5128862, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
              Version:3
              Thumbprint MD5:831AE83D7C56E51AE513F0ED5D99DC4E
              Thumbprint SHA-1:1E6706B746A7409F4E9A39855C5DDE4155A13056
              Thumbprint SHA-256:584035E0344227FC32C92A7F3FD4D88594A26C2E953360543D613329E99122DD
              Serial:04F131322CC31D92C849FCA351D2F141

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x4f0100x4b.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x500000x472c.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x51e000x1f38.rsrc
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x4d0640x4d200False0.96637902654data7.96408240927IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              .rsrc0x500000x472c0x4800False0.0664605034722data2.1900964107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x560000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              RT_ICON0x501300x4028data
              RT_GROUP_ICON0x541580x14data
              RT_VERSION0x5416c0x40adata
              RT_MANIFEST0x545780x1b4XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Version Infos

              DescriptionData
              Translation0x0000 0x04b0
              LegalCopyrightCopyright (c) 2020 Discord Inc. All rights reserved.
              Assembly Version0.0.52.0
              InternalName44444.exe
              FileVersion0.0.52.0
              CompanyNameDiscord Inc.
              LegalTrademarks
              CommentsDiscord - https://discord.com/
              ProductNameDiscord - https://discord.com/
              ProductVersion0.0.52.0
              FileDescriptionDiscord - https://discord.com/
              OriginalFilename44444.exe

              Network Behavior

              No network behavior found

              Code Manipulations

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Start time:22:11:51
              Start date:04/05/2021
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe'
              Imagebase:0xc20000
              File size:343352 bytes
              MD5 hash:CCE6C363C0FF7AC663CD71C5906069A6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:low

              General

              Start time:22:12:48
              Start date:04/05/2021
              Path:C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              Wow64 process (32bit):false
              Commandline:C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              Imagebase:0x230000
              File size:343352 bytes
              MD5 hash:CCE6C363C0FF7AC663CD71C5906069A6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Antivirus matches:
              • Detection: 40%, ReversingLabs
              Reputation:low

              General

              Start time:22:12:49
              Start date:04/05/2021
              Path:C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46243806.32106.exe
              Imagebase:0x6e0000
              File size:343352 bytes
              MD5 hash:CCE6C363C0FF7AC663CD71C5906069A6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Yara matches:
              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmp, Author: Joe Security
              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.484888113.0000000002BB1000.00000004.00000001.sdmp, Author: Joe Security
              Reputation:low

