Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Invoice No F1019855_PDF.vbs

Overview

General Information

Sample Name:Invoice No F1019855_PDF.vbs
Analysis ID:411334
MD5:fcf52f96d96c68788ffe13fcccd4c89c
SHA1:ca29113b7607ecb7d9a65d8285d7d36f367b1cd0
SHA256:fbc5a1e5f8a02c644cf207d40885c7973dc7e4809b97f676927da3e13e17ed1f
Tags:NanoCoreRATvbs
Infos:

Most interesting Screenshot:

Detection

Nanocore AsyncRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
VBScript performs obfuscated calls to suspicious functions
Yara detected AntiVM3
Yara detected AsyncRAT
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • wscript.exe (PID: 6380 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice No F1019855_PDF.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • file.exe (PID: 6588 cmdline: 'C:\Users\user\AppData\Local\Temp\file.exe' MD5: E6A6EB2982AB17BBB7083493805823BA)
      • schtasks.exe (PID: 7072 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\JkeJLChUI' /XML 'C:\Users\user\AppData\Local\Temp\tmpAD9.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • file.exe (PID: 7156 cmdline: {path} MD5: E6A6EB2982AB17BBB7083493805823BA)
    • name.exe (PID: 6612 cmdline: 'C:\Users\user\AppData\Local\Temp\name.exe' MD5: 43C4F163196FF02E7AA8C5040375FDA4)
      • schtasks.exe (PID: 7088 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpC12.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 7116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • name.exe (PID: 800 cmdline: {path} MD5: 43C4F163196FF02E7AA8C5040375FDA4)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "c687c38e-2b2d-4d96-b5eb-9a31ccba", "Group": "Sys", "Domain1": "sys2021.linkpc.net", "Domain2": "", "Port": 11940, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
      0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe75:$x1: NanoCore.ClientPluginHost
      • 0xe8f:$x2: IClientNetworkHost
      0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe75:$x2: NanoCore.ClientPluginHost
      • 0x1261:$s3: PipeExists
      • 0x1136:$s4: PipeCreated
      • 0xeb0:$s5: IClientLoggingHost
      0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 21 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        11.2.name.exe.5950000.11.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xd9ad:$x1: NanoCore.ClientPluginHost
        • 0xd9da:$x2: IClientNetworkHost
        11.2.name.exe.5950000.11.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0xd9ad:$x2: NanoCore.ClientPluginHost
        • 0xea88:$s4: PipeCreated
        • 0xd9c7:$s5: IClientLoggingHost
        11.2.name.exe.5950000.11.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
          4.2.name.exe.47d8c38.1.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
          • 0xe38d:$x1: NanoCore.ClientPluginHost
          • 0xe3ca:$x2: IClientNetworkHost
          • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
          4.2.name.exe.47d8c38.1.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
          • 0xe105:$x1: NanoCore Client.exe
          • 0xe38d:$x2: NanoCore.ClientPluginHost
          • 0xf9c6:$s1: PluginCommand
          • 0xf9ba:$s2: FileCommand
          • 0x1086b:$s3: PipeExists
          • 0x16622:$s4: PipeCreated
          • 0xe3b7:$s5: IClientLoggingHost
          Click to see the 43 entries

          Sigma Overview

          AV Detection:

          barindex
          Sigma detected: NanoCoreShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\name.exe, ProcessId: 800, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          E-Banking Fraud:

          barindex
          Sigma detected: NanoCoreShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\name.exe, ProcessId: 800, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Stealing of Sensitive Information:

          barindex
          Sigma detected: NanoCoreShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\name.exe, ProcessId: 800, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Remote Access Functionality:

          barindex
          Sigma detected: NanoCoreShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\name.exe, ProcessId: 800, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "c687c38e-2b2d-4d96-b5eb-9a31ccba", "Group": "Sys", "Domain1": "sys2021.linkpc.net", "Domain2": "", "Port": 11940, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Invoice No F1019855_PDF.vbsReversingLabs: Detection: 21%
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 6612, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 800, type: MEMORY
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPE
          Source: 11.2.name.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
          Source: 11.2.name.exe.5950000.11.unpackAvira: Label: TR/NanoCore.fadte
          Source: 10.2.file.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
          Source: C:\Users\user\AppData\Local\Temp\name.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
          Source: Binary string: mscorrc.pdb source: name.exe, 00000004.00000002.261482145.0000000007200000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.477662832.00000000054D0000.00000002.00000001.sdmp

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs:
          Source: Malware configuration extractorURLs: sys2021.linkpc.net
          Connects to many ports of the same IP (likely port scanning)Show sources
          Source: global trafficTCP traffic: 87.98.245.48 ports 10090,0,1,4,9,11940
          Source: global trafficTCP traffic: 192.168.2.3:49725 -> 87.98.245.48:11940
          Source: global trafficTCP traffic: 192.168.2.3:49736 -> 191.96.25.26:11940
          Source: Joe Sandbox ViewIP Address: 87.98.245.48 87.98.245.48
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
          Source: unknownDNS traffic detected: queries for: sys2021.linkpc.net
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: file.exe, 00000003.00000002.255141444.0000000003151000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: file.exe, 00000003.00000003.216324625.000000000608E000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: name.exe, 00000004.00000003.216797322.000000000597C000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: name.exe, 00000004.00000003.216797322.000000000597C000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comext
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com.TTF
          Source: name.exe, 00000004.00000003.220508852.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/
          Source: name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com9
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF6
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalic
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalso
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessed
          Source: file.exe, 00000003.00000003.253543403.000000000608A000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comion
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comlicd
          Source: file.exe, 00000003.00000003.253543403.000000000608A000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: name.exe, 00000004.00000003.214233303.000000000598B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comx
          Source: name.exe, 00000004.00000003.214182404.000000000598B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comyp
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: file.exe, 00000003.00000002.262971462.0000000006170000.00000002.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: file.exe, 00000003.00000002.262971462.0000000006170000.00000002.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: file.exe, 00000003.00000003.215566337.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cntic
          Source: file.exe, 00000003.00000003.220028378.0000000006096000.00000004.00000001.sdmp, name.exe, 00000004.00000003.220508852.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: file.exe, 00000003.00000003.220798127.0000000006096000.00000004.00000001.sdmp, file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: file.exe, 00000003.00000003.220028378.0000000006096000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/w
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmp, name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmp, name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/&
          Source: file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//sO
          Source: name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/4
          Source: name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/?
          Source: name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/L
          Source: file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ana
          Source: file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmp, file.exe, 00000003.00000003.217797992.0000000006089000.00000004.00000001.sdmp, name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/i
          Source: file.exe, 00000003.00000003.217797992.0000000006089000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/u
          Source: name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/w
          Source: name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/rge
          Source: file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/u
          Source: name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/x
          Source: name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/~
          Source: name.exe, 00000004.00000003.214006989.000000000598B000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: name.exe, 00000004.00000003.214006989.000000000598B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comw
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
          Source: file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: file.exe, 00000003.00000002.262971462.0000000006170000.00000002.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: file.exe, 0000000A.00000002.470394784.0000000001316000.00000004.00000020.sdmpString found in binary or memory: https://nexus.officeapps.live.com

          Key, Mouse, Clipboard, Microphone and Screen Capturing:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7156, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6588, type: MEMORY
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.4238890.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.file.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.raw.unpack, type: UNPACKEDPE
          Source: name.exe, 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

          E-Banking Fraud:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 6612, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 800, type: MEMORY
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: Process Memory Space: name.exe PID: 6612, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: Process Memory Space: name.exe PID: 6612, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: Process Memory Space: name.exe PID: 800, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: Process Memory Space: name.exe PID: 800, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 11.2.name.exe.5590000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 11.2.name.exe.3051688.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_059028A2 NtQuerySystemInformation,4_2_059028A2
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05902868 NtQuerySystemInformation,4_2_05902868
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0534116A NtQuerySystemInformation,11_2_0534116A
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0534112F NtQuerySystemInformation,11_2_0534112F
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_00D760913_2_00D76091
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_00D78A843_2_00D78A84
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0164D3143_2_0164D314
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772AF603_2_0772AF60
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772F6303_2_0772F630
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772CE883_2_0772CE88
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_07722C303_2_07722C30
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077262503_2_07726250
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772BA403_2_0772BA40
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077279483_2_07727948
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077221133_2_07722113
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077251E03_2_077251E0
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077288283_2_07728828
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077287673_2_07728767
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772AF503_2_0772AF50
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772BF083_2_0772BF08
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077256583_2_07725658
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077256493_2_07725649
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772BEF83_2_0772BEF8
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077245183_2_07724518
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077245073_2_07724507
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772C5913_2_0772C591
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772C5983_2_0772C598
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772D3503_2_0772D350
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772A2603_2_0772A260
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772A2523_2_0772A252
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772AAB83_2_0772AAB8
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772AAA93_2_0772AAA9
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077279383_2_07727938
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077261F93_2_077261F9
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077231C03_2_077231C0
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_077261A13_2_077261A1
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772B9A83_2_0772B9A8
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772D8583_2_0772D858
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772882A3_2_0772882A
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772A8983_2_0772A898
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 3_2_0772A8883_2_0772A888
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_00CD608D4_2_00CD608D
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_00CD62814_2_00CD6281
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E5104_2_0569E510
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569ADE84_2_0569ADE8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056925884_2_05692588
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056969984_2_05696998
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569C0304_2_0569C030
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05694B404_2_05694B40
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05695B594_2_05695B59
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05693BC84_2_05693BC8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056952594_2_05695259
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056936A04_2_056936A0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569A9604_2_0569A960
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569A1604_2_0569A160
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569A15E4_2_0569A15E
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569A9504_2_0569A950
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E9244_2_0569E924
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569B1084_2_0569B108
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056981084_2_05698108
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E91C4_2_0569E91C
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569ADD84_2_0569ADD8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E9A74_2_0569E9A7
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05698C484_2_05698C48
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569C0204_2_0569C020
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056940084_2_05694008
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056980F84_2_056980F8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569B0F84_2_0569B0F8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E8FF4_2_0569E8FF
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E8A34_2_0569E8A3
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056968B14_2_056968B1
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056988804_2_05698880
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056988904_2_05698890
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E7564_2_0569E756
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05699BC04_2_05699BC0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569DFC04_2_0569DFC0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E7804_2_0569E780
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569EE604_2_0569EE60
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569EE4F4_2_0569EE4F
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569E63E4_2_0569E63E
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056976C04_2_056976C0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05698AA84_2_05698AA8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056986A04_2_056986A0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056976BA4_2_056976BA
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056986B04_2_056986B0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569368F4_2_0569368F
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05694A984_2_05694A98
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05698A984_2_05698A98
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0745366F4_2_0745366F
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_074517004_2_07451700
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_07451BA94_2_07451BA9
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_07451BB84_2_07451BB8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_07452E274_2_07452E27
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 10_2_00D6609110_2_00D66091
          Source: C:\Users\user\AppData\Local\Temp\file.exeCode function: 10_2_00D68A8410_2_00D68A84
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0098608D11_2_0098608D
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0098628111_2_00986281
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_02AF7ABE11_2_02AF7ABE
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521906811_2_05219068
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521846811_2_05218468
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521385011_2_05213850
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521ACC811_2_0521ACC8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_052123A011_2_052123A0
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_05212FA811_2_05212FA8
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521912F11_2_0521912F
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521991011_2_05219910
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0521306F11_2_0521306F
          Source: Invoice No F1019855_PDF.vbsInitial sample: Strings found which are bigger than 50
          Source: C:\Users\user\AppData\Local\Temp\file.exeSection loaded: sysmain.dllJump to behavior
          Source: 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: Process Memory Space: name.exe PID: 6612, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: Process Memory Space: name.exe PID: 6612, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: Process Memory Space: name.exe PID: 800, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: Process Memory Space: name.exe PID: 800, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 11.2.name.exe.5590000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.5590000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 11.2.name.exe.3051688.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.3051688.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: file.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: JkeJLChUI.exe.3.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: LiydYED.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winVBS@15/9@24/2
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_059027D2 AdjustTokenPrivileges,4_2_059027D2
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0590279B AdjustTokenPrivileges,4_2_0590279B
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_05340F2A AdjustTokenPrivileges,11_2_05340F2A
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_05340EF3 AdjustTokenPrivileges,11_2_05340EF3
          Source: C:\Users\user\AppData\Local\Temp\file.exeFile created: C:\Users\user\AppData\Roaming\JkeJLChUI.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeMutant created: \Sessions\1\BaseNamedObjects\871-085a33d91457
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7116:120:WilError_01
          Source: C:\Users\user\AppData\Local\Temp\file.exeMutant created: \Sessions\1\BaseNamedObjects\Global\RefreshRA_Mutex_Lib
          Source: C:\Users\user\AppData\Local\Temp\name.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Users\user\AppData\Local\Temp\name.exeMutant created: \Sessions\1\BaseNamedObjects\lsPvaxhQEBvPAUaKmBBEq
          Source: C:\Users\user\AppData\Local\Temp\file.exeMutant created: \Sessions\1\BaseNamedObjects\RZiGID
          Source: C:\Users\user\AppData\Local\Temp\name.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c687c38e-2b2d-4d96-b5eb-9a31ccba603d}
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\file.exeJump to behavior
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice No F1019855_PDF.vbs'
          Source: C:\Users\user\AppData\Local\Temp\file.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
          Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Invoice No F1019855_PDF.vbsReversingLabs: Detection: 21%
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice No F1019855_PDF.vbs'
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\file.exe 'C:\Users\user\AppData\Local\Temp\file.exe'
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\name.exe 'C:\Users\user\AppData\Local\Temp\name.exe'
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\JkeJLChUI' /XML 'C:\Users\user\AppData\Local\Temp\tmpAD9.tmp'
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpC12.tmp'
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Users\user\AppData\Local\Temp\file.exe {path}
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess created: C:\Users\user\AppData\Local\Temp\name.exe {path}
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\file.exe 'C:\Users\user\AppData\Local\Temp\file.exe' Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\name.exe 'C:\Users\user\AppData\Local\Temp\name.exe' Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\JkeJLChUI' /XML 'C:\Users\user\AppData\Local\Temp\tmpAD9.tmp'Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Users\user\AppData\Local\Temp\file.exe {path}Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpC12.tmp'Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess created: C:\Users\user\AppData\Local\Temp\name.exe {path}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Invoice No F1019855_PDF.vbsStatic file information: File size 2072856 > 1048576
          Source: C:\Users\user\AppData\Local\Temp\name.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
          Source: Binary string: mscorrc.pdb source: name.exe, 00000004.00000002.261482145.0000000007200000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.477662832.00000000054D0000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          VBScript performs obfuscated calls to suspicious functionsShow sources
          Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("C:\Users\user\AppData\Local\Temp\file.exe");IFileSystem3.GetSpecialFolder("2");IFolder.Path();IFileSystem3.GetSpecialFolder("2");IFolder.Path();IXMLDOMNode._00000029("tmp");IXMLDOMElement.dataType("bin.base64");IXMLDOMElement.text("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDADJHWrcAAAAAAAAAAOAAAgELATAAALIKAAAIAAAAAAAAVtE");IXMLDOMElement.nodeTypedValue();_Stream.Type("1");_Stream.Open();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\file.exe", "2");IXMLDOMNode._00000029("tmp");IXMLDOMElement.dataType("bin.base64");IXMLDOMElement.text("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAOnJY+kAAAAAAAAAAOAAAgELATAAAPALAAAIAAAAAAAAOg4");IXMLDOMElement.nodeTypedValue();_Stream.Type("1");_Stream.Open();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\name.exe", "2");IWshShell3.Run("C:\Users\user\AppData\Local\Temp\file.exe");IWshShell3.Run("C:\Users\user\AppData\Local\Temp\name.exe")
          .NET source code contains potential unpackerShow sources
          Source: JkeJLChUI.exe.3.dr, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 3.2.file.exe.d70000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 3.0.file.exe.d70000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 4.2.name.exe.cd0000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 4.0.name.exe.cd0000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 10.2.file.exe.d60000.1.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: file.exe.0.drStatic PE information: 0xB75A4732 [Fri Jun 24 13:16:34 2067 UTC]
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_016B0DA8 push esi; ret 4_2_016B0DAB
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_016B0D60 push esi; ret 4_2_016B0D63
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_016B0DF0 push esi; ret 4_2_016B0DF3
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_016B0E90 push esi; ret 4_2_016B0E93
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_016E7DC1 push 64016E86h; ret 4_2_016E82D1
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_056985F8 pushfd ; retf 4_2_056985F9
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05698588 pushad ; retf 4_2_05698591
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_0569DA2A push E9FFFFFFh; iretd 4_2_0569DA2F
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_02AF9D30 pushad ; retf 11_2_02AF9D31
          Source: initial sampleStatic PE information: section name: .text entropy: 7.21530395794
          Source: initial sampleStatic PE information: section name: .text entropy: 7.21530395794
          Source: initial sampleStatic PE information: section name: .text entropy: 7.33039162712
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\file.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\name.exeFile created: C:\Users\user\AppData\Roaming\LiydYED.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\file.exeFile created: C:\Users\user\AppData\Roaming\JkeJLChUI.exeJump to dropped file
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\name.exeJump to dropped file

          Boot Survival:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7156, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6588, type: MEMORY
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.4238890.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.file.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.raw.unpack, type: UNPACKEDPE
          Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\JkeJLChUI' /XML 'C:\Users\user\AppData\Local\Temp\tmpAD9.tmp'
          Source: C:\Users\user\AppData\Local\Temp\file.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\LinkageJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\LinkageJump to behavior

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
          Source: C:\Users\user\AppData\Local\Temp\name.exeFile opened: C:\Users\user\AppData\Local\Temp\name.exe:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Windows\System32\wscript.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 6612, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6588, type: MEMORY
          Source: Yara matchFile source: 3.2.file.exe.311576c.1.raw.unpack, type: UNPACKEDPE
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7156, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6588, type: MEMORY
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.4238890.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.file.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.raw.unpack, type: UNPACKEDPE
          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
          Source: C:\Users\user\AppData\Local\Temp\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\AppData\Local\Temp\name.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: file.exe, 00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmp, name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: file.exe, 00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmp, name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: file.exe, 00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmp, file.exe, 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmpBinary or memory string: SBIEDLL.DLLME: CHAT
          Source: C:\Users\user\AppData\Local\Temp\name.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeWindow / User API: foregroundWindowGot 835Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exe TID: 6592Thread sleep time: -31500s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exe TID: 2540Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 6616Thread sleep time: -31500s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 6648Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 5060Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 5060Thread sleep count: 145 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 5060Thread sleep count: 221 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 3512Thread sleep count: 256 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 5060Thread sleep count: 31 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exe TID: 5052Thread sleep time: -280000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\file.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_05340BB6 GetSystemInfo,11_2_05340BB6
          Source: C:\Users\user\AppData\Local\Temp\file.exeThread delayed: delay time: 31500Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeThread delayed: delay time: 31500Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: file.exe, 00000003.00000002.267489782.0000000007A75000.00000004.00000001.sdmpBinary or memory string: VMware
          Source: file.exe, 0000000A.00000002.478323330.0000000005947000.00000004.00000001.sdmpBinary or memory string: 8258RemoteFX Synth3D VSC VM Transport Channel8260Number of space available signals received8262Number of space available signals received per second8264Number of data available signals received8266Number of data available signals received per second8268Number of space available signals sent8270Number of space available signals sent per second8272Number of data available signals sent8274Number of data available signals sent per second8276Number of data available event was reset8278Number of data available event was reset per second8280Number of space available event was reset8282Number of space available event was reset per second8244RemoteFX Synth3D VSC VM Device8246Number of created VMT channels8248Number of waiting VMT channels8250Number of connected VMT channels8252Number of disconnected VMT channels8254Total number of created VMT channels8256Number of RDVGM restarted notifications7320WorkflowServiceHost 4.0.0.07322Workflows Created7324Workflows Created Per Second7326Workflows Executing7328Workflows Completed7330Workflows Completed Per Second7332Workflows Aborted7334Workflows Aborted Per Second7336Workflows In Memory7338Workflows Persisted7340Workflows Persisted Per Second7342Workflows Terminated7344Workflows Terminated Per Second7346Workflows Loaded7348Workflows Loaded Per Second7350Workflows Unloaded7352Workflows Unloaded Per Second7354Workflows Suspended7356Workflows Suspended Per Second7358Workflows Idle Per Second7360Average Workflow Load Time7362Average Workflow Load Time Base7364Average Workflow Persist Time7366Average Workflow Persist Time Base8154Terminal Services8156Active Sessions8158Inactive Sessions8160Total Sessions5200Hyper-V Hypervisor Logical Processor5202Global Time5204Total Run Time5206Hypervisor Run Time5208Hardware Interrupts/sec5210Context Switches/sec5212Inter-Processor Interrupts/sec5214Scheduler Interrupts/sec5216Timer Interrupts/secy&
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: l!Hyper-V Virtual Machine Bus Pipes
          Source: file.exe, 0000000A.00000002.477862631.0000000005646000.00000004.00000001.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServiceA
          Source: file.exe, 0000000A.00000003.283195559.0000000005662000.00000004.00000001.sdmpBinary or memory string: Hyper-V odyhnxjxsoexvdl Bus'
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: XrA"SOFTWARE\VMware, Inc.\VMware Tools
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: wscript.exe, 00000000.00000002.217300558.0000023C9F5B0000.00000002.00000001.sdmp, file.exe, 0000000A.00000002.478778610.0000000005FD0000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.478683812.0000000006380000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: file.exe, 00000003.00000002.267489782.0000000007A75000.00000004.00000001.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareMZF7_W99Win32_VideoControllerAU6HH_1NVideoController120060621000000.000000-00039494928display.infMSBDAE93F5W6VPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsDGO2XXF2l
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: file.exe, 0000000A.00000002.477862631.0000000005646000.00000004.00000001.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service/
          Source: file.exe, 0000000A.00000002.477926995.0000000005665000.00000004.00000001.sdmpBinary or memory string: Hyper-V odyhnxjxsoexvdl Bus?
          Source: file.exe, 0000000A.00000002.477862631.0000000005646000.00000004.00000001.sdmpBinary or memory string: VHyper-V Virtual Machine Bus Provider PipesW
          Source: file.exe, 0000000A.00000003.282965781.0000000001366000.00000004.00000001.sdmpBinary or memory string: terrupts/sec5216Timer Interrupts/sec5218Inter-Processor Interrupts Sent/sec5220Processor Halts/sec5222Monitor Transition Cost5224Context Switch Time5226C1 Transitions/sec5228% C1 Time5230C2 Transitions/sec5232% C2 Time5234C3 Transitions/sec5236% C3 Time5238Frequency5240% of Max Frequency5242Parking Status5244Processor State Flags5246Root Vp Index5248Idle Sequence Number5250Global TSC Count5252Active TSC Count5254Idle Accumulation5256Reference Cycle Count 05258Actual Cycle Count 05260Reference Cycle Count 15262Actual Cycle Count 15264Proximity Domain Id5266Posted Interrupt Notifications/sec5268Guest Run Time5270Idle Time5272% Total Run Time5274% Hypervisor Run Time5276% Guest Run Time5278% Idle Time5280Total Interrupts/sec5182Hyper-V Hypervisor5184Logical Processors5186Partitions5188Total Pages5190Virtual Processors5192Monitored Notifications5194Modern Standby Entries5196Platform Idle Transitions5198HypervisorStartupCost5282Hyper-V Hypervisor Root Partition5284Virtual Processors5286Virtual TLB Pages5288Address Spaces5290Deposited Pages5292GPA Pages5294GPA Space Modifications/sec5296Virtual TLB Flush Entires/sec5298Recommended Virtual TLB Size53004K GPA pages53022M GPA pages53041G GPA pages5306512G GPA pages53084K device pages53102M device pages53121G device pages5314512G device pages5316Attached Devices5318Device Interrupt Mappings5320I/O TLB Flushes/sec5322I/O TLB Flush Cost5324Device Interrupt Errors5326Device DMA Errors5328Device Interrupt Throttle Events5330Skipped Timer Ticks5332Partition Id5334Nested TLB Size5336Recommended Nested TLB Size5338Nested TLB Free List Size5340Nested TLB Trimmed Pages/sec5342I/O TLB Flushes Base5344Hyper-V Hypervisor Root Virtual Processor5346Total Run Time5348Hypervisor Run Time5350Remote Node Run Time5352Normalized Run Time5354Hypercalls/sec5356Hypercalls Cost5358Page Invalidations/sec5360Page Invalidations Cost5362Control Register Accesses/sec5364Control Register Accesses Cost5366IO Instructions/sec5368IO Instructions Cost5370HLT Instructions/sec5372HLT Instructions Cost5374MWAIT Instructions/sec5376MWAIT Instructions Cost5378CPUID Instructions/sec5380CPUID Instructions Cost5382MSR Accesses/sec5384MSR Accesses Cost5386Other Intercepts/sec5388Other Intercepts Cost5390External Interrupts/sec5392External Interrupts Cost5394Pending Interrupts/sec5396Pending Interrupts Cost5398Emulated Instructions/sec5400Emulated Instructions Cost5402Debug Register Accesses/sec5404Debug Register Accesses Cost5406Page Fault Intercepts/sec5408Page Fault Intercepts Cost5410Guest Page Table Maps/sec5412Large Page TLB Fills/sec5414Small Page TLB Fills/sec5416Reflected Guest Page Faults/sec5418APIC MMIO Accesses/sec5420IO Intercept Messages/sec5422Memory Intercept Messages/sec5424APIC EOI Accesses/sec5426Other Messages/sec5428Page Table Allocations/sec5430Logical Processor Migrations/sec5432Address Space Evictions/sec5434Address Space Switches/sec5436Address Domain Flushes/sec5438Address Space Flushes/sec5440Global GVA Range Flushes/sec5
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
          Source: file.exe, 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmpBinary or memory string: vmware
          Source: file.exe, 00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmpBinary or memory string: l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: Xr&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: file.exe, 0000000A.00000003.283195559.0000000005662000.00000004.00000001.sdmpBinary or memory string: Hyper-V odyhnxjxsoexvdl Bus Pipes)
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: l)Hyper-V Hypervisor Root Virtual Processor
          Source: file.exe, 0000000A.00000002.477862631.0000000005646000.00000004.00000001.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
          Source: file.exe, 0000000A.00000003.283312609.000000000135C000.00000004.00000001.sdmpBinary or memory string: RemoteFX Synth3D VSC VM Transport Channel8260Number of space available signals received8262Number of space available signals received per second8264Number of data available signals received8266Number of data available signals received per second8268Number of space available signals sent8270Number of space available signals sent per second8272Number of data available signals sent8274Number of data available signals sent per second8276Number of data available event was reset8278Number of data available event was reset per second8280Number of space available event was reset8282Number of space available event was reset per second8244RemoteFX Synth3D VSC VM Device8246Number of created VMT channels8248Number of waiting VMT channels8250Number of connected VMT channels8252Number of disconnected VMT channels8254Total number of created VMT channels8256Number of RDVGM restarted notifications7320WorkflowServiceHost 4.0.0.07322Workflows Created7324Workflows Created Per Second7326Workflows Executing7328Workflows Completed7330Workflows Completed Per Second7332Workflows Aborted7334Workflows Aborted Per Second7336Workflows In Memory7338Workflows Persisted7340Workflows Persisted Per Second7342Workflows Terminated7344Workflows Terminated Per Second7346Workflows Loaded7348Workflows Loaded Per Second7350Workflows Unloaded7352Workflows Unloaded Per Second7354Workflows Suspended7356Workflows Suspended Per Second7358Workflows Idle Per Second7360Average Workflow Load Time7362Average Workflow Load Time Base7364Average Workflow Persist Time7366Average Workflow Persist Time Base8154Terminal Services8156Active Sessions8158Inactive Sessions8160Total Sessions5200Hyper-V Hypervisor Logical Processor5202Global Time5204Total Run Time5206Hypervisor Run Time5208Hardware Interrupts/sec5210Context Switches/sec5212Inter-Processor Interrupts/sec5214Scheduler In
          Source: file.exe, 0000000A.00000002.478270567.0000000005896000.00000004.00000001.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus PipesU
          Source: file.exe, 00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmpBinary or memory string: l"SOFTWARE\VMware, Inc.\VMware Tools
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: Xr87HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\.
          Source: wscript.exe, 00000000.00000002.217300558.0000023C9F5B0000.00000002.00000001.sdmp, file.exe, 0000000A.00000002.478778610.0000000005FD0000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.478683812.0000000006380000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: wscript.exe, 00000000.00000002.217300558.0000023C9F5B0000.00000002.00000001.sdmp, file.exe, 0000000A.00000002.478778610.0000000005FD0000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.478683812.0000000006380000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: l$Hyper-V Hypervisor Logical Processor
          Source: file.exe, 0000000A.00000002.470394784.0000000001316000.00000004.00000020.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
          Source: file.exe, 0000000A.00000002.478270567.0000000005896000.00000004.00000001.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
          Source: file.exe, 0000000A.00000002.470394784.0000000001316000.00000004.00000020.sdmpBinary or memory string: &Hyper-V Hypervisor
          Source: file.exe, 0000000A.00000002.477862631.0000000005646000.00000004.00000001.sdmpBinary or memory string: Hyper-V odyhnxjxsoexvdl Bus Provider Pipes
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: Xr#"SOFTWARE\VMware, Inc.\VMware Tools
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: l!Hyper-V Hypervisor Root Partition
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: l*Hyper-V Virtual Machine Bus Provider Pipes
          Source: file.exe, 0000000A.00000003.283296035.0000000005948000.00000004.00000001.sdmpBinary or memory string: C VM Transport Channel8260Number of space available signals received8262Number of space available signals received per second8264Number of data available signals received8266Number of data available signals received per second8268Number of space available signals sent8270Number of space available signals sent per second8272Number of data available signals sent8274Number of data available signals sent per second8276Number of data available event was reset8278Number of data available event was reset per second8280Number of space available event was reset8282Number of space available event was reset per second8244RemoteFX Synth3D VSC VM Device8246Number of created VMT channels8248Number of waiting VMT channels8250Number of connected VMT channels8252Number of disconnected VMT channels8254Total number of created VMT channels8256Number of RDVGM restarted notifications7320WorkflowServiceHost 4.0.0.07322Workflows Created7324Workflows Created Per Second7326Workflows Executing7328Workflows Completed7330Workflows Completed Per Second7332Workflows Aborted7334Workflows Aborted Per Second7336Workflows In Memory7338Workflows Persisted7340Workflows Persisted Per Second7342Workflows Terminated7344Workflows Terminated Per Second7346Workflows Loaded7348Workflows Loaded Per Second7350Workflows Unloaded7352Workflows Unloaded Per Second7354Workflows Suspended7356Workflows Suspended Per Second7358Workflows Idle Per Second7360Average Workflow Load Time7362Average Workflow Load Time Base7364Average Workflow Persist Time7366Average Workflow Persist Time Base8154Terminal Services8156Active Sessions8158Inactive Sessions8160Total Sessions5200Hyper-V Hypervisor Logical Processor5202Global Time5204Total Run Time5206Hypervisor Run Time5208Hardware Interrupts/sec5210Context Switches/sec5212Inter-Processor Interrupts/sec5214Scheduler Interrupts/sec5216Timer Interrupts/secy&
          Source: wscript.exe, 00000000.00000003.213260478.0000023C9D1E3000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: file.exe, 0000000A.00000002.470394784.0000000001316000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: l*Hyper-V Dynamic Memory Integration Service
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: wscript.exe, 00000000.00000002.215459586.0000023C9EE70000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\
          Source: wscript.exe, 00000000.00000002.217300558.0000023C9F5B0000.00000002.00000001.sdmp, file.exe, 0000000A.00000002.478778610.0000000005FD0000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.478683812.0000000006380000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: name.exe, 00000004.00000002.251572904.0000000003551000.00000004.00000001.sdmpBinary or memory string: Xr#"SOFTWARE\VMware, Inc.\VMware ToolsH
          Source: file.exe, 0000000A.00000002.473021861.0000000003191000.00000004.00000001.sdmpBinary or memory string: Hyper-V Hypervisor
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Benign windows process drops PE filesShow sources
          Source: C:\Windows\System32\wscript.exeFile created: file.exe.0.drJump to dropped file
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\AppData\Local\Temp\name.exeMemory written: C:\Users\user\AppData\Local\Temp\name.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\file.exe 'C:\Users\user\AppData\Local\Temp\file.exe' Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\name.exe 'C:\Users\user\AppData\Local\Temp\name.exe' Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\JkeJLChUI' /XML 'C:\Users\user\AppData\Local\Temp\tmpAD9.tmp'Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeProcess created: C:\Users\user\AppData\Local\Temp\file.exe {path}Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpC12.tmp'Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeProcess created: C:\Users\user\AppData\Local\Temp\name.exe {path}Jump to behavior
          Source: file.exe, 0000000A.00000002.472816675.0000000001C80000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.474486275.00000000030CD000.00000004.00000001.sdmpBinary or memory string: Program Manager
          Source: file.exe, 0000000A.00000002.472816675.0000000001C80000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.472036052.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: file.exe, 0000000A.00000002.472816675.0000000001C80000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.472036052.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: name.exe, 0000000B.00000002.474486275.00000000030CD000.00000004.00000001.sdmpBinary or memory string: Program Managerp
          Source: file.exe, 0000000A.00000002.472816675.0000000001C80000.00000002.00000001.sdmp, name.exe, 0000000B.00000002.472036052.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\file.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\file.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 4_2_05901382 GetUserNameA,4_2_05901382
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7156, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6588, type: MEMORY
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.4238890.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.file.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.file.exe.421ac70.3.raw.unpack, type: UNPACKEDPE

          Stealing of Sensitive Information:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 6612, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 800, type: MEMORY
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Detected Nanocore RatShow sources
          Source: name.exe, 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: name.exe, 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: name.exe, 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 6612, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: name.exe PID: 800, type: MEMORY
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4092a65.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.408e43c.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5950000.11.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.48f8090.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.5954629.10.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.47d8c38.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.name.exe.4089606.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.name.exe.46d79c8.2.raw.unpack, type: UNPACKEDPE
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_0534247A bind,11_2_0534247A
          Source: C:\Users\user\AppData\Local\Temp\name.exeCode function: 11_2_05342428 bind,11_2_05342428

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1Input Capture11Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScripting121Windows Service2Access Token Manipulation1Scripting121LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsExploitation for Client Execution1Scheduled Task/Job2Windows Service2Obfuscated Files or Information13Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsScheduled Task/Job2Logon Script (Mac)Process Injection112Software Packing13NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptScheduled Task/Job2Timestomp1LSA SecretsSecurity Software Discovery211SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncVirtualization/Sandbox Evasion131Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion131Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection112Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronHidden Files and Directories1Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 411334 Sample: Invoice No F1019855_PDF.vbs Startdate: 11/05/2021 Architecture: WINDOWS Score: 100 46 sys2021.linkpc.net 2->46 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 9 other signatures 2->58 9 wscript.exe 3 2->9         started        signatures3 process4 file5 36 C:\Users\user\AppData\Local\Temp\name.exe, PE32 9->36 dropped 38 C:\Users\user\AppData\Local\Temp\file.exe, PE32 9->38 dropped 62 Benign windows process drops PE files 9->62 64 VBScript performs obfuscated calls to suspicious functions 9->64 13 name.exe 6 9->13         started        17 file.exe 6 9->17         started        signatures6 process7 file8 40 C:\Users\user\AppData\Roaming\LiydYED.exe, PE32 13->40 dropped 66 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->66 68 Injects a PE file into a foreign processes 13->68 19 name.exe 8 13->19         started        24 schtasks.exe 1 13->24         started        42 C:\Users\user\AppData\Local\Temp\tmpAD9.tmp, XML 17->42 dropped 44 C:\Users\user\AppData\Roaming\JkeJLChUI.exe, PE32 17->44 dropped 70 Uses schtasks.exe or at.exe to add and modify task schedules 17->70 26 file.exe 11 2 17->26         started        28 schtasks.exe 1 17->28         started        signatures9 process10 dnsIp11 48 sys2021.linkpc.net 87.98.245.48, 10090, 11940, 49725 OVHFR France 19->48 50 191.96.25.26, 11940, 49736, 49739 AS40676US Chile 19->50 34 C:\Users\user\AppData\Roaming\...\run.dat, data 19->34 dropped 60 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->60 30 conhost.exe 24->30         started        32 conhost.exe 28->32         started        file12 signatures13 process14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Invoice No F1019855_PDF.vbs21%ReversingLabsScript-WScript.Trojan.Heuristic