              Disassembly

              Code Analysis

              Reset < >

                Executed Functions

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `l
                • API String ID: 0-379310572
                • Opcode ID: 654c95ea4e01fd88ca85147d52e2066db3ffc546e3983b055b299dbd9f18ba0e
                • Instruction ID: f835d7f2d3cf9b2201fcc6194dcc5a6999be11e93db9571c7bcc44eca394a084
                • Opcode Fuzzy Hash: 654c95ea4e01fd88ca85147d52e2066db3ffc546e3983b055b299dbd9f18ba0e
                • Instruction Fuzzy Hash: 24916D76F111149BC714EB69DC84A6EB3A7EFC8210F1A8125E40ADB798DF399C01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f62250055fc1aeac86be8fa0c802dbe3ddab7e99794cd464be45dc29f1113076
                • Instruction ID: 2abedeec4621a0cebd4046a1ab88b3a3b1272fedc79fbf43338a80346d0cfd63
                • Opcode Fuzzy Hash: f62250055fc1aeac86be8fa0c802dbe3ddab7e99794cd464be45dc29f1113076
                • Instruction Fuzzy Hash: 5F521635A005189FCB15CF68C984E69BBB6FF48314F1681E9E60A9B272CB35EC95CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ccc8c955d3d945a870cb018ed8976c09a6e9084ebcf13b57091bc33da66d4687
                • Instruction ID: 7f718e19b0990ca2b558b44019b6c397c2a313aa9866b075d0970977141a365b
                • Opcode Fuzzy Hash: ccc8c955d3d945a870cb018ed8976c09a6e9084ebcf13b57091bc33da66d4687
                • Instruction Fuzzy Hash: 48424B30B00249CFDB25DF68D594AAEBBF2BF88310F55846AE8469B391DB34EC45CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8cf8ecce4c207e14165724e19f90a0b2f7366caabe635935d149f959be947bd
                • Instruction ID: 06810f34c05316ab99b28bdb10b2f7774abedc77b4dbc15f611d5f66e2d8c86c
                • Opcode Fuzzy Hash: d8cf8ecce4c207e14165724e19f90a0b2f7366caabe635935d149f959be947bd
                • Instruction Fuzzy Hash: EF124B74A00249CFCB14DF68C584AAABBF2FF88310B59C49AE559DB362DB34ED45CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ad96d6cefca53e47e7886c58bc8bc8cdf2412d842710e3e353ead2f51e469f8
                • Instruction ID: 419d089cb4385c84ad42461fea06f8c7d346638983b0449f4f360eba6de37719
                • Opcode Fuzzy Hash: 2ad96d6cefca53e47e7886c58bc8bc8cdf2412d842710e3e353ead2f51e469f8
                • Instruction Fuzzy Hash: 9D028B35A04745CFCB25CF69C484AAABBF6FF88300F148569ED469B761DB38E845CB04
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7adf28a9ba75cc4bf569387ad0099dc5b8149412e0cf7a3d7207af030a16d3ab
                • Instruction ID: 15403dd2c4ffd58b5915d55e8e39fd630c3146fc502258f9438c841471dd5bc2
                • Opcode Fuzzy Hash: 7adf28a9ba75cc4bf569387ad0099dc5b8149412e0cf7a3d7207af030a16d3ab
                • Instruction Fuzzy Hash: DFB17835A24219AFDB14CF69E9456ADBBB3FBC8301F158519E406EB354EF346D418F80
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4641f604e55d863f2a013833c9ac9ce8fc8eb7eb224515e95173dd94299fd64a
                • Instruction ID: 5865bb480a622ae0e331db974cbd82d379792201ae6edbd335f0fd281aa6e5d0
                • Opcode Fuzzy Hash: 4641f604e55d863f2a013833c9ac9ce8fc8eb7eb224515e95173dd94299fd64a
                • Instruction Fuzzy Hash: AF810AB6D09259CFDF24DF64C488BACBBBABF49300F1091A9D40AA7361DB749985CF11
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6dfcec195c3c9484571f67318130abaec35297149a90b17e4120c8535b955a0a
                • Instruction ID: cd1d4a4fc58265a79bb3a478a84e1a22caeca2d7fb7f4abe48dd94ca070ac88b
                • Opcode Fuzzy Hash: 6dfcec195c3c9484571f67318130abaec35297149a90b17e4120c8535b955a0a
                • Instruction Fuzzy Hash: 8C615D72F111259BD714EB69DC90B6EB3A3EFC8610F1A8165E40ADB799DF389C01CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06a27c6a154e8a2a816fb645beb8e288e01994ed3142fe3fac0dc0a0d353b373
                • Instruction ID: 47b6d839d0c14a5fc9546ec46ad93aedcf503baa6498dfc4099dd8b427bc17bb
                • Opcode Fuzzy Hash: 06a27c6a154e8a2a816fb645beb8e288e01994ed3142fe3fac0dc0a0d353b373
                • Instruction Fuzzy Hash: 2651C5B6D09258CFDF14DFA8C548BECBBB9BF49300F1090AAD40AA7261D7789985CF15
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3497d38f2831aeee0bb2509acde53ada67fb37905514ae4ea9eb10e0d9f2c473
                • Instruction ID: 703058904010108afc63ec6779518eb871f635c2c578964642e54eb5347b953d
                • Opcode Fuzzy Hash: 3497d38f2831aeee0bb2509acde53ada67fb37905514ae4ea9eb10e0d9f2c473
                • Instruction Fuzzy Hash: D22198B6D096288BDB68DF77DD48699BBB7AFC8300F14C1EA841DA6254EB350985CF00
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0cfa6b34cd363c6092959b9709bdc8c16b4254e6716595ce85aadcb6cdf1289
                • Instruction ID: e8f7c86600f30afe7d2940e711b1d713cfbe4aa23d860f7ddfc923a6ae62eba9
                • Opcode Fuzzy Hash: f0cfa6b34cd363c6092959b9709bdc8c16b4254e6716595ce85aadcb6cdf1289
                • Instruction Fuzzy Hash: 86217876D096288BDB68DF7B8C48699BAB7AFC9300F14D1EA941DA6254EB310985CF01
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e178390586ce67a33caeb46b20ffaf77b5e22b0f5c56081a484f4511ef6bfac1
                • Instruction ID: 35fe395f140dd3fd45322dd373106bcaf92ef37194dc424717a067b91fb852da
                • Opcode Fuzzy Hash: e178390586ce67a33caeb46b20ffaf77b5e22b0f5c56081a484f4511ef6bfac1
                • Instruction Fuzzy Hash: 00633A70A4062D9BEB24DB50CC55BEEBAB2EB84700F1140E9E7096B3D4EB719E84CF55
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05FA616E
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 3a42451e409ed5cb2efd4133e38e46f304b2db28c38bea0d4dbf886cbec94db0
                • Instruction ID: a93f30c85576d019b76be19a34b420d849c1d82da67bd69bf3162cbc330ffa8a
                • Opcode Fuzzy Hash: 3a42451e409ed5cb2efd4133e38e46f304b2db28c38bea0d4dbf886cbec94db0
                • Instruction Fuzzy Hash: 43915DB2D042198FDF20CF64C8457EDBBB2BF48314F198169D819E7290EB799985CF92
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05FA616E
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 87ebbeea134bc5122677f698e97f456e9f526324bf433953a9b811dc66c91b9f
                • Instruction ID: 03eb915fb22f9b93913ec068328d3bcfc28e902db2b11c857ef016751ecee26a
                • Opcode Fuzzy Hash: 87ebbeea134bc5122677f698e97f456e9f526324bf433953a9b811dc66c91b9f
                • Instruction Fuzzy Hash: ED915DB2D042198FDF20CF64C844BEDBBB2BF48314F198169D819E7250EB789985CF92
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 05FA8421
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: BaseModuleName
                • String ID:
                • API String ID: 595626670-0
                • Opcode ID: 6febd04f4200046ea46bab46bc448f82281dbd5dbc1031bd9b3b1dbc1598bb51
                • Instruction ID: ba879baffc2b565375ccdcba226ad7be774cafc007643a6c6d8cb1c2cb023d08
                • Opcode Fuzzy Hash: 6febd04f4200046ea46bab46bc448f82281dbd5dbc1031bd9b3b1dbc1598bb51
                • Instruction Fuzzy Hash: 704134B1D043589FDB14CFA9C494B9EBBB1BF48314F148029E81AAB350C7B89845CB96
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 05FA8421
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: BaseModuleName
                • String ID:
                • API String ID: 595626670-0
                • Opcode ID: a51022b7117d83721b31db5469045ec8356c4a1dc701c7ff676efd0bd2241413
                • Instruction ID: e5d2fa03da989b45c244ccd3820c049501326d0fc19f0bc195e5655aa5ba99ed
                • Opcode Fuzzy Hash: a51022b7117d83721b31db5469045ec8356c4a1dc701c7ff676efd0bd2241413
                • Instruction Fuzzy Hash: 014146B5D043589FDB14CFA9D894BDEBBB1BF48314F148029E81AAB350C7B89845CF92
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CopyFileW.KERNELBASE(?,00000000,?), ref: 05FA51A1
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: CopyFile
                • String ID:
                • API String ID: 1304948518-0
                • Opcode ID: 6e72fb73f4dafb99d7a6780378f2410ea7374791f8e1e90f66cf16c46442465b
                • Instruction ID: e7a2ec4aa79802a59a23fa7e9e7d382abe3a8a89cc1cf199bdd72311a83f5b0b
                • Opcode Fuzzy Hash: 6e72fb73f4dafb99d7a6780378f2410ea7374791f8e1e90f66cf16c46442465b
                • Instruction Fuzzy Hash: DC314FB2D053558FDB00CFA9D8807EEBFF4AF59210F19806AD844E7251D7389944CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05FA5E20
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: cfb7c50fcdeca3aad72d5fb7c5430e387b0aacf087b50569e5a93b5d584a3663
                • Instruction ID: a7ad329eda5ce6d7404a78e628706a0abee4f68629ed3269213adaa6f5db54df
                • Opcode Fuzzy Hash: cfb7c50fcdeca3aad72d5fb7c5430e387b0aacf087b50569e5a93b5d584a3663
                • Instruction Fuzzy Hash: E12135B29003499FCF10CFA9C884BDEBBF4FF48314F54842AE919A7641DB789944CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CopyFileW.KERNELBASE(?,00000000,?), ref: 05FA51A1
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: CopyFile
                • String ID:
                • API String ID: 1304948518-0
                • Opcode ID: d55ac3103b762d745f5860338dc4505be82dfa8a1d756c1e5bb2ae5fd1cfafe7
                • Instruction ID: 9cff57f1d24748749fe5c5eac7685724a2f86c933eee041a14e165a7bd8a20fe
                • Opcode Fuzzy Hash: d55ac3103b762d745f5860338dc4505be82dfa8a1d756c1e5bb2ae5fd1cfafe7