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          11.2.name.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
          11.2.name.exe.5950000.11.unpack100%AviraTR/NanoCore.fadteDownload File
          10.2.file.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.fontbureau.comessed0%URL Reputationsafe
          http://www.fontbureau.comessed0%URL Reputationsafe
          http://www.fontbureau.comessed0%URL Reputationsafe
          http://www.fontbureau.comessed0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.fontbureau.comF60%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/rge0%Avira URL Cloudsafe
          http://www.fontbureau.comlicd0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/40%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/40%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/40%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/40%URL Reputationsafe
          http://www.fonts.comyp0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/w0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/i0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/ana0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/ana0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/ana0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.carterandcone.comext0%Avira URL Cloudsafe
          http://www.fontbureau.com90%Avira URL Cloudsafe
          http://www.fontbureau.comalso0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/&0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/&0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/&0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.de0%URL Reputationsafe
          http://www.urwpp.de0%URL Reputationsafe
          http://www.urwpp.de0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.fontbureau.com.TTF0%URL Reputationsafe
          http://www.fontbureau.com.TTF0%URL Reputationsafe
          http://www.fontbureau.com.TTF0%URL Reputationsafe
          http://www.fonts.comx0%URL Reputationsafe
          http://www.fonts.comx0%URL Reputationsafe
          http://www.fonts.comx0%URL Reputationsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp//sO0%Avira URL Cloudsafe
          http://www.sajatypeworks.comw0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/L0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/L0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/L0%URL Reputationsafe
          http://www.fontbureau.comion0%URL Reputationsafe
          http://www.fontbureau.comion0%URL Reputationsafe
          http://www.fontbureau.comion0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/u0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          sys2021.linkpc.net
          		87.98.245.48
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            true
            • Avira URL Cloud: safe
            		low
            sys2021.linkpc.netfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.fontbureau.com/designersGfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.com/designers/?file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/bThefile.exe, 00000003.00000002.262971462.0000000006170000.00000002.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers?file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                    		high
                    http://www.tiro.comname.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designersname.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comessedfile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.goodfont.co.krfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.comname.exe, 00000004.00000003.216797322.000000000597C000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/~name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.sajatypeworks.comname.exe, 00000004.00000003.214006989.000000000598B000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.typography.netDfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/cThefile.exe, 00000003.00000002.262971462.0000000006170000.00000002.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.galapagosdesign.com/staff/dennis.htmfile.exe, 00000003.00000003.220798127.0000000006096000.00000004.00000001.sdmp, file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://fontfabrik.comfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.comF6file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/rgename.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.comlicdfile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/4name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fonts.comypname.exe, 00000004.00000003.214182404.000000000598B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.galapagosdesign.com/wfile.exe, 00000003.00000003.220028378.0000000006096000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/jp/iname.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.com/name.exe, 00000004.00000003.220508852.0000000005977000.00000004.00000001.sdmpfalse
                        		high
                        http://www.jiyu-kobo.co.jp/anafile.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.galapagosdesign.com/DPleasefile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.comextname.exe, 00000004.00000003.216797322.000000000597C000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com9file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.comalsofile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fonts.comfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                          		high
                          http://www.sandoll.co.krfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/&name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.urwpp.deDPleasefile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.urwpp.defile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.zhongyicts.com.cnfile.exe, 00000003.00000002.262971462.0000000006170000.00000002.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefile.exe, 00000003.00000002.255141444.0000000003151000.00000004.00000001.sdmpfalse
                            		high
                            http://www.sakkal.comfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com.TTFfile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fonts.comxname.exe, 00000004.00000003.214233303.000000000598B000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.apache.org/licenses/LICENSE-2.0file.exe, 00000003.00000003.216324625.000000000608E000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.comfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, file.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                                		high
                                http://www.galapagosdesign.com/file.exe, 00000003.00000003.220028378.0000000006096000.00000004.00000001.sdmp, name.exe, 00000004.00000003.220508852.0000000005977000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp//sOfile.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sajatypeworks.comwname.exe, 00000004.00000003.214006989.000000000598B000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/Lname.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.comionfile.exe, 00000003.00000003.253543403.000000000608A000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/jp/ufile.exe, 00000003.00000003.217797992.0000000006089000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/jp/file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmp, file.exe, 00000003.00000003.217797992.0000000006089000.00000004.00000001.sdmp, name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.comafile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/jp/wname.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/?name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.carterandcone.comlfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cnfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/xname.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/frere-jones.htmlfile.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.jiyu-kobo.co.jp/ufile.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/file.exe, 00000003.00000003.217445274.0000000006083000.00000004.00000001.sdmp, name.exe, 00000004.00000003.218188499.0000000005978000.00000004.00000001.sdmp, name.exe, 00000004.00000003.217929078.0000000005977000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.comofile.exe, 00000003.00000003.253543403.000000000608A000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8file.exe, 00000003.00000002.265434370.0000000007192000.00000004.00000001.sdmp, name.exe, 00000004.00000002.258227103.0000000005A60000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.comalicfile.exe, 00000003.00000003.219359586.000000000608E000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnticfile.exe, 00000003.00000003.215566337.000000000608E000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public

                                      IPDomainCountryFlagASNASN NameMalicious
                                      191.96.25.26
                                      		unknownChile
                                      		40676AS40676USfalse
                                      87.98.245.48
                                      		sys2021.linkpc.netFrance
                                      		16276OVHFRfalse

                                      General Information

                                      Joe Sandbox Version:32.0.0 Black Diamond
                                      Analysis ID:411334
                                      Start date:11.05.2021
                                      Start time:20:00:27
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 13m 47s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Sample file name:Invoice No F1019855_PDF.vbs
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Number of analysed new started processes analysed:37
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winVBS@15/9@24/2
                                      EGA Information:Failed
                                      HDC Information:
                                      • Successful, ratio: 0.6% (good quality ratio 0.4%)
                                      • Quality average: 39.5%
                                      • Quality standard deviation: 33.8%
                                      HCA Information:
                                      • Successful, ratio: 97%
                                      • Number of executed functions: 516
                                      • Number of non-executed functions: 21
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Found application associated with file extension: .vbs
                                      Warnings:
                                      Show All
                                      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                      • Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200, 20.82.210.154, 168.61.161.212, 104.43.193.48, 92.122.145.220, 40.88.32.150, 23.57.80.111, 92.122.213.247, 92.122.213.194, 8.241.90.126, 8.241.78.126, 8.253.207.120, 67.26.75.254, 8.238.35.254, 51.103.5.186, 20.54.26.129
                                      • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus15.cloudapp.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      20:01:32API Interceptor1x Sleep call for process: file.exe modified
                                      20:01:33API Interceptor801x Sleep call for process: name.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      191.96.25.26Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                        Spec_PDF.vbsGet hashmaliciousBrowse
                                          SpecPDF.vbsGet hashmaliciousBrowse
                                            87.98.245.48Cotizacin.jarGet hashmaliciousBrowse
                                              ORDER-0319.pdf.exeGet hashmaliciousBrowse
                                                PO-21322.xlsmGet hashmaliciousBrowse
                                                  ORDER-21031566AF.exeGet hashmaliciousBrowse
                                                    Booking Confirmation 02222021951 - copy -PDF.exeGet hashmaliciousBrowse
                                                      Document.exeGet hashmaliciousBrowse
                                                        ORDER #0622.exeGet hashmaliciousBrowse
                                                          hiIXRIdkjB.exeGet hashmaliciousBrowse
                                                            LIST_OF_IDs.xlsGet hashmaliciousBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              sys2021.linkpc.netInvoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                              • 79.137.109.121
                                                              Spec_PDF.vbsGet hashmaliciousBrowse
                                                              • 105.112.11.245
                                                              SpecPDF.vbsGet hashmaliciousBrowse
                                                              • 179.43.166.32

                                                              ASN

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              AS40676USGLqbDRKePPp16Zr.exeGet hashmaliciousBrowse
                                                              • 107.160.234.116
                                                              f41e9f9d_by_Libranalysis.exeGet hashmaliciousBrowse
                                                              • 107.160.177.197
                                                              Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                              • 191.96.25.26
                                                              2f50000.exeGet hashmaliciousBrowse
                                                              • 38.39.192.78
                                                              PT6-1152.docGet hashmaliciousBrowse
                                                              • 45.61.136.72
                                                              PT6-1152.docGet hashmaliciousBrowse
                                                              • 45.61.136.72
                                                              wMqdemYyHm.exeGet hashmaliciousBrowse
                                                              • 104.217.141.249
                                                              70pGP1JaCf6M0kf.exeGet hashmaliciousBrowse
                                                              • 107.160.232.135
                                                              Spec_PDF.vbsGet hashmaliciousBrowse
                                                              • 191.96.25.26
                                                              8CgG2kY3Ow.dllGet hashmaliciousBrowse
                                                              • 45.61.138.153
                                                              DHL_S390201.exeGet hashmaliciousBrowse
                                                              • 45.34.249.30
                                                              978463537_BL FOR APPROVAL.docGet hashmaliciousBrowse
                                                              • 45.34.114.71
                                                              SpecPDF.vbsGet hashmaliciousBrowse
                                                              • 191.96.25.26
                                                              7mB68AZqJs.exeGet hashmaliciousBrowse
                                                              • 104.217.143.44
                                                              q3uHPdoxWP.exeGet hashmaliciousBrowse
                                                              • 172.107.55.6
                                                              NMpDBwHJP8.exeGet hashmaliciousBrowse
                                                              • 172.107.55.6
                                                              OrSxEMsYDA.exeGet hashmaliciousBrowse
                                                              • 107.160.118.15
                                                              swift note.xlsxGet hashmaliciousBrowse
                                                              • 107.160.118.15
                                                              sgJRcWvnkP.exeGet hashmaliciousBrowse
                                                              • 107.160.118.15
                                                              YPJ9DZYIpOGet hashmaliciousBrowse
                                                              • 107.169.29.204
                                                              OVHFRUjmadjok.exeGet hashmaliciousBrowse
                                                              • 51.222.195.7
                                                              Sibco.exeGet hashmaliciousBrowse
                                                              • 51.222.195.7
                                                              A1qhcbngFV.exeGet hashmaliciousBrowse
                                                              • 51.178.207.67
                                                              eGDBXEE70Awbg6D.exeGet hashmaliciousBrowse
                                                              • 66.70.204.222
                                                              94280a43_by_Libranalysis.exeGet hashmaliciousBrowse
                                                              • 54.39.198.225
                                                              PAYMENT INSTRUCTIONS COPY.exeGet hashmaliciousBrowse
                                                              • 213.186.33.5
                                                              w5FqUzyDmszpdwX.exeGet hashmaliciousBrowse
                                                              • 66.70.204.222
                                                              SNBDBM2No4.exeGet hashmaliciousBrowse
                                                              • 213.186.33.5
                                                              Garanti BBVA Payment Slip.exeGet hashmaliciousBrowse
                                                              • 66.70.204.222
                                                              Purchase Inquiry 11.05.2021.exeGet hashmaliciousBrowse
                                                              • 51.79.80.214
                                                              BORMAR SA_Cotizaci#U00f3n de producto doc.exeGet hashmaliciousBrowse
                                                              • 5.135.185.231
                                                              Copy-1321435066-05102021.xlsmGet hashmaliciousBrowse
                                                              • 167.114.48.59
                                                              Copy-1321435066-05102021.xlsmGet hashmaliciousBrowse
                                                              • 167.114.48.59
                                                              Copy-1321435066-05102021.xlsmGet hashmaliciousBrowse
                                                              • 167.114.48.59
                                                              520b670d_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                              • 51.195.38.32
                                                              520b670d_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                              • 51.195.38.32
                                                              520b670d_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                              • 51.195.38.32
                                                              blackGet hashmaliciousBrowse
                                                              • 91.121.140.167
                                                              .report_systemGet hashmaliciousBrowse
                                                              • 94.23.247.226
                                                              98c87992_by_Libranalysis.exeGet hashmaliciousBrowse
                                                              • 54.38.220.85

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\name.exe.log
                                                              Process:C:\Users\user\AppData\Local\Temp\name.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):655
                                                              Entropy (8bit):5.273171405160065
                                                              Encrypted:false
                                                              SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
                                                              MD5:2703120C370FBB4A8BA08C6D1754039E
                                                              SHA1:EC0DB47BF00A4A828F796147619386C0BBEA66A1
                                                              SHA-256:F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
                                                              SHA-512:BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..
                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
                                                              Process:C:\Users\user\AppData\Local\Temp\file.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1308
                                                              Entropy (8bit):5.345811588615766
                                                              Encrypted:false
                                                              SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                                              MD5:2E016B886BDB8389D2DD0867BE55F87B
                                                              SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                                              SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                                              SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                              C:\Users\user\AppData\Local\Temp\file.exe
                                                              Process:C:\Windows\System32\wscript.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):703488
                                                              Entropy (8bit):7.213651737719658
                                                              Encrypted:false
                                                              SSDEEP:12288:doLLoS60/K7yh0K40auRhRwWSEUJu1NMm8kJ:doLApuRmZJu18E
                                                              MD5:E6A6EB2982AB17BBB7083493805823BA
                                                              SHA1:79D317D1F2E41E580CF84942C97C044C97A20A3A
                                                              SHA-256:263EB4034FE9B2BFE0E8472280BAB407EFFA3116391822A7CA34B2C480C438BF
                                                              SHA-512:7A91A5A264D9F28C68562082B85A18B7E1A90235318EA1222C96DDB0656EA1CBC58F47AE8E16CCADA708021011B69DBFB1D0F77B639C79F96903A77D119568EB
                                                              Malicious:true
                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2GZ...............0.............V.... ........@.. ....................... ............@.....................................O.................................................................................... ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................8.......H........e...~......v....................................................0...........r...p.+..*..0...........r...p.+..*".(.....*.0..C........(L...&............( ...h}........(!...h}.......("... ......(V...&*>...(#...(.....*..0..C........(L...&............( ...h}........(!...h}.......("... ......(V...&*>...(#...(.....*..0..2..........($.....(%........,...("......(&....('...(.....*>...(#...(.....*...0................b`.+..*...("... .......( ...h..(!...h(....(Q...&*..0..........
                                                              C:\Users\user\AppData\Local\Temp\name.exe
                                                              Process:C:\Windows\System32\wscript.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):784896
                                                              Entropy (8bit):7.328703413450174
                                                              Encrypted:false
                                                              SSDEEP:12288:OoLLoS60/K7yh036vCww4Scd3IGj483ESuvkuDKsjLtZTMfLodiMW2G:OoLA3AScdYKSvkItxeUdinh
                                                              MD5:43C4F163196FF02E7AA8C5040375FDA4
                                                              SHA1:F826B410B31CB251DD85F3663735B2F410906517
                                                              SHA-256:A585841F956F17925242996A98836B0D08767DDB179B4B41FD18A5DE719C531C
                                                              SHA-512:264FB4514257080068CEC2915BE6F81EA759812F059B9B969B2F40EE6E502497F22F66C0EFE9B2F5736D6C61F1C7967E9F801B1DF33D100261D4A1B560DDEF7E
                                                              Malicious:true
                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c...............0.............:.... ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text...@.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........e..,~......v...$....)...........................................0...........r...p.+..*..0...........r...p.+..*".(.....*.0..C........(L...&............(....h}........( ...h}.......(!... ......(V...&*>...("...(.....*..0..C........(L...&............(....h}........( ...h}.......(!... ......(V...&*>...("...(.....*..0..2..........(#.....($........,...(!......(%....(&...(.....*>...("...(.....*...0................b`.+..*...(!... .......(....h..( ...h(....(Q...&*..0..........
                                                              C:\Users\user\AppData\Local\Temp\tmpAD9.tmp
                                                              Process:C:\Users\user\AppData\Local\Temp\file.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1642
                                                              Entropy (8bit):5.192815293348326
                                                              Encrypted:false
                                                              SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB30tn:cbh47TlNQ//rydbz9I3YODOLNdq3g
                                                              MD5:E6F11A409139683DDF68EF89AA26A7F4
                                                              SHA1:C22B8452571C1B21B6DC42FD934AC5D89F506236
                                                              SHA-256:8DE96994F8D061A076A09392E6ABB30A7FFC1071CD655B47395783E2B1616E2E
                                                              SHA-512:3DD984011B2D39D0CA76C282F4391C94F95ACDA2917BE2C3304C976240F9651408AF8D38D34DDB49ABE3918B852EC69769DD4864DD41C5787A3547C938A36003
                                                              Malicious:true
                                                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                              C:\Users\user\AppData\Local\Temp\tmpC12.tmp
                                                              Process:C:\Users\user\AppData\Local\Temp\name.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1640
                                                              Entropy (8bit):5.186918440260069
                                                              Encrypted:false
                                                              SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBvtn:cbh47TlNQ//rydbz9I3YODOLNdq3D
                                                              MD5:5AAA212919E5C5942B4AF96D5F40E307
                                                              SHA1:B842F7B4B461F442963F87F92EF40C106A6AE72B
                                                              SHA-256:E751A34F0CF72662A8D9CAAA54A22CDB7B344E965A9CFAD36943612343C7EF5E
                                                              SHA-512:7E4B097A289BED9AF862B4B04F4990E1F06B317B7C4CEA70D3B334DB9F2E2D2EB23C0F3192F51149181C87A75D7606FC7008B1DFF82970AE19F117307F7A4518
                                                              Malicious:false
                                                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                              Process:C:\Users\user\AppData\Local\Temp\name.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8
                                                              Entropy (8bit):3.0
                                                              Encrypted:false
                                                              SSDEEP:3:ax8t:68t
                                                              MD5:77A6F2F5CCD6DD1BFCDC998F7A58D479
                                                              SHA1:CFD03C773EF88A3FBCA9018C45311FD7D7770FDB
                                                              SHA-256:3BD10D98336C9729F78D458266C499AF4BDB01A79015E7F4F1B9CEA5C33B1E8E
                                                              SHA-512:EB90A4E934243F430E3EA744052EF22384815F3028E5AEECAF501A700A31A443553BA8FDD99DC18F5C8025E6A367A2A460EB775DA8895012C0FCEF2BD25D38FD
                                                              Malicious:true
                                                              Preview: .3.C...H
                                                              C:\Users\user\AppData\Roaming\JkeJLChUI.exe
                                                              Process:C:\Users\user\AppData\Local\Temp\file.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):703488
                                                              Entropy (8bit):7.213651737719658
                                                              Encrypted:false
                                                              SSDEEP:12288:doLLoS60/K7yh0K40auRhRwWSEUJu1NMm8kJ:doLApuRmZJu18E
                                                              MD5:E6A6EB2982AB17BBB7083493805823BA
                                                              SHA1:79D317D1F2E41E580CF84942C97C044C97A20A3A
                                                              SHA-256:263EB4034FE9B2BFE0E8472280BAB407EFFA3116391822A7CA34B2C480C438BF
                                                              SHA-512:7A91A5A264D9F28C68562082B85A18B7E1A90235318EA1222C96DDB0656EA1CBC58F47AE8E16CCADA708021011B69DBFB1D0F77B639C79F96903A77D119568EB
                                                              Malicious:false
                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2GZ...............0.............V.... ........@.. ....................... ............@.....................................O.................................................................................... ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................8.......H........e...~......v....................................................0...........r...p.+..*..0...........r...p.+..*".(.....*.0..C........(L...&............( ...h}........(!...h}.......("... ......(V...&*>...(#...(.....*..0..C........(L...&............( ...h}........(!...h}.......("... ......(V...&*>...(#...(.....*..0..2..........($.....(%........,...("......(&....('...(.....*>...(#...(.....*...0................b`.+..*...("... .......( ...h..(!...h(....(Q...&*..0..........
                                                              C:\Users\user\AppData\Roaming\LiydYED.exe
                                                              Process:C:\Users\user\AppData\Local\Temp\name.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):784896
                                                              Entropy (8bit):7.328703413450174
                                                              Encrypted:false
                                                              SSDEEP:12288:OoLLoS60/K7yh036vCww4Scd3IGj483ESuvkuDKsjLtZTMfLodiMW2G:OoLA3AScdYKSvkItxeUdinh
                                                              MD5:43C4F163196FF02E7AA8C5040375FDA4
                                                              SHA1:F826B410B31CB251DD85F3663735B2F410906517
                                                              SHA-256:A585841F956F17925242996A98836B0D08767DDB179B4B41FD18A5DE719C531C
                                                              SHA-512:264FB4514257080068CEC2915BE6F81EA759812F059B9B969B2F40EE6E502497F22F66C0EFE9B2F5736D6C61F1C7967E9F801B1DF33D100261D4A1B560DDEF7E
                                                              Malicious:false
                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c...............0.............:.... ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text...@.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........e..,~......v...$....)...........................................0...........r...p.+..*..0...........r...p.+..*".(.....*.0..C........(L...&............(....h}........( ...h}.......(!... ......(V...&*>...("...(.....*..0..C........(L...&............(....h}........( ...h}.......(!... ......(V...&*>...("...(.....*..0..2..........(#.....($........,...(!......(%....(&...(.....*>...("...(.....*...0................b`.+..*...(!... .......(....h..( ...h(....(Q...&*..0..........

                                                              Static File Info

                                                              General

                                                              File type:ASCII text, with very long lines, with CRLF line terminators
                                                              Entropy (8bit):5.738078637712689
                                                              TrID:
                                                              • Visual Basic Script (13500/0) 87.10%
                                                              • Disk Image (Macintosh), GPT (2000/0) 12.90%
                                                              File name:Invoice No F1019855_PDF.vbs
                                                              File size:2072856
                                                              MD5:fcf52f96d96c68788ffe13fcccd4c89c
                                                              SHA1:ca29113b7607ecb7d9a65d8285d7d36f367b1cd0
                                                              SHA256:fbc5a1e5f8a02c644cf207d40885c7973dc7e4809b97f676927da3e13e17ed1f
                                                              SHA512:bf38bab39d1358892b0d7fc65bfd8688078b4404de0edb3231a7c96b0d1df428786c5c8bf07ba07f7b88913a3a1de72d46063df689edc428e3132e8838540bf8
                                                              SSDEEP:24576:b+Ve64mPEkJd1XpdQ5YImc4yFNkVQtJpE5821c5+D5PTxrpWhFcW1Gi/zQSov0FF:bIz4ToQsx46J/0
                                                              File Content Preview:on error resume next..Dim RDMsYFgRTjlFiPOXgngfmYrotYHtgshiEaKISfIKcNDgFgGvTPhfBXNsMXzAymkaCCAHEFFAfVCZVKjMRLZRLBhgNSwugIMpdcdDfzqNKgAfUoXBomimNTPBVUumJKUXJNwthfhSVMGfBCLZvvFuZacJNciLEDEAMcWGrdUIEQQANjzTIVrOEZyjlmfFxWNSIGSYfEhR..'bxpIJbwdcPCjMpwmenVFyOLiCy

                                                              File Icon

                                                              Icon Hash:e8d69ece869a9ec4

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              May 11, 2021 20:01:41.735663891 CEST4972511940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:42.043533087 CEST119404972587.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:42.612586021 CEST4972511940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:42.946511984 CEST119404972587.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:43.612987041 CEST4972511940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:43.841502905 CEST119404972587.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:49.301887035 CEST4972911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:49.632344961 CEST119404972987.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:50.222598076 CEST4972911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:50.553210020 CEST119404972987.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:51.222748995 CEST4972911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:51.523634911 CEST119404972987.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:54.401385069 CEST4973210090192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:54.673207998 CEST100904973287.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:55.222990036 CEST4973210090192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:55.433574915 CEST100904973287.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:55.743906021 CEST4973311940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:56.019952059 CEST4973210090192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:56.042218924 CEST119404973387.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:56.347024918 CEST100904973287.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:56.613817930 CEST4973311940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:56.864617109 CEST119404973387.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:57.426366091 CEST4973311940192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:57.715471983 CEST119404973387.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:58.201350927 CEST4973410090192.168.2.387.98.245.48
                                                              May 11, 2021 20:01:58.439827919 CEST100904973487.98.245.48192.168.2.3
                                                              May 11, 2021 20:01:58.980581045 CEST4973410090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:01.726294041 CEST4973611940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:01.915411949 CEST1194049736191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:02.426779985 CEST4973611940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:02.615673065 CEST1194049736191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:03.224565983 CEST4973611940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:03.413295031 CEST1194049736191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:05.114484072 CEST4973410090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:05.374241114 CEST100904973487.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:07.429775000 CEST4973911940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:07.618309021 CEST1194049739191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:08.224159002 CEST4973911940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:08.412794113 CEST1194049739191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:08.785770893 CEST4974010090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:08.927269936 CEST4973911940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:09.025546074 CEST100904974087.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:09.118798971 CEST1194049739191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:09.614939928 CEST4974010090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:09.847903967 CEST100904974087.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:10.427467108 CEST4974010090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:10.706358910 CEST100904974087.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:12.841183901 CEST4974110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:13.165374994 CEST4974211940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:13.275830030 CEST100904974187.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:13.355648994 CEST1194049742191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:13.927700996 CEST4974211940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:13.927778959 CEST4974110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:14.116558075 CEST1194049742191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:14.227073908 CEST100904974187.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:14.724626064 CEST4974211940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:14.913285017 CEST1194049742191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:14.927854061 CEST4974110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:15.149918079 CEST100904974187.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:17.089134932 CEST4974310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:17.439536095 CEST100904974387.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:18.115554094 CEST4974310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:18.454447031 CEST100904974387.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:19.076059103 CEST4974310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:19.098360062 CEST4974711940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:19.323482037 CEST100904974387.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:19.323514938 CEST119404974787.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:19.928250074 CEST4974711940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:20.175740004 CEST119404974787.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:20.725198984 CEST4974711940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:20.938369036 CEST119404974787.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:24.276612043 CEST4974810090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:24.593111992 CEST100904974887.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:25.084472895 CEST4974911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:25.225553036 CEST4974810090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:25.354984045 CEST119404974987.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:25.508436918 CEST100904974887.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:25.928728104 CEST4974911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:26.116236925 CEST4974810090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:26.236618996 CEST119404974987.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:26.417285919 CEST100904974887.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:26.944396973 CEST4974911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:27.213268995 CEST119404974987.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:27.916582108 CEST4975110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:28.171042919 CEST100904975187.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:28.725832939 CEST4975110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:29.084631920 CEST100904975187.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:29.616579056 CEST4975110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:29.918757915 CEST100904975187.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:31.867494106 CEST4975211940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:32.117743015 CEST119404975287.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:32.726202011 CEST4975211940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:33.025172949 CEST119404975287.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:33.186909914 CEST4975310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:33.480001926 CEST100904975387.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:33.616836071 CEST4975211940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:33.847836018 CEST119404975287.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:34.040884018 CEST4975310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:34.270885944 CEST100904975387.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:34.929462910 CEST4975310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:35.152056932 CEST100904975387.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:37.859205961 CEST4975411940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:38.048528910 CEST1194049754191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:38.617280960 CEST4975411940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:38.806102991 CEST1194049754191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:39.120049953 CEST4975510090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:39.362171888 CEST100904975587.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:39.429810047 CEST4975411940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:39.618763924 CEST1194049754191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:39.932142973 CEST4975510090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:40.274277925 CEST100904975587.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:40.820625067 CEST4975510090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:41.087426901 CEST100904975587.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:43.634912014 CEST4975611940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:43.823621035 CEST1194049756191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:44.336584091 CEST4975611940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:44.525101900 CEST1194049756191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:45.039659977 CEST4975611940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:45.073144913 CEST4975710090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:45.228302002 CEST1194049756191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:45.289124966 CEST100904975787.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:45.789870977 CEST4975710090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:46.064428091 CEST100904975787.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:46.571098089 CEST4975710090192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:49.244296074 CEST4975811940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:49.432760000 CEST1194049758191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:49.946403027 CEST4975811940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:50.134916067 CEST1194049758191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:50.650141954 CEST4975811940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:02:50.838591099 CEST1194049758191.96.25.26192.168.2.3
                                                              May 11, 2021 20:02:55.107682943 CEST4975911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:55.389276028 CEST119404975987.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:55.899980068 CEST4975911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:56.152304888 CEST119404975987.98.245.48192.168.2.3
                                                              May 11, 2021 20:02:56.665714979 CEST4975911940192.168.2.387.98.245.48
                                                              May 11, 2021 20:02:56.910360098 CEST119404975987.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:00.349836111 CEST4976110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:01.042751074 CEST4976211940192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:01.359299898 CEST119404976287.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:01.869748116 CEST4976211940192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:02.172754049 CEST119404976287.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:02.681936979 CEST4976211940192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:02.886465073 CEST119404976287.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:03.353852987 CEST4976110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:03.646497011 CEST100904976187.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:04.150727987 CEST4976110090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:04.450777054 CEST100904976187.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:06.567600965 CEST4976310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:06.877878904 CEST100904976387.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:07.021059036 CEST4976411940192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:07.331396103 CEST119404976487.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:07.385291100 CEST4976310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:07.634346962 CEST100904976387.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:07.838499069 CEST4976411940192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:08.092957020 CEST119404976487.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:08.135461092 CEST4976310090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:08.394088984 CEST100904976387.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:08.604161978 CEST4976411940192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:08.848762035 CEST119404976487.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:10.935703993 CEST4976610090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:11.171190023 CEST100904976687.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:11.682565928 CEST4976610090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:11.895631075 CEST100904976687.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:12.401352882 CEST4976610090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:12.655092001 CEST100904976687.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:12.857129097 CEST4976711940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:13.046139002 CEST1194049767191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:13.557729006 CEST4976711940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:13.746634007 CEST1194049767191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:14.261001110 CEST4976711940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:14.449911118 CEST1194049767191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:16.435623884 CEST4976810090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:16.762578964 CEST100904976887.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:17.276922941 CEST4976810090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:17.573733091 CEST100904976887.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:18.089560032 CEST4976810090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:18.399460077 CEST100904976887.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:18.466065884 CEST4976911940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:18.656044006 CEST1194049769191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:19.167584896 CEST4976911940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:19.357348919 CEST1194049769191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:19.870897055 CEST4976911940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:20.068061113 CEST1194049769191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:21.940911055 CEST4977010090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:22.261899948 CEST100904977087.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:22.777203083 CEST4977010090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:23.021559954 CEST100904977087.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:23.528309107 CEST4977010090192.168.2.387.98.245.48
                                                              May 11, 2021 20:03:23.834696054 CEST100904977087.98.245.48192.168.2.3
                                                              May 11, 2021 20:03:24.075073004 CEST4977111940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:24.265594006 CEST1194049771191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:24.777883053 CEST4977111940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:24.967674017 CEST1194049771191.96.25.26192.168.2.3
                                                              May 11, 2021 20:03:25.480602980 CEST4977111940192.168.2.3191.96.25.26
                                                              May 11, 2021 20:03:25.672127008 CEST1194049771191.96.25.26192.168.2.3

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              May 11, 2021 20:01:07.004765034 CEST5128153192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:07.038886070 CEST4919953192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:07.066556931 CEST53512818.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:07.098418951 CEST53491998.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:07.494817972 CEST5062053192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:07.548559904 CEST53506208.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:09.228950977 CEST6493853192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:09.278584003 CEST53649388.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:10.152699947 CEST6015253192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:10.162095070 CEST5754453192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:10.202456951 CEST53601528.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:10.224232912 CEST53575448.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:11.907697916 CEST5598453192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:11.959342957 CEST53559848.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:13.059474945 CEST6418553192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:13.109622955 CEST53641858.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:15.595402002 CEST6511053192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:15.644582033 CEST53651108.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:16.662657022 CEST5836153192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:16.714410067 CEST53583618.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:17.499386072 CEST6349253192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:17.548319101 CEST53634928.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:18.377249956 CEST6083153192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:18.428778887 CEST53608318.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:19.277311087 CEST6010053192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:19.326052904 CEST53601008.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:20.349581957 CEST5319553192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:20.401139021 CEST53531958.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:21.546789885 CEST5014153192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:21.603723049 CEST53501418.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:22.402873993 CEST5302353192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:22.451591969 CEST53530238.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:23.730110884 CEST4956353192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:23.779150009 CEST53495638.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:24.779067993 CEST5135253192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:24.827877998 CEST53513528.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:34.007759094 CEST5934953192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:34.064801931 CEST53593498.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:35.142046928 CEST5708453192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:35.190892935 CEST53570848.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:37.435523033 CEST5882353192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:37.487049103 CEST53588238.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:38.464363098 CEST5756853192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:38.514513969 CEST53575688.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:41.509277105 CEST5054053192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:41.686825037 CEST53505408.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:45.616272926 CEST5436653192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:45.680080891 CEST53543668.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:49.138422966 CEST5303453192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:49.299673080 CEST53530348.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:53.265803099 CEST5776253192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:53.340054989 CEST53577628.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:54.340051889 CEST5543553192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:54.397157907 CEST53554358.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:55.685375929 CEST5071353192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:55.742697001 CEST53507138.8.8.8192.168.2.3
                                                              May 11, 2021 20:01:58.142092943 CEST5613253192.168.2.38.8.8.8
                                                              May 11, 2021 20:01:58.199521065 CEST53561328.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:01.318304062 CEST5898753192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:01.377551079 CEST53589878.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:02.242511034 CEST5657953192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:02.291301012 CEST53565798.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:03.740212917 CEST6063353192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:03.788909912 CEST53606338.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:08.667450905 CEST6129253192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:08.726759911 CEST53612928.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:12.782820940 CEST6361953192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:12.839679003 CEST53636198.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:16.987337112 CEST6493853192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:17.026994944 CEST6194653192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:17.047297001 CEST53649388.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:17.087491035 CEST53619468.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:18.992469072 CEST6491053192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:19.051923037 CEST53649108.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:24.215464115 CEST5212353192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:24.275331974 CEST53521238.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:25.024122953 CEST5613053192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:25.083309889 CEST53561308.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:26.134937048 CEST5633853192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:26.204402924 CEST53563388.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:27.854428053 CEST5942053192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:27.914695978 CEST53594208.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:31.807564974 CEST5878453192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:31.865056992 CEST53587848.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:33.124355078 CEST6397853192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:33.185776949 CEST53639788.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:39.061223030 CEST6293853192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:39.118395090 CEST53629388.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:45.022650957 CEST5570853192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:45.071504116 CEST53557088.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:54.950963974 CEST5680353192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:55.106497049 CEST53568038.8.8.8192.168.2.3
                                                              May 11, 2021 20:02:55.939254045 CEST5714553192.168.2.38.8.8.8
                                                              May 11, 2021 20:02:56.006665945 CEST53571458.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:00.298666954 CEST5535953192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:00.347470999 CEST53553598.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:00.979793072 CEST5830653192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:01.040043116 CEST53583068.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:06.509145021 CEST6412453192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:06.566308022 CEST53641248.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:06.962580919 CEST4936153192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:07.019815922 CEST53493618.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:08.108690977 CEST6315053192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:08.179083109 CEST53631508.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:10.875622034 CEST5327953192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:10.933634043 CEST53532798.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:16.381038904 CEST5688153192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:16.433048010 CEST53568818.8.8.8192.168.2.3
                                                              May 11, 2021 20:03:21.888761044 CEST5364253192.168.2.38.8.8.8
                                                              May 11, 2021 20:03:21.940306902 CEST53536428.8.8.8192.168.2.3