                • Instruction Fuzzy Hash: B9212BB6D012199FDB10CF99D8847EEFBF4AF48310F15816AE818A7241D7789A44CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05FA5E20
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: b32b982712300c29f6455d15409fcacfbc8b88e252f41ba3fe76a61de1c9d2d8
                • Instruction ID: f6539b7b74860f26be2702bb096ac482c0a695ec0f42729549249b6a04591417
                • Opcode Fuzzy Hash: b32b982712300c29f6455d15409fcacfbc8b88e252f41ba3fe76a61de1c9d2d8
                • Instruction Fuzzy Hash: 5B2126B29003499FCF10CFA9D8847DEBBF5FF48314F548429E919A7241CB789944CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • SetThreadContext.KERNELBASE(?,00000000), ref: 05FA5C76
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: ContextThread
                • String ID:
                • API String ID: 1591575202-0
                • Opcode ID: 002e7764f6da14facf826d07f027d08324672079db4c69242c8d757da869197f
                • Instruction ID: 1e5717edc2f2705f3709bd315a83a116ad6f2e3e715c17ac4aa3753381ecdddd
                • Opcode Fuzzy Hash: 002e7764f6da14facf826d07f027d08324672079db4c69242c8d757da869197f
                • Instruction Fuzzy Hash: 072137B2D043088FDB10DFAAC4857EEBBF4EF48214F548429E519A7741CB78A945CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05FA63F8
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 148309feaeedbc7d61f24ec7b1431b8ff13929ad358e2a007dd30db5844c8fd1
                • Instruction ID: 24fe31d1b648da6c25f92e20b69ada619447581ce69b19ca5f80be5cf14957da
                • Opcode Fuzzy Hash: 148309feaeedbc7d61f24ec7b1431b8ff13929ad358e2a007dd30db5844c8fd1
                • Instruction Fuzzy Hash: D72136B2C003499FCF00CFAAD8806EEBBB5FF48314F548429E919A7640DB389945CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 05FA7F73
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: EnumProcesses
                • String ID:
                • API String ID: 84517404-0
                • Opcode ID: f80d668b4ccae2b4a76b9d9338636fa03ee436e456aba7a8e014d99bfa3c217d
                • Instruction ID: 5d700c7cd958d5b4992292524fde8b55e317733b83d2e17a84dde66ec6f7383f
                • Opcode Fuzzy Hash: f80d668b4ccae2b4a76b9d9338636fa03ee436e456aba7a8e014d99bfa3c217d
                • Instruction Fuzzy Hash: 172137B6D016199FCB00CF9AD881BDEFBB4FB48310F44812AE518B3740D778A941CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • SetThreadContext.KERNELBASE(?,00000000), ref: 05FA5C76
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: ContextThread
                • String ID:
                • API String ID: 1591575202-0
                • Opcode ID: 596176a81d7f592c58ab464a848125b1c93f169cc8c37db29b9627d63f43ebe7
                • Instruction ID: b7d455b5087dab8ead1bce314bb9c38330737c13ef0e1475da2688c362a84fb5
                • Opcode Fuzzy Hash: 596176a81d7f592c58ab464a848125b1c93f169cc8c37db29b9627d63f43ebe7
                • Instruction Fuzzy Hash: 942149B2D043088FDB10DFAAC4847EEBBF4EF48214F548429D519A7741CB78A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • EnumChildWindows.USER32(?,00000000,?), ref: 05FA8838
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: ChildEnumWindows
                • String ID:
                • API String ID: 3555792229-0
                • Opcode ID: bef9b70aa09c521b7e28dab419933b500aa7649e98d5868ed7de87fd60a7a66d
                • Instruction ID: d5fbe822625a47cbd9ec339cd903a5c1c9508afbe430915f29cb40bfb8e35100
                • Opcode Fuzzy Hash: bef9b70aa09c521b7e28dab419933b500aa7649e98d5868ed7de87fd60a7a66d
                • Instruction Fuzzy Hash: 282139B2D046098FDB10CF9AD844BEEBBF5EB88314F148429E415A3750DB78A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • EnumChildWindows.USER32(?,00000000,?), ref: 05FA8838
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: ChildEnumWindows
                • String ID:
                • API String ID: 3555792229-0
                • Opcode ID: e43d62314d033451050ae330f8ec657e25366ea5783146a0fac8bdcc150bc767
                • Instruction ID: 44438368e2909741ff82dd31ca51ce4016c04c96658d49cc23e375a21a60b840
                • Opcode Fuzzy Hash: e43d62314d033451050ae330f8ec657e25366ea5783146a0fac8bdcc150bc767
                • Instruction Fuzzy Hash: 742168B2D002098FCB10CFAAC844BEEFBF4EB88310F148029E415A3750CB78A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05FA63F8
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 277766fa66d885770016c08f8b53724da30bccd2c94e3a92c1f4327666f9ba20
                • Instruction ID: 968a152364ff7a5b05aa3796d07675857dd1d7a5280726bac2fe9555753a79eb
                • Opcode Fuzzy Hash: 277766fa66d885770016c08f8b53724da30bccd2c94e3a92c1f4327666f9ba20
                • Instruction Fuzzy Hash: 9E2128B1C003499FCF10DFAAD8806EEBBF5FF48314F548429E519A7650CB789945CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 05FA7F73
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: EnumProcesses
                • String ID:
                • API String ID: 84517404-0
                • Opcode ID: da3b9e1891e723557b2e0fd25020d296473a19365739dda888763ca92b18d9a7
                • Instruction ID: e9708578d9320720850eb3e68196952d972bbc56714e7f784e53ab5a1adf5764
                • Opcode Fuzzy Hash: da3b9e1891e723557b2e0fd25020d296473a19365739dda888763ca92b18d9a7
                • Instruction Fuzzy Hash: 652135B2D016199FCB00CF9AD880BDEFBB4FB48310F44812AE518B3340D778A940CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 05FA82CB
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: EnumModulesProcess
                • String ID:
                • API String ID: 1082081703-0
                • Opcode ID: 90767b1f663d5dfbdaf6bcef261c34141c90ad4b0aee6bc4696968aa0114acb3
                • Instruction ID: f40edbfbe3c93ea00486ef3169df2bfa647c7fe7eeb1ac610bf275cc20de41dd
                • Opcode Fuzzy Hash: 90767b1f663d5dfbdaf6bcef261c34141c90ad4b0aee6bc4696968aa0114acb3
                • Instruction Fuzzy Hash: B62127B6D006099FCB10CF9AD484BDEBBF4EB48320F548429E569A7340D778A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 05FA82CB
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: EnumModulesProcess
                • String ID:
                • API String ID: 1082081703-0
                • Opcode ID: e74e93c13239cfa53d969a6ccb64c9a4d5fee53f0045c349de40e92dc74c1fac
                • Instruction ID: d0e3d31e7acb7b6cec4c65888d659cacf459d6812018ed613d85b479373646b1
                • Opcode Fuzzy Hash: e74e93c13239cfa53d969a6ccb64c9a4d5fee53f0045c349de40e92dc74c1fac
                • Instruction Fuzzy Hash: E12124B2C006099FCB10CF9AD484BDEBBF4AB48320F148429E569A7340D778A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05FA5D3E
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 750c75d888474b7dfda836c25151cd4c186c6a4aee32ae9820e309a1102a112d
                • Instruction ID: fbcc215312ef5a63085f72237b63082aac72bc2d9d1b9cdf63699571e09c4bcf
                • Opcode Fuzzy Hash: 750c75d888474b7dfda836c25151cd4c186c6a4aee32ae9820e309a1102a112d
                • Instruction Fuzzy Hash: C31159769043489BCF10DFAAD8447DFBBF5AF48314F148419E515A7250CB799944CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • FindCloseChangeNotification.KERNELBASE ref: 05FA855F
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: 4d305af1a6205245b93ca494ed02702666c4e43513ff6d572753b68af5d7dc8e
                • Instruction ID: 84722ab6ea9654e2b125a503b0a3a949cfc939bcafd50cd97aa51d9cbdf5f9e4
                • Opcode Fuzzy Hash: 4d305af1a6205245b93ca494ed02702666c4e43513ff6d572753b68af5d7dc8e
                • Instruction Fuzzy Hash: 521158B6C002098FCB10CF9AD4457DEBBF4EF88324F148429D569A7340DB78A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05FA5D3E
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: aa0e1bb7dead4ed8eec2aafaf7c44946344929177d4b6c68f3f0dc98e4c8c92d
                • Instruction ID: 425713b3ea77d9c6356d118bf09aadaf2532adead747bc41597025171563df50
                • Opcode Fuzzy Hash: aa0e1bb7dead4ed8eec2aafaf7c44946344929177d4b6c68f3f0dc98e4c8c92d
                • Instruction Fuzzy Hash: A51137729042489FCF10DFAAD8447DFBBF5AF88324F148419E525A7650CB799944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • FindCloseChangeNotification.KERNELBASE ref: 05FA855F
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: 66db6a0736fad165eb049889558134ce5dedac96cf084cd41d96baf846f7adf9
                • Instruction ID: a990d07df660967ed1ab498e57079f5a04c00db9b1d1a3024c110f591b01e4f5
                • Opcode Fuzzy Hash: 66db6a0736fad165eb049889558134ce5dedac96cf084cd41d96baf846f7adf9
                • Instruction Fuzzy Hash: 341136B2C006498FCB10DF9AD4447EEBBF4EF88324F248429D569A7740DB78A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: b5f81858aba86aae3260812168c2c29ad2576630f1826499e20f9493efa3c815
                • Instruction ID: a1d88bb91bb4928e6ffc86f515b8382c9c5c9315fb6624d667904fc6060a8937
                • Opcode Fuzzy Hash: b5f81858aba86aae3260812168c2c29ad2576630f1826499e20f9493efa3c815
                • Instruction Fuzzy Hash: 95515B71E002199FDB55CFA8C885EAEBBF6FF48310B14806AE915EB251DB34D948CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 4908d237a9a3ca67719b47e9ed7fef812db4b9bcbdaf8dad726f22d569137918