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                              May 11, 2021 20:01:41.509277105 CEST192.168.2.38.8.8.80xdc43Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:49.138422966 CEST192.168.2.38.8.8.80xfdd3Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:54.340051889 CEST192.168.2.38.8.8.80x3f92Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:55.685375929 CEST192.168.2.38.8.8.80x6470Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:58.142092943 CEST192.168.2.38.8.8.80x8b06Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:08.667450905 CEST192.168.2.38.8.8.80xc699Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:12.782820940 CEST192.168.2.38.8.8.80xa310Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:17.026994944 CEST192.168.2.38.8.8.80x9bb6Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:18.992469072 CEST192.168.2.38.8.8.80x9788Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:24.215464115 CEST192.168.2.38.8.8.80x6bf9Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:25.024122953 CEST192.168.2.38.8.8.80x23e1Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:27.854428053 CEST192.168.2.38.8.8.80xb19eStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:31.807564974 CEST192.168.2.38.8.8.80xfb83Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:33.124355078 CEST192.168.2.38.8.8.80x1f14Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:39.061223030 CEST192.168.2.38.8.8.80xf4f9Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:45.022650957 CEST192.168.2.38.8.8.80x6655Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:54.950963974 CEST192.168.2.38.8.8.80x2f8aStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:00.298666954 CEST192.168.2.38.8.8.80xc300Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:00.979793072 CEST192.168.2.38.8.8.80x8706Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:06.509145021 CEST192.168.2.38.8.8.80x48a4Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:06.962580919 CEST192.168.2.38.8.8.80xf1e5Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:10.875622034 CEST192.168.2.38.8.8.80xff27Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:16.381038904 CEST192.168.2.38.8.8.80x7101Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:21.888761044 CEST192.168.2.38.8.8.80x307eStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                              May 11, 2021 20:01:41.686825037 CEST8.8.8.8192.168.2.30xdc43No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:49.299673080 CEST8.8.8.8192.168.2.30xfdd3No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:54.397157907 CEST8.8.8.8192.168.2.30x3f92No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:55.742697001 CEST8.8.8.8192.168.2.30x6470No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:01:58.199521065 CEST8.8.8.8192.168.2.30x8b06No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:08.726759911 CEST8.8.8.8192.168.2.30xc699No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:12.839679003 CEST8.8.8.8192.168.2.30xa310No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:17.087491035 CEST8.8.8.8192.168.2.30x9bb6No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:19.051923037 CEST8.8.8.8192.168.2.30x9788No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:24.275331974 CEST8.8.8.8192.168.2.30x6bf9No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:25.083309889 CEST8.8.8.8192.168.2.30x23e1No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:27.914695978 CEST8.8.8.8192.168.2.30xb19eNo error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:31.865056992 CEST8.8.8.8192.168.2.30xfb83No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:33.185776949 CEST8.8.8.8192.168.2.30x1f14No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:39.118395090 CEST8.8.8.8192.168.2.30xf4f9No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:45.071504116 CEST8.8.8.8192.168.2.30x6655No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:02:55.106497049 CEST8.8.8.8192.168.2.30x2f8aNo error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:00.347470999 CEST8.8.8.8192.168.2.30xc300No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:01.040043116 CEST8.8.8.8192.168.2.30x8706No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:06.566308022 CEST8.8.8.8192.168.2.30x48a4No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:07.019815922 CEST8.8.8.8192.168.2.30xf1e5No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:10.933634043 CEST8.8.8.8192.168.2.30xff27No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:16.433048010 CEST8.8.8.8192.168.2.30x7101No error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)
                                                              May 11, 2021 20:03:21.940306902 CEST8.8.8.8192.168.2.30x307eNo error (0)sys2021.linkpc.net87.98.245.48A (IP address)IN (0x0001)

                                                              Code Manipulations

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              Analysis Process: wscript.exe PID: 6380 Parent PID: 3388

                                                              General

                                                              Start time:20:01:15
                                                              Start date:11/05/2021
                                                              Path:C:\Windows\System32\wscript.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice No F1019855_PDF.vbs'
                                                              Imagebase:0x7ff78dde0000
                                                              File size:163840 bytes
                                                              MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: file.exe PID: 6588 Parent PID: 6380

                                                              General

                                                              Start time:20:01:20
                                                              Start date:11/05/2021
                                                              Path:C:\Users\user\AppData\Local\Temp\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:'C:\Users\user\AppData\Local\Temp\file.exe'
                                                              Imagebase:0xd70000
                                                              File size:703488 bytes
                                                              MD5 hash:E6A6EB2982AB17BBB7083493805823BA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:.Net C# or VB.NET
                                                              Yara matches:
                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000003.00000002.255078777.00000000030F1000.00000004.00000001.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000003.00000002.256966112.00000000040F9000.00000004.00000001.sdmp, Author: Joe Security
                                                              Reputation:low

                                                              Chronological Activities

                                                              Analysis Process: name.exe PID: 6612 Parent PID: 6380

                                                              General

                                                              Start time:20:01:20
                                                              Start date:11/05/2021
                                                              Path:C:\Users\user\AppData\Local\Temp\name.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:'C:\Users\user\AppData\Local\Temp\name.exe'
                                                              Imagebase:0xcd0000
                                                              File size:784896 bytes
                                                              MD5 hash:43C4F163196FF02E7AA8C5040375FDA4
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:.Net C# or VB.NET
                                                              Yara matches:
                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, Author: Florian Roth
                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, Author: Joe Security
                                                              • Rule: NanoCore, Description: unknown, Source: 00000004.00000002.254692678.0000000004551000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                              Reputation:low

                                                              Chronological Activities

                                                              Analysis Process: schtasks.exe PID: 7072 Parent PID: 6588

                                                              General

                                                              Start time:20:01:36
                                                              Start date:11/05/2021
                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\JkeJLChUI' /XML 'C:\Users\user\AppData\Local\Temp\tmpAD9.tmp'
                                                              Imagebase:0x2a0000
                                                              File size:185856 bytes
                                                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: schtasks.exe PID: 7088 Parent PID: 6612

                                                              General

                                                              Start time:20:01:36
                                                              Start date:11/05/2021
                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpC12.tmp'
                                                              Imagebase:0x2a0000
                                                              File size:185856 bytes
                                                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: conhost.exe PID: 7104 Parent PID: 7072

                                                              General

                                                              Start time:20:01:37
                                                              Start date:11/05/2021
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6b2800000
                                                              File size:625664 bytes
                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: conhost.exe PID: 7116 Parent PID: 7088

                                                              General

                                                              Start time:20:01:37
                                                              Start date:11/05/2021
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6b2800000
                                                              File size:625664 bytes
                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: file.exe PID: 7156 Parent PID: 6588

                                                              General

                                                              Start time:20:01:37
                                                              Start date:11/05/2021
                                                              Path:C:\Users\user\AppData\Local\Temp\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:{path}
                                                              Imagebase:0xd60000
                                                              File size:703488 bytes
                                                              MD5 hash:E6A6EB2982AB17BBB7083493805823BA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:.Net C# or VB.NET
                                                              Yara matches:
                                                              • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000A.00000002.468822970.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                              Reputation:low

                                                              Chronological Activities

                                                              Analysis Process: name.exe PID: 800 Parent PID: 6612

                                                              General

                                                              Start time:20:01:38
                                                              Start date:11/05/2021
                                                              Path:C:\Users\user\AppData\Local\Temp\name.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:{path}
                                                              Imagebase:0x980000
                                                              File size:784896 bytes
                                                              MD5 hash:43C4F163196FF02E7AA8C5040375FDA4
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:.Net C# or VB.NET
                                                              Yara matches:
                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmp, Author: Florian Roth
                                                              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000B.00000002.477861276.0000000005590000.00000004.00000001.sdmp, Author: Florian Roth
                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, Author: Joe Security
                                                              • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.476715022.0000000004087000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                              • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.468941603.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, Author: Florian Roth
                                                              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, Author: Florian Roth
                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.478086503.0000000005950000.00000004.00000001.sdmp, Author: Joe Security
                                                              Reputation:low

                                                              Chronological Activities

                                                              Disassembly

                                                              Code Analysis

                                                              Reset < >

                                                                Analysis Process: file.exe PID: 6588 Parent PID: 6380 file.exeCOMMON

                                                                Executed Functions

                                                                Function 07728767, Relevance: 4.1, Strings: 3, Instructions: 389COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: sw$Ja{}$Ja{}
                                                                • API String ID: 0-792098288
                                                                • Opcode ID: 1dd12665b831255f6084ce2a7f5482bb8bc625f45773cabc1e71627f867c427b
                                                                • Instruction ID: 02de3dd0cfc5c38666f6e9fa491fa8e668c44da793b8acf19ed848c0359032b9
                                                                • Opcode Fuzzy Hash: 1dd12665b831255f6084ce2a7f5482bb8bc625f45773cabc1e71627f867c427b
                                                                • Instruction Fuzzy Hash: 91F19FB191422ACFCB08CFA5D4804AEFBB6FF49340F148569D421AB215DB35A983DFD2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07728828, Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: sw$Ja{}$Ja{}
                                                                • API String ID: 0-792098288
                                                                • Opcode ID: a596b4eb89f5c4dfb02fb4d53f9b26d0e7888a2d4223fdb8feb903909aae8989
                                                                • Instruction ID: 4f4b4ea24ee409e6c759f710df9f6d87622c51d249dce186d016142417ee84a9
                                                                • Opcode Fuzzy Hash: a596b4eb89f5c4dfb02fb4d53f9b26d0e7888a2d4223fdb8feb903909aae8989
                                                                • Instruction Fuzzy Hash: A1C16CB0E1521ADFCB08CF95C4818AEFBB6FF89340F149569D411AB314DB35A942CF92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772882A, Relevance: 4.0, Strings: 3, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: sw$Ja{}$Ja{}
                                                                • API String ID: 0-792098288
                                                                • Opcode ID: 7b32c15ca18272a39aebd2f70c8bb8de7c0c686b94a2b262e31a761def286430
                                                                • Instruction ID: 2bd56caee621c32118fa7a804ee0b5fc7dc94e9e4555cfdc1a299ed989b58594
                                                                • Opcode Fuzzy Hash: 7b32c15ca18272a39aebd2f70c8bb8de7c0c686b94a2b262e31a761def286430
                                                                • Instruction Fuzzy Hash: A3C14AB0E1521ADFCB08CF95C4818AEFBB6FF89340F149569D415AB314DB35AA42CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772B9A8, Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Onv
                                                                • API String ID: 0-3824373214
                                                                • Opcode ID: 03d11b989bf1cbceb84d4c2e4e1571a6d34b68112b7b68bcd5d91351d89eba99
                                                                • Instruction ID: fc1df1023c3c2bd1fc37de663a2defecab8078ba6af479a9808f7afe65bee00e
                                                                • Opcode Fuzzy Hash: 03d11b989bf1cbceb84d4c2e4e1571a6d34b68112b7b68bcd5d91351d89eba99
                                                                • Instruction Fuzzy Hash: 03F1BEB4915209CFCB40DFA8D48499DBBF6FB49354B109866E029EB634EB34AD42CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772BA40, Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Onv
                                                                • API String ID: 0-3824373214
                                                                • Opcode ID: ed3bf1c432ecfefd3d74a9c89b700d0110708e9d854702778942dbe7f1dad8f8
                                                                • Instruction ID: c880f90eccc3d15286a79c4a1c18b910fd6c2cf4000183deb43c9ed98095184d
                                                                • Opcode Fuzzy Hash: ed3bf1c432ecfefd3d74a9c89b700d0110708e9d854702778942dbe7f1dad8f8
                                                                • Instruction Fuzzy Hash: 10D16AB4915209CFCB40DFA9D58498DBBF2FB48304F119865E119EB624EB34AD82CF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727948, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: y!bd
                                                                • API String ID: 0-334016697
                                                                • Opcode ID: fb9d48c708bb196eb85af11f84d7663bb7cbd05a594e287f684a34568ec52d46
                                                                • Instruction ID: f9f6a68a6bb1cbb6af17a121144382d6e4afd15fe917ebb897fe663cf7866cf7
                                                                • Opcode Fuzzy Hash: fb9d48c708bb196eb85af11f84d7663bb7cbd05a594e287f684a34568ec52d46
                                                                • Instruction Fuzzy Hash: 213109B1E006188BDB18CFAAD9446DEFBB7AFC8310F14C069D409AB254DB355A46CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727938, Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: y!bd
                                                                • API String ID: 0-334016697
                                                                • Opcode ID: 1573ab49ad2344924a4fc3429bbdb9fccbdd7c623531dda7bd8f4f045a7e0512
                                                                • Instruction ID: cf5c82e6ed59b9403e64f17727bda99d52a4371fc35e440b7a6158d3d3d058fe
                                                                • Opcode Fuzzy Hash: 1573ab49ad2344924a4fc3429bbdb9fccbdd7c623531dda7bd8f4f045a7e0512
                                                                • Instruction Fuzzy Hash: 5321D8B0E006588BDB18CFABC94439EBBF7AFC8300F14C06AD408AA258DB741946CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07722C30, Relevance: .6, Instructions: 640COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ffa75563a8b18bd59cfd330d6b14a55e649372e8b02158b37599bb880b17b5e
                                                                • Instruction ID: 7ef7f0584efba9f5e3391017307c98ef67dccb457ecfdbb6166e82c75e2f065e
                                                                • Opcode Fuzzy Hash: 2ffa75563a8b18bd59cfd330d6b14a55e649372e8b02158b37599bb880b17b5e
                                                                • Instruction Fuzzy Hash: 5A32B1B1B042258FCB18DF69C444A6EBBF2BF89340F168869D516DB362CB35DC42DB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07722113, Relevance: .6, Instructions: 553COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6dac1d502155c50d2ab1c1ebff7258268b01b36f9f6b8b3f0ab9db4c4c513f96
                                                                • Instruction ID: e08a116c40e4fdef31178695280a3158e1fb56b327facb50fd8b6cc84d723983
                                                                • Opcode Fuzzy Hash: 6dac1d502155c50d2ab1c1ebff7258268b01b36f9f6b8b3f0ab9db4c4c513f96
                                                                • Instruction Fuzzy Hash: C952D974A052298FCB64DF64C898A9DB7B2FF89304F1141E9D50AAB365DF30AD81CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077261A1, Relevance: .3, Instructions: 303COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8604576b593ff1b413d1c4aaf18b5b0f8b10e6fcc8e73e931ef7df6830d5e6a5
                                                                • Instruction ID: 896f4fb60faee399d6ca76512a747e8a60c1304ab78f7b1600c0e21e74222ae3
                                                                • Opcode Fuzzy Hash: 8604576b593ff1b413d1c4aaf18b5b0f8b10e6fcc8e73e931ef7df6830d5e6a5
                                                                • Instruction Fuzzy Hash: AAB17BB5E042288FCB08CFA5E8406DDBBF6FB89350F10842BD425EB662D7319942CF95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772CE88, Relevance: .3, Instructions: 252COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f5f9c18dd4359ec768257459d8f04a12195930bbccf49b496d405142521c8c0
                                                                • Instruction ID: f719fb768e96d233ba268bd555091a3c4b1612a4bdf4f6e9cbb3c6495ca93098
                                                                • Opcode Fuzzy Hash: 8f5f9c18dd4359ec768257459d8f04a12195930bbccf49b496d405142521c8c0
                                                                • Instruction Fuzzy Hash: 7EA156B0E042298FCB14CFA9C5819DEFBF2FF89350F24C129D415AB258D7309942DB65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077261F9, Relevance: .2, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7956dc0c5a9c54f46465361f3b767f1524e862cfb7104b0e03f289680e4c70a1
                                                                • Instruction ID: 0b5a52e1dfd683d2c8ad313f53692fd04d087d811f868b9848d6a0b7c34920a3
                                                                • Opcode Fuzzy Hash: 7956dc0c5a9c54f46465361f3b767f1524e862cfb7104b0e03f289680e4c70a1
                                                                • Instruction Fuzzy Hash: 769126B4E152198FCB08CFA9D851ADEBBF6FF89300F14802AD425AB765DB319902CF55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07726250, Relevance: .2, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1746cd736837402ee35448e8b79dd6e6830726754cce4cbff76cea0e3f9c3b93
                                                                • Instruction ID: a996d72357db21772482415c4ecf9080b7bfc6541b3207686902c0bc29f45b64
                                                                • Opcode Fuzzy Hash: 1746cd736837402ee35448e8b79dd6e6830726754cce4cbff76cea0e3f9c3b93
                                                                • Instruction Fuzzy Hash: 3B81B3B4E142198FDB08CFE9C954A9EBBF2FF89300F14902AD515AB364DB319942CF55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077251E0, Relevance: .2, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9fbbed8314f4ba4f2656158c9836bc3cc088d2618ddb932e5ec34cb705fca284
                                                                • Instruction ID: 02ba3c894703feaf05f9bd2a9c02622d2b9e2470c0b8568ca72e6b50153b43ce
                                                                • Opcode Fuzzy Hash: 9fbbed8314f4ba4f2656158c9836bc3cc088d2618ddb932e5ec34cb705fca284
                                                                • Instruction Fuzzy Hash: 3051B4B4E052199FCB04DFAAC981AEEFBF2BF89304F14C569D414A7255D734A942CF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077231C0, Relevance: .2, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4825846011ea17b7f2e3cbc90693ea3cac4e3a8c439adc995cc96e340d5c237d
                                                                • Instruction ID: 99f48aee1cbd07d0a8cfd8255c4c7cc80e0b855cf55306d3bd4239474e008d69
                                                                • Opcode Fuzzy Hash: 4825846011ea17b7f2e3cbc90693ea3cac4e3a8c439adc995cc96e340d5c237d
                                                                • Instruction Fuzzy Hash: 0751A274E012199FDB08DFA9C955AAEBBF2FF89300F14C02AE515AB354DB349942CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772F630, Relevance: .1, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac787f9f708da5c760d0d831cebb02da21086d1927650019796428ed135ffefc
                                                                • Instruction ID: 9291700fca712ccb7e800c2e0978bc5b12414661bbcc2c27c4b56b89853dbca6
                                                                • Opcode Fuzzy Hash: ac787f9f708da5c760d0d831cebb02da21086d1927650019796428ed135ffefc
                                                                • Instruction Fuzzy Hash: 45315EB0E256198BCB08CFA9D9405DDFBF6FB8E244F10952AD016F7364DB3499028F28
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772AF60, Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb56fad4854c096117c543c786b970a63440678ca7e925a39ee4cef9b60b671d
                                                                • Instruction ID: 53eaa4e46ff652ff58d895c707e54f7b4cb6f878cae1951bcc5554e7eeceda38
                                                                • Opcode Fuzzy Hash: fb56fad4854c096117c543c786b970a63440678ca7e925a39ee4cef9b60b671d
                                                                • Instruction Fuzzy Hash: 6021BCB1E056188BEB58CFABD84469EFBF7AFC8200F04C176C918A7224EB3415468F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164CE00, Relevance: 6.1, APIs: 4, Instructions: 126threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32 ref: 0164CE70
                                                                • GetCurrentThread.KERNEL32 ref: 0164CEAD
                                                                • GetCurrentProcess.KERNEL32 ref: 0164CEEA
                                                                • GetCurrentThreadId.KERNEL32 ref: 0164CF43
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: Current$ProcessThread
                                                                • String ID:
                                                                • API String ID: 2063062207-0
                                                                • Opcode ID: 4390713392a2407568492a82912affefc6c091b2e9f1c7447f6355fd76bd9a98
                                                                • Instruction ID: 38ab4bc7c99d63cbb816d31e1a211133a72d3480a8983d1662a4e41aab95c2db
                                                                • Opcode Fuzzy Hash: 4390713392a2407568492a82912affefc6c091b2e9f1c7447f6355fd76bd9a98
                                                                • Instruction Fuzzy Hash: 265185B09016498FDB24CFA9D988BDEBFF0AF88314F248559E409A7351C7749888CF65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164CE10, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32 ref: 0164CE70
                                                                • GetCurrentThread.KERNEL32 ref: 0164CEAD
                                                                • GetCurrentProcess.KERNEL32 ref: 0164CEEA
                                                                • GetCurrentThreadId.KERNEL32 ref: 0164CF43
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: Current$ProcessThread
                                                                • String ID:
                                                                • API String ID: 2063062207-0
                                                                • Opcode ID: 6b966ff306e414a327a431ce6c4118cad3a70d5adcc6c4cd078fbe279e1a3f99
                                                                • Instruction ID: 55efa78995b0d7edc1f28f761b2216e8da1a4188f91e4c37acceb5801e408c5f
                                                                • Opcode Fuzzy Hash: 6b966ff306e414a327a431ce6c4118cad3a70d5adcc6c4cd078fbe279e1a3f99
                                                                • Instruction Fuzzy Hash: 035175B09056498FDB24CFAAD948BDEBFF0BF88314F248559E509A7350C7745888CF65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164AB28, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0164AD6E
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: 57ce995f1f04dac14f521b32476a970e807a5129fe0e9c73238a3fd911cc0887
                                                                • Instruction ID: efacb199e42fdecda62cc36c2efd3ee3208e37be0091b79217f940dfb9be7fe4
                                                                • Opcode Fuzzy Hash: 57ce995f1f04dac14f521b32476a970e807a5129fe0e9c73238a3fd911cc0887
                                                                • Instruction Fuzzy Hash: C17145B0A00B059FD764DF69C84479ABBF2BF88204F008A2DD54ADBB50DB74E845CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164423C, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?), ref: 01645719
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 74237876b94b8f0be52db3ac726cb580e7b5c5aa3559b3fde1366968201360b2
                                                                • Instruction ID: 22a442e626504b92d61a8d7b72c896c670b3c005cfe60a2892e002884ff992c5
                                                                • Opcode Fuzzy Hash: 74237876b94b8f0be52db3ac726cb580e7b5c5aa3559b3fde1366968201360b2
                                                                • Instruction Fuzzy Hash: 2141F070C04718CFDB24DFA9C988B9EBBB5FF89308F248069D509AB250DB756946CF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164565D, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?), ref: 01645719
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 0bd783f73d96ee326867eeb012d1992c756a5d32bea83840a04c226b6ea5ac4d
                                                                • Instruction ID: 7cb7aba5143208e3d83ef0f9572d7ce013cbf59139cb960c12b19d3cd5db13a4
                                                                • Opcode Fuzzy Hash: 0bd783f73d96ee326867eeb012d1992c756a5d32bea83840a04c226b6ea5ac4d
                                                                • Instruction Fuzzy Hash: 2B411371C04758CFDB24CFA9C884B9EBBB5FF89304F248069D509AB241DB756946CF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164D438, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164D4C7
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 42eebca4f555505798e738f620dbb2439198df218a548dc3c5a9bdebafdc20a0
                                                                • Instruction ID: fa58cfc0e99dfdd68c636552bc72779fb4be0e95f6da3d6bca051a1a2e239b3f
                                                                • Opcode Fuzzy Hash: 42eebca4f555505798e738f620dbb2439198df218a548dc3c5a9bdebafdc20a0
                                                                • Instruction Fuzzy Hash: F721E4B5D01209AFDB10CFA9D984ADEFBF8EB49324F14841AE915B3310D374A954CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164D440, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164D4C7
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 9b1dc3849f9c2df2e37b831ae058e2b354e0fc6e5e24f879ec2cfa50efcede75
                                                                • Instruction ID: 9c48c61285b5bf496a9ea3076e310ca3d4ae8709db1918b51578419f6378cce6
                                                                • Opcode Fuzzy Hash: 9b1dc3849f9c2df2e37b831ae058e2b354e0fc6e5e24f879ec2cfa50efcede75
                                                                • Instruction Fuzzy Hash: 2E21C2B5D01248AFDB10CFAAD984ADEFBF8EB48324F14841AE915A7310D374A954CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164AF89, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0164ADE9,00000800,00000000,00000000), ref: 0164AFFA
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: f524131757d75df2a78200adeaa47d8682d2d2f051fe4e242cc7ee05f02ccf92
                                                                • Instruction ID: 2a314b89da7d9e99654cf44b31272fc94f4411dc4de52e73bdb93ebe795c8d96
                                                                • Opcode Fuzzy Hash: f524131757d75df2a78200adeaa47d8682d2d2f051fe4e242cc7ee05f02ccf92
                                                                • Instruction Fuzzy Hash: C41114B68002099FDB10CF9AC948BDEFBF8EB49324F14842AE916B7201C375A545CFA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01649EB0, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0164ADE9,00000800,00000000,00000000), ref: 0164AFFA
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: dee822052bcce24e32811f716a3b5440b36ef5f108873630e2b0f25674d62156
                                                                • Instruction ID: c5fb7a3748b649fb33f97d900414c15752a0ebd522f01349967c0ea4f171b07f
                                                                • Opcode Fuzzy Hash: dee822052bcce24e32811f716a3b5440b36ef5f108873630e2b0f25674d62156
                                                                • Instruction Fuzzy Hash: 571133B28042089FDB10CF9AC848BDEFBF8EB48320F44842AE916A7200C375A545CFA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164AD08, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0164AD6E
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: b7c213726223edaee0941d7386372be31a6fc42962291b2d9560f52466f3375b
                                                                • Instruction ID: c7df95dd4f6262c35f99f1d873f6bd1c65a548d9197a422b07ba432e269f8262
                                                                • Opcode Fuzzy Hash: b7c213726223edaee0941d7386372be31a6fc42962291b2d9560f52466f3375b
                                                                • Instruction Fuzzy Hash: E31113B6C006499FDB10CF9AC844BDEFBF4EF88224F14851AD969B7200C374A545CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727219, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Mbs~
                                                                • API String ID: 0-2965780156
                                                                • Opcode ID: 5b383eb06fd0396cfd94da6081e212651f7dac9529b3d376611d69208efa323c
                                                                • Instruction ID: dc9b9da30dfa1b528470e6ac3b32db83a0f41c40938e80237352acb3fb985241
                                                                • Opcode Fuzzy Hash: 5b383eb06fd0396cfd94da6081e212651f7dac9529b3d376611d69208efa323c
                                                                • Instruction Fuzzy Hash: 0B313AB0E0921A9FCB48CFA9C54159EFBF2FB89340F65C5AAD514E7314E634AA018F91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727228, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Mbs~
                                                                • API String ID: 0-2965780156
                                                                • Opcode ID: 91be4f448f4e905032d4f0997ff243866d88c393836c5982e8c7db8e9ff30029
                                                                • Instruction ID: 454775697e8edfdc4f0d5af1459148cfd5feb36518767cb0136526d1b120ebd0
                                                                • Opcode Fuzzy Hash: 91be4f448f4e905032d4f0997ff243866d88c393836c5982e8c7db8e9ff30029
                                                                • Instruction Fuzzy Hash: 79312BB0E1921ADFCB48CF99C6415AEFBF2FB89340F60C5AAD514A7314D7349A018F91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07728E18, Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: I]a
                                                                • API String ID: 0-2931788736
                                                                • Opcode ID: fbc25c5cdba36e3f399b5a78d92b773983dc436c793d2e4a1f8344fa28708662
                                                                • Instruction ID: b9018312d873519987bce7602e4dd818c3e25475ba513c4deca742b161a367d6
                                                                • Opcode Fuzzy Hash: fbc25c5cdba36e3f399b5a78d92b773983dc436c793d2e4a1f8344fa28708662
                                                                • Instruction Fuzzy Hash: A8214BB0E15219EFCB04CFA9CA4069EFBF1AB89340F25D4AAD418E7264E7349B41DB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07728E28, Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: I]a
                                                                • API String ID: 0-2931788736
                                                                • Opcode ID: d00c117c9289a8db800a02818657b0ee5948fe9cf0119424542f94c80cc00f6d
                                                                • Instruction ID: fd5661882b3048f687df1cb9284a1e951150b85606d1d59ad668de5730e7db0f
                                                                • Opcode Fuzzy Hash: d00c117c9289a8db800a02818657b0ee5948fe9cf0119424542f94c80cc00f6d
                                                                • Instruction Fuzzy Hash: 38214BB0E15219EFCB04CFA5C6805AEFBB5FB89340F24D46AD418A7224D7349B42DF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07724AC8, Relevance: .2, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6e3c7fcbda80e8fbe5340f6ed43bb1d39e3b9fcf4a40c1f9646de2eab4a4616
                                                                • Instruction ID: 23e7025ccb1a4f7bba472ee2d854eb54e0bb6fa140628cb3bf686dd5367cabec
                                                                • Opcode Fuzzy Hash: b6e3c7fcbda80e8fbe5340f6ed43bb1d39e3b9fcf4a40c1f9646de2eab4a4616
                                                                • Instruction Fuzzy Hash: 9581F275D00229CFDF24DFA5C844BDDBBB2BF8A304F1084A9E508AB251DB755A86CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07723588, Relevance: .2, Instructions: 155COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb983016fc97946804d51f2531623ec888f06daa3fcfe382383dddc2a21c1344
                                                                • Instruction ID: cfed3bb31b631aaa16379cc3e79141918eea9447557028980f183d2b918ff792
                                                                • Opcode Fuzzy Hash: fb983016fc97946804d51f2531623ec888f06daa3fcfe382383dddc2a21c1344
                                                                • Instruction Fuzzy Hash: 1E41C071B002164FCB14DB7898488BFBBF6EFC52147158569E429DB390EB309D068BA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07723D7C, Relevance: .2, Instructions: 151COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ccef588ce978b3b4466496836e5a648977d1cf193fbb3e7bca9dd4a872cbaba1
                                                                • Instruction ID: 6e9d995eb8f1a2ad8fb13d1b679a5229df793a8c1611212f850579ffccfd9388
                                                                • Opcode Fuzzy Hash: ccef588ce978b3b4466496836e5a648977d1cf193fbb3e7bca9dd4a872cbaba1
                                                                • Instruction Fuzzy Hash: 1351F6B1A002599FCB10DFADC444AAFFBF6EFC8254F058429E515E7340DB749D428BA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077251D1, Relevance: .1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e26288d4c359482e40d9e5045a0d5719f7840d760452656be4ed0da9a669b5f7
                                                                • Instruction ID: a8029a409a43e358f64328a09e44e993b507d2e8673a45fc40fd30e629b809ad
                                                                • Opcode Fuzzy Hash: e26288d4c359482e40d9e5045a0d5719f7840d760452656be4ed0da9a669b5f7
                                                                • Instruction Fuzzy Hash: AE413AB1E052589FDB04DFAAC844AEEBBF2EF89300F15C0AAD414EB255D7349906CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077253AA, Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78f0c3e0669fe9dd8b352665ec8e5062d6cf9541678d3830b3fdb96751c65b13
                                                                • Instruction ID: e2de42eca7e5de84d7167c867ceebd3aa414561399200589d6f060e0ad1f043c
                                                                • Opcode Fuzzy Hash: 78f0c3e0669fe9dd8b352665ec8e5062d6cf9541678d3830b3fdb96751c65b13
                                                                • Instruction Fuzzy Hash: 6941D3B4E00218DFDB18DFA5D994A9EBBF2BF89300F24916AE515BB354DB309842CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077253B8, Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7312c3549e10d8a600fd2ac4ff77600a905c67fac4b033c2817f3fd58127beb5
                                                                • Instruction ID: 660f3a8e987d1bf7707056f1a4c9b01124d33594605b2963ba6144e992e00c7e
                                                                • Opcode Fuzzy Hash: 7312c3549e10d8a600fd2ac4ff77600a905c67fac4b033c2817f3fd58127beb5
                                                                • Instruction Fuzzy Hash: A341E5B4E00218DFDB18CFA6D984A9EBBF2BF89300F209129E515BB354DB709842CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077270F0, Relevance: .1, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9290e33069e603a747be68efa097385bc7817382f52a20fb9e71ee1467cd2b61
                                                                • Instruction ID: 9380e1721920e2de57e0e8f78165e1c4e0351031501dbe0623472cbc4bc7df41
                                                                • Opcode Fuzzy Hash: 9290e33069e603a747be68efa097385bc7817382f52a20fb9e71ee1467cd2b61
                                                                • Instruction Fuzzy Hash: D83105B4E142199FCB48CFA9C5819AEBBF1FF89300F50846AD915A7354E374AA42CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077270EB, Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87fe3efdc999eb08596514175f8ffbf43206e836e2c4bc491c5ce76ff7409350
                                                                • Instruction ID: cc81b26710710764e514c15f75cf9b91a761877db41b08586374bedc377adecd
                                                                • Opcode Fuzzy Hash: 87fe3efdc999eb08596514175f8ffbf43206e836e2c4bc491c5ce76ff7409350
                                                                • Instruction Fuzzy Hash: 793116B4E042199FCB48CFA9C5819AEBBF1FF88300F50846AD814E7354D374AA42CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015ED3D8, Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254803848.00000000015ED000.00000040.00000001.sdmp, Offset: 015ED000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1557e94d21e6cf45d1121de4307fda9f4ce59b54b2e9decaaaea2a4ad5c12cd
                                                                • Instruction ID: 77072a6d4c6a9ce8879a4da3b30d986d2fd08400145c6c84c63a1b2645392810
                                                                • Opcode Fuzzy Hash: d1557e94d21e6cf45d1121de4307fda9f4ce59b54b2e9decaaaea2a4ad5c12cd
                                                                • Instruction Fuzzy Hash: 862148B5904244DFDB19CF84D9C4B5ABBF5FB98324F24C568E9054F206C376E846C7A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772CBD8, Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 693d09e38a0d2a5e2baee63422aaf13319ac0fb2e5d59f8c5a0be0671ba67918
                                                                • Instruction ID: 7a9c321642b6b9fc323eb0cb786aefd8b9f7f38a7c469fbad15901513865d39c
                                                                • Opcode Fuzzy Hash: 693d09e38a0d2a5e2baee63422aaf13319ac0fb2e5d59f8c5a0be0671ba67918
                                                                • Instruction Fuzzy Hash: 8F2139B4E146199BCB04CFA9C4455EEFBF2EF88200F10D42AD915B7354EB34A942CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015FD01C, Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254826322.00000000015FD000.00000040.00000001.sdmp, Offset: 015FD000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a64efbd9c17337f8a8e4bbe05753e34f36ccfd5900c6080833d2f43abadd3b3b
                                                                • Instruction ID: ae0a5312c54f3912dc46f99f36bf89f4096453d47e6bbbff54f847e16650bb9d
                                                                • Opcode Fuzzy Hash: a64efbd9c17337f8a8e4bbe05753e34f36ccfd5900c6080833d2f43abadd3b3b
                                                                • Instruction Fuzzy Hash: F72142B5508200DFCB11DF94D8C0B2ABBB9FB84354F24C96DEA0A4F246D33AD846CA61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015FD1D4, Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254826322.00000000015FD000.00000040.00000001.sdmp, Offset: 015FD000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2855e4647e857158a5f06aa789d597d061b856a054b7ba6e3627ed492e650b14
                                                                • Instruction ID: 4b12c9680f60a05d51c6c0a418c46b68bb2e451836eb4e5d792148a3c41e7f48
                                                                • Opcode Fuzzy Hash: 2855e4647e857158a5f06aa789d597d061b856a054b7ba6e3627ed492e650b14
                                                                • Instruction Fuzzy Hash: 1F212C79508244DFDB11DF94D9C0B1ABBB5FB84324F24C96DEA094F246C336D846CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772372D, Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b203df187efc0529b72c39a23f979b525648b366dc94d9fcf65450299f2581d7
                                                                • Instruction ID: 4f3bc534889dbd320b8749a127d03c69684d6ef7730cb799753b0ecfab4bb881
                                                                • Opcode Fuzzy Hash: b203df187efc0529b72c39a23f979b525648b366dc94d9fcf65450299f2581d7
                                                                • Instruction Fuzzy Hash: 5931E3B0D012589FDB20CF99C588BCEBFF4AB49754F148429E414BB340C7B5598ACFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07723738, Relevance: .1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f7ca237a7e6b279f0b05de03395a9134c08d896854b5d7392c436fc84ddc9ab
                                                                • Instruction ID: a76036deebe7b34a483021ee4842d496fe71c4d88c65a361e71e0a8cd0bcc3d5
                                                                • Opcode Fuzzy Hash: 4f7ca237a7e6b279f0b05de03395a9134c08d896854b5d7392c436fc84ddc9ab
                                                                • Instruction Fuzzy Hash: 8921DFB0D012589FDB20DF99C588B9EBFF4BB09754F24842AE415BB240C7B95986CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07723578, Relevance: .1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 379f07efefa0719d867b73e4acde5c9e7c2f545ef6bcfe7202273ba88c961936
                                                                • Instruction ID: b1db094b9d0512087ca9e243dfcdcbdf39a6792c149d487016f71f6556401858
                                                                • Opcode Fuzzy Hash: 379f07efefa0719d867b73e4acde5c9e7c2f545ef6bcfe7202273ba88c961936
                                                                • Instruction Fuzzy Hash: EB1191B5B003169F9B11EE7988489BFBBFAEBC42607168929E424D7340EF309D068760
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015FD006, Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254826322.00000000015FD000.00000040.00000001.sdmp, Offset: 015FD000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a917a93ee39f5f41fec16e24387116ba24f0f176f8d7f87f9b01408a7ca914e
                                                                • Instruction ID: 1d815caf6dd4ab6cc25bdae6e7420fe3a55f598a008b0b4fa84feebc837f491f
                                                                • Opcode Fuzzy Hash: 4a917a93ee39f5f41fec16e24387116ba24f0f176f8d7f87f9b01408a7ca914e
                                                                • Instruction Fuzzy Hash: 96218E755093808FCB03CF24D990B15BF71FB46214F28C5EAD9498F6A7C33A980ACB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772DF08, Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc73518880bdcf078d6ff7a84926e54928e9d60005b64cbf68be568cf2e9565a
                                                                • Instruction ID: 156d36f91eb2c469923af03d9a15f88e5dfc863267d83fa9fcc4a4ea8e048de2
                                                                • Opcode Fuzzy Hash: dc73518880bdcf078d6ff7a84926e54928e9d60005b64cbf68be568cf2e9565a
                                                                • Instruction Fuzzy Hash: 4E1194B0F041258FCB389B7488146BB76A6BBC5790F04452DE93AD7748DB34D90297D5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772FD28, Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4118998e13c1bfa926c9ae67638a2c1b81583857f1a0c07b30e329452443fcb
                                                                • Instruction ID: 5e092c70aff70282985d8fcd593dcfe984c72d26d8fe2444d97b8a680fbabd69
                                                                • Opcode Fuzzy Hash: b4118998e13c1bfa926c9ae67638a2c1b81583857f1a0c07b30e329452443fcb
                                                                • Instruction Fuzzy Hash: EA2158B4E14219DFCB44DFA9C5455AEBBF2FF89300F20846AD415E3354E7309A52DB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07725580, Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4788ba6c4756e39e66a21f4f8c2bc100ae78aa04685b9ad77df96d22ea52853
                                                                • Instruction ID: 420fd9330e80f1ee0057ff7162713f263cc1b9b5d7493e575f4de0a272d00650
                                                                • Opcode Fuzzy Hash: a4788ba6c4756e39e66a21f4f8c2bc100ae78aa04685b9ad77df96d22ea52853
                                                                • Instruction Fuzzy Hash: FB11907091520AEFC740FFB8D94979EBBF5FF41208F1184A9D0089B661EB35AE45CB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 077234A8, Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 352178fa2416f81914fd3003e2b1fec3c2b099e4c6091a57cbd6be037a7bf583
                                                                • Instruction ID: ca8276a0c8ba0f894ea987fc3986aa4868c263764c1682ffaf467ea440604397
                                                                • Opcode Fuzzy Hash: 352178fa2416f81914fd3003e2b1fec3c2b099e4c6091a57cbd6be037a7bf583
                                                                • Instruction Fuzzy Hash: E2119171B001158B8B14EBB998105FEB7F6AF94354B10003AD518EB340EB35DD468BE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07724E78, Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc4780a06fa64bf43381d6d4c36e90ebf3f30cff7b53634dd34bddfc3ff29f42
                                                                • Instruction ID: 3f1e3f19498be4caf5dfab499fff493d6f4f0b8741f28b33a7c883a8df7b050c
                                                                • Opcode Fuzzy Hash: fc4780a06fa64bf43381d6d4c36e90ebf3f30cff7b53634dd34bddfc3ff29f42
                                                                • Instruction Fuzzy Hash: 2E01DDF1B002659BCB11EE59CC549AFBBFAEFC8290B154826E925D7240DB309D0787B2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015ED3D3, Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254803848.00000000015ED000.00000040.00000001.sdmp, Offset: 015ED000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0c4970787f2fda04949aac124d9468e0093009a6ce9120cc45a5e3f71d40d573
                                                                • Instruction ID: f66ebf932c42673257fb76283e4530e664decd02bf20aac25f0f280da83a1949
                                                                • Opcode Fuzzy Hash: 0c4970787f2fda04949aac124d9468e0093009a6ce9120cc45a5e3f71d40d573
                                                                • Instruction Fuzzy Hash: CA11DF76804280CFCB06CF44D9C4B5ABFB1FB94320F2482A9D8090B617C37AE45ACBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015FD1CF, Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254826322.00000000015FD000.00000040.00000001.sdmp, Offset: 015FD000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 419e88c0e41451e1777907f29bf01e173359922e2c53350f3ed2aa1ddc1fa567
                                                                • Instruction ID: e1f0131eaa7fd3b11cd9c3502f6a9c2c4bd747c0a456223a26bc0e55affb315a
                                                                • Opcode Fuzzy Hash: 419e88c0e41451e1777907f29bf01e173359922e2c53350f3ed2aa1ddc1fa567
                                                                • Instruction Fuzzy Hash: 1011BB79904280DFCB02CF54D5C0B19BBB1FB84224F28C6AED9494B656C33AD44ACBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07728F31, Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 758b1d2f2c7265a1d4a99162a2d8d3365545d5d1cb99b561b102a8be8589c67c
                                                                • Instruction ID: 0add4e3a0a9d3d744f9aa998494d526fd2ac22160112669a8f2830d3aff845e7
                                                                • Opcode Fuzzy Hash: 758b1d2f2c7265a1d4a99162a2d8d3365545d5d1cb99b561b102a8be8589c67c
                                                                • Instruction Fuzzy Hash: 49015E74E04208AFC704EFA9D554A5DBFF5EF88300F06C0D5E5089B362E6309940DF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07729A61, Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b69cf16dc0daee77a9f266e2e4cefacf591dab0f997345e53934c25b13dc8356
                                                                • Instruction ID: 1133a4914244458db67f8f334eba047476b2b89e682362c1de79ba5c344179eb
                                                                • Opcode Fuzzy Hash: b69cf16dc0daee77a9f266e2e4cefacf591dab0f997345e53934c25b13dc8356
                                                                • Instruction Fuzzy Hash: 6D1105B4D0425A9FCB50EFA8C8516AEFFF4BB08200F15819AE954E7341D734AA40CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07729A70, Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5436343ef3331cf9b4852271199bba9d3b28836c5d9e2b6e9266225463ef5700
                                                                • Instruction ID: 1926bbbe913f71ed6ceab384a284fd56c2398e78731313c2bd2fdeae9ec13323
                                                                • Opcode Fuzzy Hash: 5436343ef3331cf9b4852271199bba9d3b28836c5d9e2b6e9266225463ef5700
                                                                • Instruction Fuzzy Hash: 1A011AB4D042199FCB50EFA8D4456AEFFF4BB08300F14819AE954E3341D730AA40CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07728F40, Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2035071453b28a432b8cfd1e9d2568adb26bc2d807d665ad184403257b0ce147
                                                                • Instruction ID: 689e23726bcafa657be5058d7fd9bcad8b700622f0cfa899ca752b211d1e8624
                                                                • Opcode Fuzzy Hash: 2035071453b28a432b8cfd1e9d2568adb26bc2d807d665ad184403257b0ce147
                                                                • Instruction Fuzzy Hash: 1201B674E00208AFCB44DFA9D559A5DBFF2EF48200F05C4A5E5189B365DB31E941DF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727340, Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a653b3dce0326e06fa334e3b89fb7dfd53a15d355a91241a889756d68d668108
                                                                • Instruction ID: bfa8ae3ecdfa09558570b2ccdef17a7a495df0b0b1bab97a91f0e4ff74b70a4c
                                                                • Opcode Fuzzy Hash: a653b3dce0326e06fa334e3b89fb7dfd53a15d355a91241a889756d68d668108
                                                                • Instruction Fuzzy Hash: 52F017B0819358AFCB11EFA8C9056AEBFB4FB09200F0185AAE854E7352D7715A00DF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727350, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc022ad63450c9894f8e543491f931a2866a5de257f6408007b8884ff516fcf2
                                                                • Instruction ID: ad7fb37cdf6f7d8fc5c899d14dec1dca201a36e744f0a8e7ca280494d51d173f
                                                                • Opcode Fuzzy Hash: fc022ad63450c9894f8e543491f931a2866a5de257f6408007b8884ff516fcf2
                                                                • Instruction Fuzzy Hash: 4BF015B0D0421CDFCB04EFA8D505AAEBBB4FB08300F0085AAE814A3300D771AA01DF80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727B51, Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d3cd7bfb41b6c15422c9a95c158098ac4cc547a8a6865ad9aa84c500ad5463e7
                                                                • Instruction ID: bc215ae65d5245c7a83775dca9629057d43ea837f9be8d748c8b171c797ef619
                                                                • Opcode Fuzzy Hash: d3cd7bfb41b6c15422c9a95c158098ac4cc547a8a6865ad9aa84c500ad5463e7
                                                                • Instruction Fuzzy Hash: 78F0D4B4A12368DFCB60CF64CA84BD8BBB1BB88301F1050D5E449AB354D3359E80CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772DEB8, Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac7c60479ec0939664be2e9435e0349ec910df37570d6c319342f20c672cb276
                                                                • Instruction ID: 4ce95ac51ab966294fd60db6974b7fa8eeafc8ac6b845c2853bff98f611f83d4
                                                                • Opcode Fuzzy Hash: ac7c60479ec0939664be2e9435e0349ec910df37570d6c319342f20c672cb276
                                                                • Instruction Fuzzy Hash: 7FE0C2B4D1421DAFCB54EFE8D8056ADBFB4FB18300F0085AAE828A3350EB706650DF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772D308, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e9035cf29436729d8cd83bc274ed18ed329e6533cf4b470cbe273707b5bc3bb2
                                                                • Instruction ID: 36a61e5e18fe4d0e1f7dcc1dcc9297d53300e7fed1d16d62b325cdf663fc23c8
                                                                • Opcode Fuzzy Hash: e9035cf29436729d8cd83bc274ed18ed329e6533cf4b470cbe273707b5bc3bb2
                                                                • Instruction Fuzzy Hash: C0E0E5B4D1421CDFCB50EFA8D8052AEBBB4FB08200F0085AAD818A3300E7706A01CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07727E23, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bfa901e9b36297d63b17b46c76d77ab8e1f32388d12cf4aecbe0ec24b58dfe5c
                                                                • Instruction ID: 589d0e9a4dccbc300b64282813a690a33f737b6ebbdee7f066678c822c312b4a
                                                                • Opcode Fuzzy Hash: bfa901e9b36297d63b17b46c76d77ab8e1f32388d12cf4aecbe0ec24b58dfe5c
                                                                • Instruction Fuzzy Hash: B6F01F78D11358CFCB65DF69D984A99BBB5FB49301F105095E819A7314D731AE82CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772FCE8, Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c609d24fbfaf3a2f5432d5cc649a1a2d14a28bbd0dc96d748002473c503d588a
                                                                • Instruction ID: 30f8339b4c38cd8a65f345b62ac5afacedea63df8d60924f58bb734cd720b2fd
                                                                • Opcode Fuzzy Hash: c609d24fbfaf3a2f5432d5cc649a1a2d14a28bbd0dc96d748002473c503d588a
                                                                • Instruction Fuzzy Hash: F1D01270D5520C9BC714EFA4E41565DBFF4AB44304F1081A9940453244D7702551DB81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07725B80, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0799e025a88c3ece31172fa63cb89ee483c34c3333232a9e20fed5ac45acae69
                                                                • Instruction ID: eef4f7cb21c50df9a9f87e17c6cf5e6308385bf7f2bec8317d566f6bbaf31c5f
                                                                • Opcode Fuzzy Hash: 0799e025a88c3ece31172fa63cb89ee483c34c3333232a9e20fed5ac45acae69
                                                                • Instruction Fuzzy Hash: 85E0927491522ACBDB94DF64DD90B8CBBB5FF88244F0095A6D01DB7264DB306E81CF20
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07723470, Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6b7c8afa9312b0930e742ae75abafb719ea0e8043146aec4a7c6c7d642146c5
                                                                • Instruction ID: b8b6f342eb725f5dd00aa6ef8c1ba126699cbc373f0be0df56868b83d1faca22
                                                                • Opcode Fuzzy Hash: a6b7c8afa9312b0930e742ae75abafb719ea0e8043146aec4a7c6c7d642146c5
                                                                • Instruction Fuzzy Hash: 6FD01279408380AFC7039B549E08E867F707F56600B475083D5A48F0B3E710851BEF23
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 0772A260, Relevance: 5.2, Strings: 4, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ).h=$).h=$],5$],5
                                                                • API String ID: 0-92995863
                                                                • Opcode ID: 7f473b942554faeada1f1cf945f50d4b114f98fcc521406d6b17a6d9b2fc7ff9
                                                                • Instruction ID: 1947d26a49690be1abf07452baf0fc34ddaf2a1ca50fa8ccb6bece3f68658c56
                                                                • Opcode Fuzzy Hash: 7f473b942554faeada1f1cf945f50d4b114f98fcc521406d6b17a6d9b2fc7ff9
                                                                • Instruction Fuzzy Hash: FE7102B4E1421ACFCB04CF99D4809AEFBB2FF89250F15851AD825BB305D734A982DF95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772A252, Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ).h=$],5$],5
                                                                • API String ID: 0-3716854808
                                                                • Opcode ID: ac6635cd37ceb9b3b09697b7ad4aa62bec57c23bb3b65e0875605cb1761275d0
                                                                • Instruction ID: 22d285c20bced407a50aaa88f6ee9536095fc513357dea0f0a12a4664384c6b4
                                                                • Opcode Fuzzy Hash: ac6635cd37ceb9b3b09697b7ad4aa62bec57c23bb3b65e0875605cb1761275d0
                                                                • Instruction Fuzzy Hash: AE6103B4E1421ACFCB04CF99C5809AEFBB2BF89250F15C556D825B7305D734A982DFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772D350, Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: d$ppr
                                                                • API String ID: 0-1271769998
                                                                • Opcode ID: ab0c91282d45c738dcdfe246bf3fb9b97dfff76b4a268ee1a6b9a31db36e625e
                                                                • Instruction ID: 4793b0059549625aa0cd508fe726d0120ef0864d6ee741c821235d198cfceac3
                                                                • Opcode Fuzzy Hash: ab0c91282d45c738dcdfe246bf3fb9b97dfff76b4a268ee1a6b9a31db36e625e
                                                                • Instruction Fuzzy Hash: D3D1C1B0F0422A8FCF14DFA9C5416AEBBF2AF89384F108469D525B7344DB7499028FA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772AAA9, Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: xlal
                                                                • API String ID: 0-4141879998
                                                                • Opcode ID: 87df423778c34db0492891240eb40c482c08c72b1828e212e31dfc5267c5e0a3
                                                                • Instruction ID: 881ee13f54028bc881ea2a2f63ddcb223b3f9af49024d04a260174bbb1d253aa
                                                                • Opcode Fuzzy Hash: 87df423778c34db0492891240eb40c482c08c72b1828e212e31dfc5267c5e0a3
                                                                • Instruction Fuzzy Hash: 1A7106B5E152198FCB04CFA9C5815DEFBF2EF8A250F25E42AD815B7264D2309A02DF64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772AAB8, Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: xlal
                                                                • API String ID: 0-4141879998
                                                                • Opcode ID: 6e16e80e2fe9ef75c2695303c554ff7ad479c7eef3b7b230b6a94f3f95d006d2
                                                                • Instruction ID: e246f8dc7908aad294b17df43da5685b1e089b6a7ae817b04285303c0d7e040c
                                                                • Opcode Fuzzy Hash: 6e16e80e2fe9ef75c2695303c554ff7ad479c7eef3b7b230b6a94f3f95d006d2
                                                                • Instruction Fuzzy Hash: CC71E5B4E152199BCB04CFA9C5815DEFBF2FF8A250F24A42AD815B7224D3349A42DF64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772A888, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: '"
                                                                • API String ID: 0-515539635
                                                                • Opcode ID: 2d2a54531feee9c1307b0c307d9f036bf0313836c3f12fc714697341d67b9d53
                                                                • Instruction ID: 59ff426c191600c2af3df4aeb45baceb16afee553f5bbac7f502dad003e9b1b3
                                                                • Opcode Fuzzy Hash: 2d2a54531feee9c1307b0c307d9f036bf0313836c3f12fc714697341d67b9d53
                                                                • Instruction Fuzzy Hash: FC414AB0E0420ADFCB05DFAAC9405AEFBF2BF89340F25C06AD525A7214E7349642DF95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772A898, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: '"
                                                                • API String ID: 0-515539635
                                                                • Opcode ID: c38a84d8403c1b9d7812f088feb8e0f649ea7df6b502663fbe2c043ef93df9a3
                                                                • Instruction ID: e6b48e8139f042d0cd1abe0b77263cfceeefb59f62638db36ca4d814fc6445c2
                                                                • Opcode Fuzzy Hash: c38a84d8403c1b9d7812f088feb8e0f649ea7df6b502663fbe2c043ef93df9a3
                                                                • Instruction Fuzzy Hash: E04118B0E0421ACFCB44CFAAC5815AEFBF2BF89340F24C06AD525A7214D7349652DF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00D76091, Relevance: .8, Instructions: 832COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.253909298.0000000000D72000.00000002.00020000.sdmp, Offset: 00D70000, based on PE: true
                                                                • Associated: 00000003.00000002.253870292.0000000000D70000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 28a3f14270ec21ee15c053d49fee42c6df924105ef9b28db90a7940a591d82ab
                                                                • Instruction ID: 61f3f89bf50736127db4a84c9f9603cbfe4489160aa59980d6678b683d63f76c
                                                                • Opcode Fuzzy Hash: 28a3f14270ec21ee15c053d49fee42c6df924105ef9b28db90a7940a591d82ab
                                                                • Instruction Fuzzy Hash: 4162F66244E3C28FC7035B789CB55D17FB1AE6722471E09D7D4C08F0A3E26C5A9ADB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00D78A84, Relevance: .4, Instructions: 430COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 63%
                                                                			E00D78A84(void* __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int* __edi, signed char* __esi) {
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr* _t55;
				intOrPtr* _t56;
				intOrPtr* _t57;
				intOrPtr* _t58;
				intOrPtr* _t59;
				intOrPtr* _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t92;
				intOrPtr* _t93;
				intOrPtr* _t94;
				signed int _t96;
				intOrPtr* _t98;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t108;
				intOrPtr* _t109;
				intOrPtr* _t110;
				intOrPtr* _t111;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t118;
				intOrPtr* _t121;
				intOrPtr* _t124;
				intOrPtr* _t125;
				intOrPtr* _t126;
				signed char _t128;
				signed char _t129;
				signed char _t130;
				signed char _t131;
				signed char _t132;
				signed char _t133;
				signed char _t134;
				intOrPtr* _t135;
				signed char _t137;
				signed char _t138;
				signed char _t139;
				signed char _t140;
				signed char _t141;
				signed char _t144;
				signed char _t146;
				signed char _t148;
				signed char _t153;
				signed int* _t157;
				signed char* _t158;
				void* _t159;
				intOrPtr* _t163;