                • Instruction ID: bd3a662c22494b5425ed64ba1dbd9bb85ad6290f153f3e6e373a0b00ef6d42e4
                • Opcode Fuzzy Hash: 4908d237a9a3ca67719b47e9ed7fef812db4b9bcbdaf8dad726f22d569137918
                • Instruction Fuzzy Hash: 7D218372A00119DFCB11CFA9C885EBEBBB9FF88310F04812AE915E7251D734DA45CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\vk
                • API String ID: 0-2363018996
                • Opcode ID: 8e11f9e964cbd68cff459102934c461ede3363863a72639802cccb04ec764286
                • Instruction ID: 6aa60baabe6443e1eb88c0d4e66c0b5279bea0dc91d86da87bba3e41cc8466c3
                • Opcode Fuzzy Hash: 8e11f9e964cbd68cff459102934c461ede3363863a72639802cccb04ec764286
                • Instruction Fuzzy Hash: 1F012632B046395B57249B25A94093FB7E6BFC9AA4785061EDC0AEB750DF68EC0487E0
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID: "
                • API String ID: 0-123907689
                • Opcode ID: b9471b1f5c3442b81b1c9965e94686ffefd769f49385bbab2febf1bc2ae24cd8
                • Instruction ID: d6cd10249919d8b94f6e58ee0d03e731d82adc760ed53c037972961ab96c91ea
                • Opcode Fuzzy Hash: b9471b1f5c3442b81b1c9965e94686ffefd769f49385bbab2febf1bc2ae24cd8
                • Instruction Fuzzy Hash: 2001DF72A0010D9BCB20DE69DC40AAFBBFAFF84214F40852AD5449B344E734AA0987A1
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID: $
                • API String ID: 0-3993045852
                • Opcode ID: 4784e40892bcd064d72810bd8cf64e00f23fc46c5c8fbcf28b24f84ff27df399
                • Instruction ID: c2441ffc2865b6c2ae6189aefe4a2b6dc05067f1065c7e7d83273b3e896f9bed
                • Opcode Fuzzy Hash: 4784e40892bcd064d72810bd8cf64e00f23fc46c5c8fbcf28b24f84ff27df399
                • Instruction Fuzzy Hash: F801FD71B0020E9BCB20DF65DC449AFBBFAFF80214F00892AD5449B244E770AE088BA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22b3ac8c04dce1f04f7f8231f4c1051f676bfcbacccd56145cc11914e0458a9e
                • Instruction ID: 2fe2491c0c8b40a10eb6f9c6f953aae10ab9ff0f067ebb7682727d36363c17ad
                • Opcode Fuzzy Hash: 22b3ac8c04dce1f04f7f8231f4c1051f676bfcbacccd56145cc11914e0458a9e
                • Instruction Fuzzy Hash: B8424D75A04649AFCB14DF68C484EAEBBF2FF48310F15855AE8059B3A1DB34ED45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e1f611c09b699116d68c63237c1786cc84536992659544634168f9c36d683a7
                • Instruction ID: 3e20674e42839d1e0d3e9d483acc9ad89a25c844ddc0d768fb555f51066e46c6
                • Opcode Fuzzy Hash: 1e1f611c09b699116d68c63237c1786cc84536992659544634168f9c36d683a7
                • Instruction Fuzzy Hash: 1C421635A00609DFC725DF68C58896ABBF6FF48310B15896AE94A8B761DB34FC41CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b1da9e7b0e77c70dbb33fc6538f9e7e99ab7990aef6c03f14a7b5127a067ea78
                • Instruction ID: 1467bc97efbbdcc627140b54a9ebdc4db39333e10344579a4336f8e59ce479e0
                • Opcode Fuzzy Hash: b1da9e7b0e77c70dbb33fc6538f9e7e99ab7990aef6c03f14a7b5127a067ea78
                • Instruction Fuzzy Hash: 91B17D30604340CFD720CF24C588B65BBEABF40355F4988A9DE4A8F6A6D779E889CF54
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d15f1ccf764d667fbc58ed6ba30ff2447d401db3a789f8cafc194aa35a850b28
                • Instruction ID: 64453c0dccd2adf9794fd873f6cbe6eee571a3ab01d29c893eb089434dda6210
                • Opcode Fuzzy Hash: d15f1ccf764d667fbc58ed6ba30ff2447d401db3a789f8cafc194aa35a850b28
                • Instruction Fuzzy Hash: 57A12935A15209DFCB05CF68C684D6ABBB6FF49310B5AC496E806CB362C775EC41CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5c45d67ae61954627616153c3fb1c704fdf7d9e97ca10f15966d7dbf0e21f27
                • Instruction ID: 30b056c3ade610f8a09b2c7f061f0869d546b998e4149b3e2aec19c210084960
                • Opcode Fuzzy Hash: f5c45d67ae61954627616153c3fb1c704fdf7d9e97ca10f15966d7dbf0e21f27
                • Instruction Fuzzy Hash: CE919A35A1070DDFDB10DF68E88AA9EBBF7FF89314F14812AE80597254DB789815CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5935b626af6398f7035d7928fa498e081a45a54e31ba166599af5b521444d07a
                • Instruction ID: e2ff70ceb843817c7824a1b6f296fddd58607b9b8228e6e01d8e946106ae398a
                • Opcode Fuzzy Hash: 5935b626af6398f7035d7928fa498e081a45a54e31ba166599af5b521444d07a
                • Instruction Fuzzy Hash: 62717035B00108AFDB54DFA9D885A6EBBF2FB88710F54802AE50AE7344EF349C41CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6705e1993d6b4ab8b6d6e84bd917594f628386396118ed660d1918c292622e5d
                • Instruction ID: 3ee75314c3337d9aae8d0939116aaa8920557c50d74ad58d59d3b43c3e581988
                • Opcode Fuzzy Hash: 6705e1993d6b4ab8b6d6e84bd917594f628386396118ed660d1918c292622e5d
                • Instruction Fuzzy Hash: 7C616E30B002099FCB14DF69D599AAE7BF2EF89314F14846AE406EB3A5DB75DC41CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb097beb1249c66f83006874b2a51a004e14c77180260f239953c3f467464b90
                • Instruction ID: 4324e5b765da1bb64a547be40def12b8988d3c22e1a63621982b2c316b2460b8
                • Opcode Fuzzy Hash: eb097beb1249c66f83006874b2a51a004e14c77180260f239953c3f467464b90
                • Instruction Fuzzy Hash: 89516D75B002099FDB15DFA9D884AAEBBF3FF89310F24842AE50A97355DB34AC41CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24893d171d17246bf45cdacbb028cfa9c0941501977d83e331e6c302f2cf83cd
                • Instruction ID: 627cfe09b9b64055b88ba63ba3c07c4d645155383248e280fb48573594ac6a4e
                • Opcode Fuzzy Hash: 24893d171d17246bf45cdacbb028cfa9c0941501977d83e331e6c302f2cf83cd
                • Instruction Fuzzy Hash: 9B41F3317042148FCB14EB79D89592E37EAEFC5A2975540ABE60ACB3B1DF24DC02C7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1d4c28655717f537f2d24b27b3afe9710a25d61fa54f431d24382401d96bea1
                • Instruction ID: cb5742af5eeb686785b8cdca467eeae5536ff7ea1fc8b0aeaf35e4d098a3acf1
                • Opcode Fuzzy Hash: a1d4c28655717f537f2d24b27b3afe9710a25d61fa54f431d24382401d96bea1
                • Instruction Fuzzy Hash: 78516D31A042599FCB11CF68C944EAABBF2FF45320F158156E8A5DB3A5C7B4EA40CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39bed950128ae2c3df47fde99690f5f0fba11730eae9bcc1bb8d880754fc8448
                • Instruction ID: d2bbe53c1a2fc60d205174fea9d30351494aff4e0d0bcd533af9fdb42fc93330
                • Opcode Fuzzy Hash: 39bed950128ae2c3df47fde99690f5f0fba11730eae9bcc1bb8d880754fc8448
                • Instruction Fuzzy Hash: DF510275E006589FDB15CFA9C884A9DFFF2BF48300F04856AE94AAB761D734E981CB44
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4592ad98400806a997bbe8fe7b1a47407f05a5b2d4ae6f0d240d09b9645e8aef
                • Instruction ID: 275969b4ee106bd9d2aeda1911b2472ff3191f0e54efe5786127540ce855032f
                • Opcode Fuzzy Hash: 4592ad98400806a997bbe8fe7b1a47407f05a5b2d4ae6f0d240d09b9645e8aef
                • Instruction Fuzzy Hash: AA5181B5A00605DFC704DF28C48495DBBF2FF99314B2589A9D549DB362DB30ED45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d946a1bccd2c102936b7dcdd3839d04ceeebd4bfd149080fef1dbbb4a2ce728a
                • Instruction ID: b8d4b264ed03bb583336d3f19fc05419270147926075ee50f9b42f1a4bdd3635
                • Opcode Fuzzy Hash: d946a1bccd2c102936b7dcdd3839d04ceeebd4bfd149080fef1dbbb4a2ce728a
                • Instruction Fuzzy Hash: B9418076A042599FCF12DFA4E8408FFBBBAEB89211B148067F915C3211DB35D925DBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95478adad269ce1befabf5c172a8237f5eaf6445cb3aeb08d606c7d24f021ae4
                • Instruction ID: f28fee9f453f8a725a8e64ce23ff17b9a9268d00eeb11e39418e95b70dd9715d
                • Opcode Fuzzy Hash: 95478adad269ce1befabf5c172a8237f5eaf6445cb3aeb08d606c7d24f021ae4
                • Instruction Fuzzy Hash: F44126317046088FC719CF69D488E2AB7EAFF8A210B1545AAE54ACB772DB34EC41CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95ee8fac5672e7b99387adedce662c185ef65fd32f9155d324bcab4899aa0e84
                • Instruction ID: 322fde0ee5f1c9cbbd4e5917f5ce204e4f2e8871763b50c8f69c2a4559239b4f
                • Opcode Fuzzy Hash: 95ee8fac5672e7b99387adedce662c185ef65fd32f9155d324bcab4899aa0e84
                • Instruction Fuzzy Hash: CD417E35A105189FCB05DF58D489EAABBB6FF88311B05816AE809C7351CB34ED11CBE5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a44dc56a0ce7b6474862920ad341b5976276e65e39f3172625232514bce7f3cd
                • Instruction ID: e6c1c196a356790107d52ef83e9c20c3d5ce71df224290738aecfaf4a5852d7c
                • Opcode Fuzzy Hash: a44dc56a0ce7b6474862920ad341b5976276e65e39f3172625232514bce7f3cd
                • Instruction Fuzzy Hash: 1E314875B012198FCB19DF68D8849AFB7B6FF89210B1504AAD815A7351EB38ED41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e4beb4d9bbdfd3b2fc310db706281ecd3785df5ca1dfcd1974f46bf9a1e5bcf
                • Instruction ID: 496e1cb558e66308f607984b483289a218a65c9646dc45ae6835904dfc3cf2b3
                • Opcode Fuzzy Hash: 4e4beb4d9bbdfd3b2fc310db706281ecd3785df5ca1dfcd1974f46bf9a1e5bcf
                • Instruction Fuzzy Hash: 43310634B201099BCB14DBA8DC567AF76F7EB98B10F50402AE506EB784DE349C428BD5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7aef6ce31b91b8b040b28afe071e73667b3b63f41e6ec71c0470fd30c9c9e6fa