				_t158 = __esi;
				_t157 = __edi;
				_pop(_t53);
				asm("das");
				 *_t53 =  *_t53 + _t53;
				 *_t53 =  *_t53 + _t53;
				_t144 = __edx ^  *__edi;
				 *_t53 =  *_t53 + _t53;
				 *_t53 =  *_t53 + _t53;
				_t137 = __ecx &  *__ebx;
				 *_t53 =  *_t53 + _t53;
				_t54 = _t53 +  *_t53;
				asm("aas");
				asm("sldt word [eax]");
				 *_t54 =  *_t54 + _t54;
				asm("pushfd");
				_t55 = _t54 -  *_t54;
				 *_t137 =  *_t137 + _t55;
				 *((intOrPtr*)(_t144 + _t159 + 0x20000)) =  *((intOrPtr*)(_t144 + _t159 + 0x20000)) + __ebx;
				_t128 = __ebx |  *_t137;
				 *_t55 =  *_t55 + _t55;
				_t56 = _t55 +  *_t55;
				_t138 = _t137 &  *_t128;
				 *_t56 =  *_t56 + _t56;
				 *_t56 =  *_t56 + _t56;
				_t129 = _t128 - 1;
				_t57 = _t56;
				 *_t138 =  *_t138 + _t57;
				 *_t144 =  *_t144 + _t57;
				_t58 = _t57 -  *_t57;
				 *_t144 =  *_t144 + _t58;
				 *__edi =  *__edi + _t129;
				asm("sldt word [eax]");
				 *_t58 =  *_t58 + _t58;
				asm("pushfd");
				_t59 = _t58 -  *_t58;
				 *_t138 =  *_t138 + _t59;
				 *((intOrPtr*)(_t144 + _t159 + 0x20000)) =  *((intOrPtr*)(_t144 + _t159 + 0x20000)) + _t129;
				_t130 = _t129 |  *_t138;
				 *_t59 =  *_t59 + _t59;
				_t60 = _t59 +  *_t59;
				_t139 = _t138 &  *_t130;
				 *_t60 =  *_t60 + _t60;
				 *_t60 =  *_t60 + _t60;
				_t131 = _t130 - 1;
				_t61 = _t60;
				 *_t139 =  *_t139 + _t61;
				 *_t144 =  *_t144 + _t61;
				_t62 = _t61 -  *_t61;
				 *_t144 =  *_t144 + _t62;
				 *__edi =  *__edi + _t131;
				asm("sldt word [eax]");
				 *_t62 =  *_t62 + _t62;
				 *_t62 =  *_t62 + _t62;
				 *_t62 =  *_t62 + _t62;
				_t146 = _t144 ^  *__edi ^  *__edi;
				 *_t62 =  *_t62 + _t62;
				_t63 = _t62 +  *_t62;
				_t132 = _t131 |  *_t139;
				 *_t63 =  *_t63 + _t63;
				_t64 = _t63 +  *_t63;
				_t140 = _t139 &  *_t132;
				 *_t64 =  *_t64 + _t64;
				 *_t64 =  *_t64 + _t64;
				_t133 = _t132 - 1;
				_t65 = _t64;
				 *_t140 =  *_t140 + _t65;
				 *_t146 =  *_t146 + _t65;
				_t66 = _t65 -  *_t65;
				 *_t146 =  *_t146 + _t66;
				 *__edi =  *__edi + _t133;
				asm("sldt word [eax]");
				 *_t66 =  *_t66 + _t66;
				_t134 = _t133 |  *_t140;
				 *_t66 =  *_t66 + _t66;
				_t67 = _t66 +  *_t66;
				_t141 = _t140 &  *_t134;
				 *_t67 =  *_t67 + _t67;
				 *_t67 =  *_t67 + _t67;
				_t135 = _t134 - 1;
				_t68 = _t67;
				 *_t141 =  *_t141 + _t68;
				__edi[3] = __edi[3] + _t141;
				 *_t68 =  *_t68 + _t68;
				_t69 = _t68 +  *_t68;
				asm("aas");
				asm("sldt word [eax]");
				 *_t69 =  *_t69 + _t69;
				asm("outsd");
				asm("sldt word [eax]");
				_t70 = _t69 +  *_t69;
				asm("aas");
				asm("sldt word [eax]");
				 *_t70 =  *_t70 + _t70;
				asm("outsd");
				asm("sldt word [eax]");
				_t71 = _t70 +  *_t70;
				asm("aas");
				asm("sldt word [eax]");
				 *_t71 =  *_t71 + _t71;
				asm("outsd");
				asm("sldt word [eax]");
				_t72 = _t71 +  *_t71;
				asm("aas");
				asm("sldt word [eax]");
				 *_t72 =  *_t72 + _t72;
				asm("outsd");
				asm("sldt word [eax]");
				_t73 = _t72 +  *_t72;
				asm("aas");
				asm("sldt word [eax]");
				 *_t73 =  *_t73 + _t73;
				asm("aas");
				asm("sldt word [eax]");
				_t74 = _t73 +  *_t73;
				__edi[3] = __edi[3] + _t141;
				 *_t74 =  *_t74 + _t74;
				_t75 = _t74 +  *_t74;
				_push(cs);
				asm("adc [eax], eax");
				 *_t135 =  *_t135 + _t75;
				 *((intOrPtr*)(_t146 + 0x1000020)) =  *((intOrPtr*)(_t146 + 0x1000020)) + _t135;
				 *_t75 =  *_t75 + _t75;
				_t76 = _t75;
				_push(_t141);
				asm("das");
				 *_t76 =  *_t76 + _t76;
				 *_t76 =  *_t76 + _t76;
				 *_t76 =  *_t76 + _t76;
				_t77 = _t76 +  *_t76;
				asm("arpl [eax], bp");
				 *_t77 =  *_t77 + _t77;
				 *_t77 =  *_t77 + _t77;
				asm("outsd");
				asm("sldt word [eax]");
				_t78 = _t77 +  *_t77;
				_push(_t141);
				asm("das");
				 *_t78 =  *_t78 + _t78;
				_t79 = _t78 +  *_t78;
				 *_t79 =  *_t79 + _t79;
				 *_t79 =  *_t79 + _t79;
				_t148 = _t146 ^  *__edi ^  *__edi;
				 *_t79 =  *_t79 + _t79;
				 *_t79 =  *_t79 + _t79;
				asm("outsd");
				asm("sldt word [eax]");
				_t80 = _t79 +  *_t79;
				asm("out dx, eax");
				asm("sbb [eax], al");
				 *_t135 =  *_t135 + _t80;
				 *((intOrPtr*)(_t148 + 0x1000020)) =  *((intOrPtr*)(_t148 + 0x1000020)) + _t135;
				 *_t80 =  *_t80 + _t80;
				_t81 = _t80;
				_push(_t141);
				asm("das");
				 *_t81 =  *_t81 + _t81;
				_t82 = _t81 + 0x173200;
				 *_t141 =  *_t141 + _t82;
				 *((intOrPtr*)(_t148 + 0x1000020)) =  *((intOrPtr*)(_t148 + 0x1000020)) + _t135;
				 *_t82 =  *_t82 + _t82;
				_t83 = _t82 +  *_t82;
				asm("arpl [eax], bp");
				 *_t83 =  *_t83 + _t83;
				 *_t83 =  *_t83 + _t83;
				asm("outsd");
				asm("sldt word [eax]");
				asm("aas");
				asm("sldt word [eax]");
				_t85 = _t83 +  *_t83 +  *((intOrPtr*)(_t83 +  *_t83));
				 *__esi =  *__esi << _t141;
				 *_t85 =  *_t85 + _t85;
				_t86 = _t85;
				asm("adc al, 0x1d");
				 *_t86 =  *_t86 + _t86;
				 *_t86 =  *_t86 + _t86;
				asm("outsd");
				asm("sldt word [eax]");
				asm("aas");
				asm("sldt word [eax]");
				_t88 = _t86 +  *_t86 +  *((intOrPtr*)(_t86 +  *_t86));
				 *__esi =  *__esi << _t141;
				 *_t88 =  *_t88 + _t88;
				_t89 = _t88;
				asm("adc al, 0x1d");
				 *_t89 =  *_t89 + _t89;
				 *_t89 =  *_t89 + _t89;
				asm("outsd");
				asm("sldt word [eax]");
				_t90 = _t89 +  *_t89;
				asm("out dx, eax");
				asm("sbb [eax], al");
				 *_t135 =  *_t135 + _t90;
				 *((intOrPtr*)(_t148 + 0x1000020)) =  *((intOrPtr*)(_t148 + 0x1000020)) + _t135;
				 *_t90 =  *_t90 + _t90;
				asm("aas");
				asm("sldt word [eax]");
				_t92 = _t90 + 0x286300;
				 *__esi =  *__esi + _t92;
				 *0x02000046 =  *((intOrPtr*)(0x2000046)) + _t135;
				 *((intOrPtr*)(_t148 + 0x2e)) =  *((intOrPtr*)(_t148 + 0x2e)) + _t92;
				 *_t92 =  *_t92 + _t92;
				_t93 = _t92 +  *_t92;
				asm("lodsb");
				asm("sbb al, [eax]");
				 *_t135 =  *_t135 + _t93;
				 *((intOrPtr*)(_t93 + 0x16)) =  *((intOrPtr*)(_t93 + 0x16)) + _t135;
				 *_t93 =  *_t93 + _t93;
				 *_t93 =  *_t93 + _t93;
				asm("bound ebp, [esi]");
				 *_t93 =  *_t93 + _t93;
				 *_t93 =  *_t93 + _t93;
				asm("bound ebp, [esi]");
				 *_t93 =  *_t93 + _t93;
				_t94 = _t93 +  *_t93;
				if(_t94 >= 0) {
					 *_t94 =  *_t94 + _t94;
					 *_t94 =  *_t94 + _t94;
					asm("insb");
					_pop(ds);
					 *_t94 =  *_t94 + _t94;
					_t126 = _t94 +  *_t94;
					asm("lodsb");
					asm("sbb al, [eax]");
					 *_t135 =  *_t135 + _t126;
					__edi[7] = __edi[7] + _t126;
					 *_t126 =  *_t126 + _t126;
					_t94 = _t126;
					_t163 = _t94;
				}
				if(_t163 >= 0) {
					 *_t94 =  *_t94 + _t94;
					 *_t94 =  *_t94 + _t94;
					asm("bound ebp, [esi]");
					 *_t94 =  *_t94 + _t94;
					_t94 = _t94 +  *_t94;
					 *0x300001e = _t94;
					_t158[0x1000020] = _t158[0x1000020] + _t141;
					 *_t141 =  *_t141 + _t94;
					_t158[0x1000020] = _t158[0x1000020] + _t141;
				}
				asm("insb");
				 *[cs:eax] =  *[cs:eax] + _t94;
				_t96 = _t94 +  *_t94 & 0x0100002e;
				 *_t96 =  *_t96 + _t141;
				asm("adc al, [eax]");
				 *_t141 =  *_t141 + _t96;
				 *0x2000017 =  *0x2000017 + _t141;
				 *0x100002e =  *0x100002e + _t96;
				_t157[3] = _t157[3] + _t141;
				 *_t96 =  *_t96 + _t96;
				asm("aas");
				asm("sldt word [eax]");
				_t98 = _t96 +  *_t96 +  *((intOrPtr*)(_t96 +  *_t96));
				 *_t158 =  *_t158 << _t141;
				 *_t98 =  *_t98 + _t98;
				_t100 = _t98 + 0x100000c;
				_t157[3] = _t157[3] + _t141;
				 *_t100 =  *_t100 + _t100;
				asm("aas");
				asm("sldt word [eax]");
				_t102 = _t100 +  *_t100 +  *((intOrPtr*)(_t100 +  *_t100));
				 *_t158 =  *_t158 << _t141;
				 *_t102 =  *_t102 + _t102;
				_t104 = _t102 + 0x100000c;
				_t157[3] = _t157[3] + _t141;
				 *_t104 =  *_t104 + _t104;
				_t105 = _t104 +  *_t104;
				_push(cs);
				asm("adc [eax], eax");
				 *_t135 =  *_t135 + _t105;
				 *((intOrPtr*)(_t148 + 0x1000020)) =  *((intOrPtr*)(_t148 + 0x1000020)) + _t135;
				 *_t105 =  *_t105 + _t105;
				asm("aas");
				asm("sldt word [eax]");
				_t107 = _t105 + 0x286300;
				 *_t158 =  *_t158 + _t107;
				 *((intOrPtr*)(0x2000046)) =  *((intOrPtr*)(0x2000046)) + _t135;
				 *((intOrPtr*)(_t148 + 0x1000020)) =  *((intOrPtr*)(_t148 + 0x1000020)) + _t135;
				 *_t107 =  *_t107 + _t107;
				_t108 = _t107 +  *_t107;
				if(_t108 < 0) {
					L8:
					asm("outsd");
					asm("sldt word [eax]");
					 *_t108 =  *_t108 + _t108;
					_t148 = _t148 ^  *_t157;
					 *_t108 =  *_t108 + _t108;
					 *_t108 =  *_t108 + _t108;
					_push(cs);
					_t109 = _t108 -  *_t108;
					 *_t141 =  *_t141 + _t109;
					 *0x0200004E =  *((intOrPtr*)(0x200004e)) + _t148;
					 *0x0300004E =  *((intOrPtr*)(0x300004e)) + _t148;
					goto L9;
				} else {
					 *_t108 =  *_t108 + _t108;
					 *_t157 =  *_t157 + _t135;
					asm("sldt word [eax]");
					_t124 = (_t108 +  *_t108 | 0x01000017) +  *(_t108 +  *_t108 | 0x01000017);
					asm("daa");
					 *_t124 =  *_t124 + _t124;
					_t109 = _t124 +  *_t124;
					if(_t109 < 0) {
						L9:
						 *_t109 =  *_t109 + _t109;
						_t110 = _t109 +  *_t109;
						_t148 = _t148 ^  *_t157;
						 *_t110 =  *_t110 + _t110;
						 *_t110 =  *_t110 + _t110;
						_t141 = 0x2e;
						 *_t110 =  *_t110 + _t110;
						 *_t110 =  *_t110 + _t110;
					} else {
						 *_t109 =  *_t109 + _t109;
						 *_t109 =  *_t109 + _t109;
						asm("aas");
						asm("sldt word [eax]");
						_t125 = _t109 +  *_t109;
						asm("daa");
						 *_t125 =  *_t125 + _t125;
						_t110 = _t125 +  *_t125;
						if(_t110 >= 0) {
							 *_t110 =  *_t110 + _t110;
							 *_t110 =  *_t110 + _t110;
							goto L8;
						}
					}
				}
				 *_t110 =  *_t110 + _t110;
				 *_t110 =  *_t110 + _t110;
				asm("arpl [eax], bp");
				 *_t110 =  *_t110 + _t110;
				 *_t110 =  *_t110 + _t110;
				asm("arpl [eax], bp");
				 *_t110 =  *_t110 + _t110;
				 *_t110 =  *_t110 + _t110;
				asm("outsd");
				asm("sldt word [eax]");
				_t111 = _t110 +  *_t110;
				_push(_t141);
				asm("das");
				 *_t111 =  *_t111 + _t111;
				_t112 = _t111 +  *_t111;
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				_t153 = _t148 ^  *_t157 ^  *_t157 ^  *_t157 ^  *_t157 ^  *_t157;
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				asm("arpl [eax], bp");
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				asm("arpl [eax], bp");
				 *_t112 =  *_t112 + _t112;
				 *_t112 =  *_t112 + _t112;
				asm("outsd");
				asm("sldt word [eax]");
				asm("aas");
				asm("sldt word [eax]");
				asm("pushfd");
				_t115 = _t112 +  *_t112 +  *((intOrPtr*)(_t112 +  *_t112)) -  *((intOrPtr*)(_t112 +  *_t112 +  *((intOrPtr*)(_t112 +  *_t112))));
				 *_t141 =  *_t141 + _t115;
				 *_t153 =  *_t153 + _t153;
				_pop(ss);
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				asm("outsd");
				asm("sldt word [eax]");
				asm("aas");
				asm("sldt word [eax]");
				asm("pushfd");
				_t118 = _t115 +  *_t115 +  *((intOrPtr*)(_t115 +  *_t115)) -  *((intOrPtr*)(_t115 +  *_t115 +  *((intOrPtr*)(_t115 +  *_t115))));
				 *_t141 =  *_t141 + _t118;
				 *(_t153 ^  *_t157 ^  *_t157) =  *(_t153 ^  *_t157 ^  *_t157) + (_t153 ^  *_t157 ^  *_t157);
				_pop(ss);
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				asm("outsd");
				asm("sldt word [eax]");
				asm("aas");
				asm("sldt word [eax]");
				asm("pushfd");
				_t121 = _t118 +  *_t118 +  *((intOrPtr*)(_t118 +  *_t118)) -  *((intOrPtr*)(_t118 +  *_t118 +  *((intOrPtr*)(_t118 +  *_t118))));
				 *_t141 =  *_t141 + _t121;
				 *((intOrPtr*)(_t135 + 0x28)) =  *((intOrPtr*)(_t135 + 0x28)) + _t121;
				 *_t121 =  *_t121 + _t121;
				 *_t121 =  *_t121 + _t121;
				asm("arpl [eax], bp");
				 *_t121 =  *_t121 + _t121;
				 *_t121 =  *_t121 + _t121;
				asm("arpl [eax], bp");
				 *_t121 =  *_t121 + _t121;
				 *_t121 =  *_t121 + _t121;
				asm("arpl [eax], bp");
				 *_t121 =  *_t121 + _t121;
				 *_t121 =  *_t121 + _t121;
				asm("arpl [eax], bp");
				 *_t121 =  *_t121 + _t121;
				 *_t121 =  *_t121 + _t121;
				return _t121;
			}

















































































                                                                0x00d78a84
                                                                0x00d78a84
                                                                0x00d78a86
                                                                0x00d78a87
                                                                0x00d78a88
                                                                0x00d78a8a
                                                                0x00d78a8c
                                                                0x00d78a8e
                                                                0x00d78a90
                                                                0x00d78a92
                                                                0x00d78a94
                                                                0x00d78a96
                                                                0x00d78a98
                                                                0x00d78a99
                                                                0x00d78a9c
                                                                0x00d78a9e
                                                                0x00d78a9f
                                                                0x00d78aa1
                                                                0x00d78aa3
                                                                0x00d78aaa
                                                                0x00d78aac
                                                                0x00d78aae
                                                                0x00d78ab0
                                                                0x00d78ab2
                                                                0x00d78ab4
                                                                0x00d78ab6
                                                                0x00d78ab7
                                                                0x00d78ab9
                                                                0x00d78abb
                                                                0x00d78abd
                                                                0x00d78abf
                                                                0x00d78ac1
                                                                0x00d78ac3
                                                                0x00d78ac6
                                                                0x00d78ac8
                                                                0x00d78ac9
                                                                0x00d78acb
                                                                0x00d78acd
                                                                0x00d78ad4
                                                                0x00d78ad6
                                                                0x00d78ad8
                                                                0x00d78ada
                                                                0x00d78adc
                                                                0x00d78ade
                                                                0x00d78ae0
                                                                0x00d78ae1
                                                                0x00d78ae3
                                                                0x00d78ae5
                                                                0x00d78ae7
                                                                0x00d78ae9
                                                                0x00d78aeb
                                                                0x