                • Instruction ID: 7cd048990115d2d2ec9c46489ae8d16bd87105b8f0b87f16c5f758dc767f77c4
                • Opcode Fuzzy Hash: 7aef6ce31b91b8b040b28afe071e73667b3b63f41e6ec71c0470fd30c9c9e6fa
                • Instruction Fuzzy Hash: 73319071B102198FCB08EF79D89A57EBFB6FF88210B10452AD506C7394EF389D018B91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 688cbe57937fe10f182cbac376d23437dce6eb6ddea2136e2e18b039bce8ac5d
                • Instruction ID: ba590bba645eb85da952556f7447b046242b18b7104e000636a17ab5c2faf9b2
                • Opcode Fuzzy Hash: 688cbe57937fe10f182cbac376d23437dce6eb6ddea2136e2e18b039bce8ac5d
                • Instruction Fuzzy Hash: 9D31C430B201099BCB14EBA9D8557AF76F7EBD8B14F10402AE506AB788DE389C418BD5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 038f78ecc4b804871f2fa7949518177a7ad8028838401134ff356287d5658a6f
                • Instruction ID: 927df41d3a94e1c8c2c0eb4dfe5b7b0a884936c64c735f91a91447d9766892fd
                • Opcode Fuzzy Hash: 038f78ecc4b804871f2fa7949518177a7ad8028838401134ff356287d5658a6f
                • Instruction Fuzzy Hash: 7231F870F182598FCB05EBB8D46456E7BF2AF86215B5100ABD24ADB391DF389C06CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16b98ae17256ff1d91d4934a5c631530dca4f302b0baebb703910e078517aa53
                • Instruction ID: ed2ecb35f7ec17ce83067cadc7ff6b5b84677f1789674e96cc7c61ae7a108e09
                • Opcode Fuzzy Hash: 16b98ae17256ff1d91d4934a5c631530dca4f302b0baebb703910e078517aa53
                • Instruction Fuzzy Hash: 3B31AE326043448FC716CB29C948A56BBF6FF45320F0A80AAE485DB762EB38ED44CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8903230133d619f4b2663c56189e813c6aab09a4b632c58ba3f3fda89892f313
                • Instruction ID: 7e1671314c0d0c575640a9b56ccc52edacc914e44227bf74187ff99946f3e3a2
                • Opcode Fuzzy Hash: 8903230133d619f4b2663c56189e813c6aab09a4b632c58ba3f3fda89892f313
                • Instruction Fuzzy Hash: FB21D171B002198FCB04EF65D89697EBFB2BF88200B10456BD80AC73A1EB349D01CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.341394538.000000000121D000.00000040.00000001.sdmp, Offset: 0121D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0cd6a2992b1fe1aff14dfda27ca984420290ea23257db58e576c7a003170666
                • Instruction ID: 7c766e195948b5f2eac57a31bd1c6ec249669b0655394cefe14a8835c2b6f9ba
                • Opcode Fuzzy Hash: f0cd6a2992b1fe1aff14dfda27ca984420290ea23257db58e576c7a003170666
                • Instruction Fuzzy Hash: 54216AB1514284EFDB01DF94E8C4B27BFA5FB98314F24C569E9090B24BC336D846CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.341394538.000000000121D000.00000040.00000001.sdmp, Offset: 0121D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 505febdbcae10293226a06696b86fc5411beb03b840b34bfaf78f6a2caa51cf0
                • Instruction ID: d6b4ed4b1daade0e5edbcc58c20ec2d3a524b115e166360b2730087200573ccc
                • Opcode Fuzzy Hash: 505febdbcae10293226a06696b86fc5411beb03b840b34bfaf78f6a2caa51cf0
                • Instruction Fuzzy Hash: 4B216D71514288DFDB05DF94E8C4B16BFA5FB94314F24C968D9090B24BC736D846C7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.341417191.000000000122D000.00000040.00000001.sdmp, Offset: 0122D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc51b49aeb03bc33d0a046f348d4236098f48536ab8ad8b3387f6ce8c007c26c
                • Instruction ID: 4d3aff9a58c3bd39a72d55fc5af64d7bf7b2f50b2ec75f1bf6fb6b57c87d3826
                • Opcode Fuzzy Hash: fc51b49aeb03bc33d0a046f348d4236098f48536ab8ad8b3387f6ce8c007c26c
                • Instruction Fuzzy Hash: 0221ADB1514248EFEB00DF58D9C0B2EBBA5FB84314F30C52DE9094B741C37AD806C661
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed0b8c7183720a8a484c61463ce660790bf9dcaa91f28abcfe2da91d77c56e4b
                • Instruction ID: 85818b068aec678db9966528b1ce0ca82875b46aaaeda3d8dd36296472ebadc3
                • Opcode Fuzzy Hash: ed0b8c7183720a8a484c61463ce660790bf9dcaa91f28abcfe2da91d77c56e4b
                • Instruction Fuzzy Hash: D0217A71E0161ADFCB14CFA8C684D6EBBF2FF88210B1581A9D949AB321D731ED41CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ffdf3befa1f8fa28f03f9580d7d9e59c19f2102b054a765372528c1ffdadc427
                • Instruction ID: 4b7a3278c2e7d307b47763d93ae588155bc97f8a58f56e1ed6118362a77e9f7c
                • Opcode Fuzzy Hash: ffdf3befa1f8fa28f03f9580d7d9e59c19f2102b054a765372528c1ffdadc427
                • Instruction Fuzzy Hash: F4215B75E0061ADFCB14CF68D685E6EBBF6FF88610B158169D849AB311D730EC41CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc7c16b9576b42c15714f28b474130ec2c54ed6b6e2e57e3798f85794df77973
                • Instruction ID: e289f9380820babdaf9284deddc93d0d976cd689fa9db03de7fd367ecff6ee1f
                • Opcode Fuzzy Hash: fc7c16b9576b42c15714f28b474130ec2c54ed6b6e2e57e3798f85794df77973
                • Instruction Fuzzy Hash: 1F01F52310D7D01FD3128239ACA27D27FE9CF161A9F0D44BBD586C66C2E519C4098375
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 607b7264525c63b426f4b96b850f4424036a1fd808af45f9d1971451e2f9c547
                • Instruction ID: c62a304889ddfe1e025271cdfaee8f0cfd6ea80128735ea2c48509b813c4e421
                • Opcode Fuzzy Hash: 607b7264525c63b426f4b96b850f4424036a1fd808af45f9d1971451e2f9c547
                • Instruction Fuzzy Hash: D811C631B0811E9B8624D669D89087EB2D7AFC9910791872FD709CB354FF659C0583D1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6542dadd3183edd15d273b6ddd4045b56b6c07cc566c682c6b0b9e9287e22c03
                • Instruction ID: c663c7b7985210f5617befb0c59f41b2813ae6c6daa7cdba9921c49be67a6177
                • Opcode Fuzzy Hash: 6542dadd3183edd15d273b6ddd4045b56b6c07cc566c682c6b0b9e9287e22c03
                • Instruction Fuzzy Hash: FB112532B0811E9BC710DA65D89487EB3A7FF86910B918A2BD705CB350FF659C0583D1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0ffaa11d913159ad9ba695b585d4e34222a43f5eeed87ef07d9c518d2307f86
                • Instruction ID: 121d38ecaeb22574295c7702a65ff7252ffd81f3cfb4ce250bf4d60d819fa8a8
                • Opcode Fuzzy Hash: c0ffaa11d913159ad9ba695b585d4e34222a43f5eeed87ef07d9c518d2307f86
                • Instruction Fuzzy Hash: A7118631704204AFCB24DF59D584E6AB7EAEBC5324B56C46AD419C7312CB74FC42C794
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 878ff67147c1b57ad00df9da73f391ce2f711c9159f737a780cbc7932f466e7d
                • Instruction ID: 6b5f98515b42ab9eca4d5f9a9d9975b7cf46e842d9228e4dbe9c3072ea5153a2
                • Opcode Fuzzy Hash: 878ff67147c1b57ad00df9da73f391ce2f711c9159f737a780cbc7932f466e7d
                • Instruction Fuzzy Hash: C3116A79A00209CFCB20CF68C649BA9FBE6FF04214F44842AD519CB651EB38E945CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a85e54d4d6f5027d9b210eead6c50b8b70defb6206bda18fbf8ef4589265a2b
                • Instruction ID: 3aaa48f6ca2112f16ae9fb2cf770c662e4059ff2ca0bbd52a85997fde602f561
                • Opcode Fuzzy Hash: 3a85e54d4d6f5027d9b210eead6c50b8b70defb6206bda18fbf8ef4589265a2b
                • Instruction Fuzzy Hash: B411263171820E8FCB149B34C56973A7EEAAF8A244F4501A7C94ACB381EE38CC42C791
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.341394538.000000000121D000.00000040.00000001.sdmp, Offset: 0121D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 475f330473868ad3c29f7e884537fa5e2c046c0b54d26c118bd7d839c6bfe152
                • Instruction ID: fd6434b38d1592c56a4646a60e34fd38c9a409786f0bfaeef544e8365e58f85e
                • Opcode Fuzzy Hash: 475f330473868ad3c29f7e884537fa5e2c046c0b54d26c118bd7d839c6bfe152
                • Instruction Fuzzy Hash: BF11D676404284DFCB06CF54D5C4B16BFB1FB94320F24C6A9D9494B65BC336D456CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.341394538.000000000121D000.00000040.00000001.sdmp, Offset: 0121D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 475f330473868ad3c29f7e884537fa5e2c046c0b54d26c118bd7d839c6bfe152
                • Instruction ID: 42fa9ed6d7c34a4e456879f151ed0c7f3584a2645af4f0bd43ef9b6a01df27e1
                • Opcode Fuzzy Hash: 475f330473868ad3c29f7e884537fa5e2c046c0b54d26c118bd7d839c6bfe152
                • Instruction Fuzzy Hash: 4B11D376404284DFCB12CF54E9C4B16BFB1FB94320F28C6A9D9080B65BC336D45ACBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e7835c2788f4927cc3a1bf8f8cbc64f8055bf10ed8808877045c74f83b1b30d
                • Instruction ID: caacbc411b52a6395eddfd5c51c187e87fc32114dea2626fe8edf7f37a2b31e5
                • Opcode Fuzzy Hash: 4e7835c2788f4927cc3a1bf8f8cbc64f8055bf10ed8808877045c74f83b1b30d
                • Instruction Fuzzy Hash: A011A335A1021ADFCF01DB68D8489AEFFF6FB88311B10816BE909D7350DB349906CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67361247fd892912c09009ef6c0a85f1fd3f4842f1b865fa84625eba683438af
                • Instruction ID: afd34da5f90596442d2c68a750bf837b72483f542121848f0d27f1e93045235d
                • Opcode Fuzzy Hash: 67361247fd892912c09009ef6c0a85f1fd3f4842f1b865fa84625eba683438af
                • Instruction Fuzzy Hash: DA116335610249DFC700DF28D844A5EBBB5FF49324F148599E949DB361DB31ED02CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.341417191.000000000122D000.00000040.00000001.sdmp, Offset: 0122D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a54356f99bdde4e283a41f86d789e6be56e42bfa8aab84f124462296d4a66933
                • Instruction ID: 1423a05434cdceb09773ad079dd44784bdfe2a970cadfd52f7d196bee3743235
                • Opcode Fuzzy Hash: a54356f99bdde4e283a41f86d789e6be56e42bfa8aab84f124462296d4a66933
                • Instruction Fuzzy Hash: 3A11E375504284DFDB12DF14D6C4719FB71FB84324F34C6AAD9484BA42C339D40ACBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 638441229fa75a788b0ed2f776de750615f30c08c3745bb234218b4e91a9dc61
                • Instruction ID: 1fe7f85d541e1b96d1debcfcf9ea57998d158bae210816c40a0acb73b6761b93
                • Opcode Fuzzy Hash: 638441229fa75a788b0ed2f776de750615f30c08c3745bb234218b4e91a9dc61
                • Instruction Fuzzy Hash: 39118C70A1020DDBDB14DF98D5557AEBBF6EB48320F10002AD802A7344DB799E45CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5270b6ec389d8199c4e5bbb314c7b746c15a82ab8f9e72bc867adf33f4049310
                • Instruction ID: 9265deee88ae59aa431248fb8e2cf157de15a90bdeb13bdfa2c030f8c879b213
                • Opcode Fuzzy Hash: 5270b6ec389d8199c4e5bbb314c7b746c15a82ab8f9e72bc867adf33f4049310
                • Instruction Fuzzy Hash: BA114F35610209DFC704DF68D884D5EBBF6FF89324B158559E9098B361DB71ED02CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e17cbd0321282187e3b18c6645531772800bba449855ddd0379ed94c66d9bcf3
                • Instruction ID: 0bbbcafbb264dbcc3fde0d0ed907a7af47b0673a1a2108bc88d24fdb9965125b
                • Opcode Fuzzy Hash: e17cbd0321282187e3b18c6645531772800bba449855ddd0379ed94c66d9bcf3
                • Instruction Fuzzy Hash: 2EF09636B040185BCB149D6ED899ABAB7EAEBC9565B148077E609C7310EA69CD0247D0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c115235dcf750bfbfa27f717b4ab9faa5a6164bc69dbe4d5f26440452554e8d6
                • Instruction ID: e2f6903708f5be143909b7b10e6d9b80b0b3c07cc33810d6c134fdf946fbeb14
                • Opcode Fuzzy Hash: c115235dcf750bfbfa27f717b4ab9faa5a6164bc69dbe4d5f26440452554e8d6
                • Instruction Fuzzy Hash: 79018C33304A089FC714CA5DD885D2AB7FAFF8A220718066AF15AC37A0EB21EC41CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 12be802f33c83fc67dd1ea01af3d140e3220d031fc5c626f217a73e924ce88f7
                • Instruction ID: b24adebd612dce92c4bb8c601aa8f4490420dec114210ac77324fd0ea2a4e9d8
                • Opcode Fuzzy Hash: 12be802f33c83fc67dd1ea01af3d140e3220d031fc5c626f217a73e924ce88f7
                • Instruction Fuzzy Hash: D1F09032B182298F8F08CBACB4549AA77E9FB8417571400ABE10EC6240EE36D941C790
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c274be555f2b9df5e6c4f6a63dd6eed9906bc282110bb3c814683fd36cff43d2
                • Instruction ID: 154a2d8d4c30ae9dbc8b3446fc6b8861fd6137c78051ff57c9660bebced1df3f
                • Opcode Fuzzy Hash: c274be555f2b9df5e6c4f6a63dd6eed9906bc282110bb3c814683fd36cff43d2
                • Instruction Fuzzy Hash: E0F090323002185BC218EA38E895A1EB7F6FB89260780057AD549CB750EF21EC028BD5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6aa498bf669abcb3a9e58d9c1d8beda4ab94a4d017897fb4fd66edf928a25b92
                • Instruction ID: ed63ec143452a0481df92f09a17c0a17bdb69b1319b6faf782949947ba1abb28
                • Opcode Fuzzy Hash: 6aa498bf669abcb3a9e58d9c1d8beda4ab94a4d017897fb4fd66edf928a25b92
                • Instruction Fuzzy Hash: DAF082323002145B8318EB78E89481EB7F6FF8D1603800979D54ECB750EF21EC01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bddf09c7866cb45e7e3b490db2c256a0068c5fc6664163c43b00397ec28cecf
                • Instruction ID: 94c42129f7e2b7db48611e05e78dbf6a4902766a5ca2e581410277b31accd8f8
                • Opcode Fuzzy Hash: 2bddf09c7866cb45e7e3b490db2c256a0068c5fc6664163c43b00397ec28cecf
                • Instruction Fuzzy Hash: 43F08C7261D3A90FC302A724EC6141A3FB5AE5B16034B45D7C1C8CF3A3EA149C0983E7
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 710395e775ff73ac6e939bf1dd535b7a19ca25a9cfa0b68a0f5e6defbe76fc63
                • Instruction ID: 4e40a229af6e688593a0168593164ad645ddfec37bc1d7d336e535951a6a9c79
                • Opcode Fuzzy Hash: 710395e775ff73ac6e939bf1dd535b7a19ca25a9cfa0b68a0f5e6defbe76fc63
                • Instruction Fuzzy Hash: 01E012327040186B8B149D5ED898D7FBBDFABCE665714807BF609CB364ED69CC0297A0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88a20778e5d7c089cfd1606ab838889f9ceb3690c1ef24f8e22b9f7fb16565f6
                • Instruction ID: 7bb49cfaf83c638df7cde18961f943e091ed1888cf22beccefa22f79eb548ff8
                • Opcode Fuzzy Hash: 88a20778e5d7c089cfd1606ab838889f9ceb3690c1ef24f8e22b9f7fb16565f6
                • Instruction Fuzzy Hash: B7F027B21082888BC301EB34D86256F7F21EBA2A51390C98BD187CB6E5EF249947C791
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f17bba0ff5bbd43b8578f9c2590ecf3d0612a7dc6b8d67354186df47699abe11
                • Instruction ID: b7cf444f5e37d5171cd58651908d59000c5614e587789e058e932ce454600817
                • Opcode Fuzzy Hash: f17bba0ff5bbd43b8578f9c2590ecf3d0612a7dc6b8d67354186df47699abe11
                • Instruction Fuzzy Hash: E8E0D87630411E8BCB14DF14D946B667FEDFF09241B4541A3D809C7381EA29D941CBD1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2419541991bb2b27f3ea7a257e180a18c62c503423d49e838938a75ebedc1e4
                • Instruction ID: 06e62eb128856aa73a73a7393c6eb93a8a2f5eae0bd7df71e5fc4e09d68809de
                • Opcode Fuzzy Hash: e2419541991bb2b27f3ea7a257e180a18c62c503423d49e838938a75ebedc1e4
                • Instruction Fuzzy Hash: E3E0C237F040288BEA385625F8567BD73A3EFC4129F99412BCC09EB758DF699C064391
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d0ab0a82c2ab1901774ef8e6ae14a2d5cd26d431e17f793702008ea404eea83
                • Instruction ID: 352fea235cccb703d1c4a395bd06ee23f517ed9b4b7e03db62da2755ca7e6200
                • Opcode Fuzzy Hash: 7d0ab0a82c2ab1901774ef8e6ae14a2d5cd26d431e17f793702008ea404eea83
                • Instruction Fuzzy Hash: ABE080757149560BDF11555DB8846BA9F9697C8225F14413FED09C7341ED7448014340
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e938e54a020357e1626c42388ca1eb4c4adc69687adc64f90110a2da19bc3aec
                • Instruction ID: eecb01777b2ac5586f7fd3dff7eca86689d90bfc4c83866b6031173020725f9f
                • Opcode Fuzzy Hash: e938e54a020357e1626c42388ca1eb4c4adc69687adc64f90110a2da19bc3aec
                • Instruction Fuzzy Hash: 21D05E32714A181B1F14156E68C883BBA9FEBCC635314413BFD09C3300DEB18C024290
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 658d3a16c20df2ee71927b02ba7206b5f8b9438b846f19d9ab3e41c4442676b3
                • Instruction ID: 7f987ebd61d33a548266d6671a53df92aa61eda31dcf3f27d55b2119856d0246
                • Opcode Fuzzy Hash: 658d3a16c20df2ee71927b02ba7206b5f8b9438b846f19d9ab3e41c4442676b3
                • Instruction Fuzzy Hash: FCE0C27135013D4B4104F754E85081D77A6BF8C1203820ADAC58D9B361DF60AC0147D6
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3217a6b6768663add8bedbb133f13f038db82f4478b0de4851775bc3b9d118b5
                • Instruction ID: 0ff914d67432ed6cd8b103373724bf0c26f49fca3fe0dbaccb0e71ff4bb3da27
                • Opcode Fuzzy Hash: 3217a6b6768663add8bedbb133f13f038db82f4478b0de4851775bc3b9d118b5
                • Instruction Fuzzy Hash: 9EE08C72C0920CAFC701DFA4CC165A97FB8EA0210171100EBEA05C7390F9314B108782
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c5e7f423a81e06b8a6530823bb2c28d9291c66b55b4037e3290cbabf1a071d8
                • Instruction ID: 2afb86381cd9d7cc784ab8532296b7dea5f64fd005207b2288709a842dfa3da4
                • Opcode Fuzzy Hash: 5c5e7f423a81e06b8a6530823bb2c28d9291c66b55b4037e3290cbabf1a071d8
                • Instruction Fuzzy Hash: DCD05E72514011AFD600CA98DA56F6AB7E6EBC8A10F14C80FF84093310C663DC07C773
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb673e14966e8192931055e10350360d52c12c34ebee087123fa85adaf0282a7
                • Instruction ID: 4e8098c04eae2d0f6ff350bc39dfc5f58353e35d0fe1f80058ed61fa1a948bce
                • Opcode Fuzzy Hash: cb673e14966e8192931055e10350360d52c12c34ebee087123fa85adaf0282a7
                • Instruction Fuzzy Hash: 23C0123294252857C60030EDB847799B74CEB49522F588453E42CC2304E505984309CA
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3dbfbb7c933a23011de2f99bb6cde35ddccf781d15c206a5aad1e47f7e4824c
                • Instruction ID: db3ec939e6af0e9d844100304918d671639b2607b0dcf3e50730b51dc129c2ba
                • Opcode Fuzzy Hash: d3dbfbb7c933a23011de2f99bb6cde35ddccf781d15c206a5aad1e47f7e4824c
                • Instruction Fuzzy Hash: 33D0A9323000188FCB01CBECD4A11FEBBB6EF8821576000AAD34ACB321EF21AC15CB40
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 745fbb865e10db83e1becaf2d7f93d0b32c99fe405c8cf742cea44fb2575f414
                • Instruction ID: 3e61795392ad6f17c7897dcccc5411d7e2d6ac27c1e9d306d9de68924d4a9b6f
                • Opcode Fuzzy Hash: 745fbb865e10db83e1becaf2d7f93d0b32c99fe405c8cf742cea44fb2575f414
                • Instruction Fuzzy Hash: 8CD0C935F000188F8B84DBADE45149C7BB5EF88216B6000ABE219C7220EB3098198B40
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 05fd6b20982689d0844a11ccf7e89f4c9466acafd8787518f00bcfe2219a2f38
                • Instruction ID: cea734fd6a9de7be269bd74da9897afd8ea3034157687ccd24052bb98973c3c6
                • Opcode Fuzzy Hash: 05fd6b20982689d0844a11ccf7e89f4c9466acafd8787518f00bcfe2219a2f38
                • Instruction Fuzzy Hash: 49D0C972D0520CEF8B50EFA4D94559EBBFDEB05204B1141ABE909D3390FE315B109B91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afa82cf2e7411c143964086eca882e137646efef340f175634307b1db6f357b7
                • Instruction ID: 8542e7f71b2e1b6b4214decbe476e243546c7b356508572c180a51d73229c97c
                • Opcode Fuzzy Hash: afa82cf2e7411c143964086eca882e137646efef340f175634307b1db6f357b7
                • Instruction Fuzzy Hash: EBD05B7520C2419FC301CF98F910856BBA19F95600F14CC9EE940D3255C622DC06C722
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 421b04ec8d8b346f0de8de07fa350e2830539ea4545876e1cd5ba3175f5bb0f0
                • Instruction ID: a7c97e1e720c34f557258264c2e23ee3dc775db90d250c2b4d7ab210667d976d
                • Opcode Fuzzy Hash: 421b04ec8d8b346f0de8de07fa350e2830539ea4545876e1cd5ba3175f5bb0f0
                • Instruction Fuzzy Hash: 06D01236710018CF8A84DB99D45049873B5FF84515B6104EBE219C7260DB309C148741
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19043670a9d734ab0ae96088e2c2dd8d1b6d559efa2ae90ccd0ace2f34b01cfc
                • Instruction ID: bf5b90dbe7253d5a09c4abe3bc7582db3820ea76f83ca59186d7736191b10539
                • Opcode Fuzzy Hash: 19043670a9d734ab0ae96088e2c2dd8d1b6d559efa2ae90ccd0ace2f34b01cfc
                • Instruction Fuzzy Hash: DAD01235740018CF8B44DB99D4504A833B5DF84225B5100E7E20ACB630DB309C55C791
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c690bdbbd3d4f03b80dd71e12ff98c8b722382ebd0803fb0a9bf185cee3ff92
                • Instruction ID: 0ec2058d8c48bd5d6fae56b2e1f03de12fa0287d8db8880c6d166bd29c0e7f03
                • Opcode Fuzzy Hash: 8c690bdbbd3d4f03b80dd71e12ff98c8b722382ebd0803fb0a9bf185cee3ff92
                • Instruction Fuzzy Hash: EEC08C3225878A0BC7421228B8492556F404F031A270440B7AE0086283F51888099202
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 36100742dd9b13de664784b4fe011721d7ded06847e6b6a5c8396915a4d2325f
                • Instruction ID: c6f87b992879ee66587cb863e9637e0ad7b81d664a739367c349b17df9edd324
                • Opcode Fuzzy Hash: 36100742dd9b13de664784b4fe011721d7ded06847e6b6a5c8396915a4d2325f
                • Instruction Fuzzy Hash: ACC08CB3A2750CCBCB00CA40B84F3983335EF0520BF41424BFC0E11640EB392828D641
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4399bd46ef2385d36b555dbd5291f450cdc63b87461107cf2a0aaae2afa27064
                • Instruction ID: 42b23208d4a44bb6bb9cbf7ebac10251487b3f673f72156aa81ea13cbf6f9470
                • Opcode Fuzzy Hash: 4399bd46ef2385d36b555dbd5291f450cdc63b87461107cf2a0aaae2afa27064
                • Instruction Fuzzy Hash: E9C09270601344CFCB16CF21C1588107B72AF4230535940E8E0098B522CB32DC82CB00
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID: (l$(l$(l$D!l$D!l$D!l$D!l$\l$\l$\l$t%l$t%l
                • API String ID: 0-2030515362
                • Opcode ID: 5fd2968cf17265ece5c704aef31620674a01774e0d9ef0bc6f021e326c6e7c3c
                • Instruction ID: d62a6114c591ffcb8d3da96b6c7bbc6e018c1e70eed75451438aac9e0bab1236
                • Opcode Fuzzy Hash: 5fd2968cf17265ece5c704aef31620674a01774e0d9ef0bc6f021e326c6e7c3c
                • Instruction Fuzzy Hash: 69826D74A00614CFDB64DF28C595A69BBF2FF89310F2185AAD84A9B361DB34ED81CF11
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID: %
                • API String ID: 0-2567322570
                • Opcode ID: 96ff19fd14b6b3212f4975cedfb8b90107c0de8439f71a014d0da5cb0a897884
                • Instruction ID: 5cf739737f3971436043abdf6d900907cf327536626daa975aa5246e507b10cf
                • Opcode Fuzzy Hash: 96ff19fd14b6b3212f4975cedfb8b90107c0de8439f71a014d0da5cb0a897884
                • Instruction Fuzzy Hash: 9B026B70A00209CFDB24DFA5C894AAEBBF2FF88314F14846DD906AB395DB359945CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 129497710b76728ae872ba2db2624678015efeb67a40bc37bbd2492c5084ceac
                • Instruction ID: ba4ac0af15d6fe13de754f0fa6e4ff761603910df5da5761cf80b83e691b67ae
                • Opcode Fuzzy Hash: 129497710b76728ae872ba2db2624678015efeb67a40bc37bbd2492c5084ceac
                • Instruction Fuzzy Hash: B2410E72F005099BCB10DAA9D880AAEB7B2FBC4214F15C57AC119E7748EB34ED55CBC6
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d82716a49f9609cae96667d81807862901c16dad5766a16d92e4cd30d0c61de
                • Instruction ID: 7e5a21e550547d161813c43a3431d21fb9ed24878e8113a209eab8f327c8d361
                • Opcode Fuzzy Hash: 5d82716a49f9609cae96667d81807862901c16dad5766a16d92e4cd30d0c61de
                • Instruction Fuzzy Hash: 1CC22734A00219CFCB25DF65C994BADBBB2FF49344F1085A9E94AAB350DB399D81CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 92fcb98dbf5d05b4e809592ae0c7225b6c57109d4b146f6d17d0ee165e7d7d00
                • Instruction ID: 26d93bc2f38bd80ad2432dde9d1a69bf9c8ddef3264e02df5428f006e15d832d
                • Opcode Fuzzy Hash: 92fcb98dbf5d05b4e809592ae0c7225b6c57109d4b146f6d17d0ee165e7d7d00
                • Instruction Fuzzy Hash: 94223774A00219CFDB15DF65D884AADBBB2FF49300F5480AAE80AAB361DB35DD85CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d740876b7d4473aa039fddcf6fa7884e4c83296e0381fe4af35f9fd842397734
                • Instruction ID: b0329cde69b0dae94cf9e1b9b61983176d8255629dfc87c2cf5861a626df22c4
                • Opcode Fuzzy Hash: d740876b7d4473aa039fddcf6fa7884e4c83296e0381fe4af35f9fd842397734
                • Instruction Fuzzy Hash: E1F15B30A10209DFDB18DFA4D994AAEBBF2FF88314F148469E806AB395DF74D945CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d8fbf1fea9d8bfffbd9fe64143006ad863278fc8719b806a258ba97b5a4b5d1
                • Instruction ID: 3e42446ae480b1618250ed5f1963d19d8620b328b07edbfc381390a76065f445
                • Opcode Fuzzy Hash: 8d8fbf1fea9d8bfffbd9fe64143006ad863278fc8719b806a258ba97b5a4b5d1
                • Instruction Fuzzy Hash: EEB15731A106289FDB14DB78C984BADBBF6BF48704F1181AAE50AEB350DB74AC45CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a3fd70fad2293b760cad385ff6e433dbe5ac7a4412be0706f27837e6bc7e85a
                • Instruction ID: 17088bedc9f66b2a732a7a0b426dce78d4e0c74c686900bc1d45a53b8240bf37
                • Opcode Fuzzy Hash: 4a3fd70fad2293b760cad385ff6e433dbe5ac7a4412be0706f27837e6bc7e85a
                • Instruction Fuzzy Hash: 53615971A10608AFD748DF7AE98269E7FF3EBC8208F14C46AD004EB364EF7958458B51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 904e19c62167d587c1aaf86f744ad2d0e90ce956d454b286fc4addd059e15f0c
                • Instruction ID: 03c06c44bdd13d706ee3086c0f804574c6c7a55a707f43a86e2da0a2d9ffd4e7
                • Opcode Fuzzy Hash: 904e19c62167d587c1aaf86f744ad2d0e90ce956d454b286fc4addd059e15f0c
                • Instruction Fuzzy Hash: B66136B0A10648AFD748DF7AE98269E7FF3EBC8208F14C46AD104EB364EF7558458B51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd456e9a3d87f549bc24f2489e6a93db31d4c03613c880af42b41d9923ee9126
                • Instruction ID: d40ba1e9e2ffcd2c27a210381846461a1001cb09847231871fa79388c3bb08bc
                • Opcode Fuzzy Hash: cd456e9a3d87f549bc24f2489e6a93db31d4c03613c880af42b41d9923ee9126
                • Instruction Fuzzy Hash: CD51D070A206489FD718DF7BE94269E7BF3EBD8204F41C43AD10ADB264EF3649458B90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346345267.0000000005F70000.00000040.00000001.sdmp, Offset: 05F70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b0902b4f7709f1fa39cacd292007bcd483b55f4778cd0db89b668802b4342f5
                • Instruction ID: 95d0d35a8a5f07a48949beb3f4ed226a1ce8d848491b6dafc3a2c7ca7b2b6607
                • Opcode Fuzzy Hash: 8b0902b4f7709f1fa39cacd292007bcd483b55f4778cd0db89b668802b4342f5
                • Instruction Fuzzy Hash: AB51C170A206489BD718DF37E94269E7BF3FBD8204F41C43AD10ADB264EF7659458B90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.346389488.0000000005FA0000.00000040.00000001.sdmp, Offset: 05FA0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62d061e6561f3b9c2c774f1750dc192c8622fa827ced46d95f8740c8ed951069
                • Instruction ID: a37c7e1449c138b469e02f7c7e00b1e2696cf3033b7ffd04f282fee40e7abba0
                • Opcode Fuzzy Hash: 62d061e6561f3b9c2c774f1750dc192c8622fa827ced46d95f8740c8ed951069
                • Instruction Fuzzy Hash: 6021B6B6D09218CFDF14DFA5C4487ACBBB9FB49300F109199D50AAB265D7B49981CF05
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.346259220.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                Similarity
                • API ID:
                • String ID: (l$(l$<l$t%l$t%l
                • API String ID: 0-1843784812
                • Opcode ID: 9adaee11a39df870453bcd50b1ea37622656b685acb5ca7da2f23ebcf66db8bb
                • Instruction ID: 0aebff453604ce184e018fab1d064c1da36c292cbe4cc2259bee54ac4ac7f4ea
                • Opcode Fuzzy Hash: 9adaee11a39df870453bcd50b1ea37622656b685acb5ca7da2f23ebcf66db8bb
                • Instruction Fuzzy Hash: 0CD15C34A006058FDB24CF68C588A69B7F6FF85714F1984A9D80A9B3A5DB35EC80CF55
                Uniqueness

                Uniqueness Score: -1.00%

                Executed Functions

                APIs
                • GetCurrentProcess.KERNEL32 ref: 02A37140
                • GetCurrentThread.KERNEL32 ref: 02A3717D
                • GetCurrentProcess.KERNEL32 ref: 02A371BA
                • GetCurrentThreadId.KERNEL32 ref: 02A37213
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: 960a17243dbae6f28452148818400cc9b977f090dff765bba0c76bb4f6f33617
                • Instruction ID: b89261051f2ca710fed3ab53ffc83029d4235898abb5a0a5bc08c84985d9db9e
                • Opcode Fuzzy Hash: 960a17243dbae6f28452148818400cc9b977f090dff765bba0c76bb4f6f33617
                • Instruction Fuzzy Hash: 1851ACB19047848FDB11CFA9D989BDEBFF1EF49318F24845AE009A7391DB389944CB61
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • GetCurrentProcess.KERNEL32 ref: 02A37140
                • GetCurrentThread.KERNEL32 ref: 02A3717D
                • GetCurrentProcess.KERNEL32 ref: 02A371BA
                • GetCurrentThreadId.KERNEL32 ref: 02A37213
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: fc692fe663ac0dd8a2a9a9f7ef2882e70959e847d4cdbcf5dcf2dfb54bfc82a9
                • Instruction ID: 670572179cde77af17beacb71402115dcb54a32c90abbd62149de1d0d8ecd520
                • Opcode Fuzzy Hash: fc692fe663ac0dd8a2a9a9f7ef2882e70959e847d4cdbcf5dcf2dfb54bfc82a9
                • Instruction Fuzzy Hash: 625124B09006498FDB14CFA9D988BDEFBF1AF48318F248459E419A7350DB74A945CF61
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A35942
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 41ec100d05968390218296fb69e7422d4fa378daabf8b5b7901870e03a7606be
                • Instruction ID: 58515e85b67b7e57259af615e33271420213a5241ef012f68fba2a2ab2b7466a
                • Opcode Fuzzy Hash: 41ec100d05968390218296fb69e7422d4fa378daabf8b5b7901870e03a7606be
                • Instruction Fuzzy Hash: 5951D0B1D003089FDB15CF99C880ADEBBB5BF48314F64812AE819AB210DB74A845CF91
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A35942
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 429df7bc8f9c6ecb955c73878176c99b7960204b10a1485b8ab10875fac5325b
                • Instruction ID: 38875ac560c5683ae6c961b28a323065a64b31ed6901adbb5f542bf198442dbb
                • Opcode Fuzzy Hash: 429df7bc8f9c6ecb955c73878176c99b7960204b10a1485b8ab10875fac5325b
                • Instruction Fuzzy Hash: FE41CFB1D103499FDB15CFA9C884ADEBBB5BF48314F64812AE819AB210DB74A845CF91
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CallWindowProcW.USER32(?,?,?,?,?), ref: 02A38861
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: CallProcWindow
                • String ID:
                • API String ID: 2714655100-0
                • Opcode ID: 3a559a93f58b849b7260842753e2010b35e7579896112a7051687e6235ca32ad
                • Instruction ID: 5f41b2953ebd734e2a38d1b17d3a5a7cbfb447835155a6941f14f637f5c03303
                • Opcode Fuzzy Hash: 3a559a93f58b849b7260842753e2010b35e7579896112a7051687e6235ca32ad
                • Instruction Fuzzy Hash: 6E411BB4A00605CFCB15CF59C488AAABBF5FF88314F248459E519A7321DB78A845CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A3738F
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 3fe5204f8c8bf475bced7fe6b0835e058982af2068ea1a40e75e726c50fd3d31
                • Instruction ID: 219f7bd4b07b61576c24a0d6ff8ff857c7b17cbc66c52d7c8ad4157c46db1b16
                • Opcode Fuzzy Hash: 3fe5204f8c8bf475bced7fe6b0835e058982af2068ea1a40e75e726c50fd3d31
                • Instruction Fuzzy Hash: 3521E3B59002089FDB10CFA9D984AEEBBF4EF48324F14841AE914B3310D778A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A3738F
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: bfb1ad1f16c97fb376916888f5192a20e7b617aa809eb7c7e3463b4620049ae1
                • Instruction ID: 1fcf5ae03ac68bcf0eba2306ba925efc3173182e9ba199beffb4d2678614208d
                • Opcode Fuzzy Hash: bfb1ad1f16c97fb376916888f5192a20e7b617aa809eb7c7e3463b4620049ae1
                • Instruction Fuzzy Hash: BF21C2B59002489FDB10CFAAD984ADEFBF8EB48324F14845AE914A7310D778A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • RtlEncodePointer.NTDLL(00000000), ref: 02A3D6AA
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: EncodePointer
                • String ID:
                • API String ID: 2118026453-0
                • Opcode ID: 150df222cc27e942a21bd2f5156b743ad308bcd6b0a82ad8743956f6b942b94b
                • Instruction ID: 824dd84c27dc9d25b6615e5e9b7e72cb0dd0f814449bdfb87f79ca0246434447
                • Opcode Fuzzy Hash: 150df222cc27e942a21bd2f5156b743ad308bcd6b0a82ad8743956f6b942b94b
                • Instruction Fuzzy Hash: 1621CDB2901705CFDB10EFA9D44838EBBF4FB05314F64842AE528A3700DB396904CFA5
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • RtlEncodePointer.NTDLL(00000000), ref: 02A3D6AA
                Memory Dump Source
                • Source File: 00000010.00000002.484697887.0000000002A30000.00000040.00000001.sdmp, Offset: 02A30000, based on PE: false
                Similarity
                • API ID: EncodePointer
                • String ID:
                • API String ID: 2118026453-0
                • Opcode ID: 3917f367f6466c05b8d6d7cf8627809abf74b2418467dd4d0fa4ed3db079f041
                • Instruction ID: cf39dd08b321c87553163918419fad32f774df0c87f6f2fd1736ba22d5989c9f
                • Opcode Fuzzy Hash: 3917f367f6466c05b8d6d7cf8627809abf74b2418467dd4d0fa4ed3db079f041
                • Instruction Fuzzy Hash: C111BBB1910709CFDB10EFAAD54879EBBF4FB49314F20842AE529A3744DB386944CFA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000010.00000002.484445412.0000000000F4D000.00000040.00000001.sdmp, Offset: 00F4D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fabd7919cc0e3d2d42643e8725e40d376e3816a10190eb6ba983b4e265c224a6
                • Instruction ID: 87a0b1e5e83ad2eb5095812a3d431486900c6a89c5943cd695c6a942dffb7300
                • Opcode Fuzzy Hash: fabd7919cc0e3d2d42643e8725e40d376e3816a10190eb6ba983b4e265c224a6
                • Instruction Fuzzy Hash: AB21F571508240DFDB14DF58D8C4B16BF65FB84324F24C56DDC0A4B34AC736D846DA61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000010.00000002.484445412.0000000000F4D000.00000040.00000001.sdmp, Offset: 00F4D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d55bf57ec91c1a233649eee6353dbf349cd5ff0f5536019322244d397763e29
                • Instruction ID: c5d9ba3604574dcda6e98d2e21a0361504afaa6ba06757fb6f028b61806cbc7f
                • Opcode Fuzzy Hash: 8d55bf57ec91c1a233649eee6353dbf349cd5ff0f5536019322244d397763e29
                • Instruction Fuzzy Hash: DC2150755093C08FCB12CF24D994715BF71EB46324F28C5EAD8498F697C33A984ACB62
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions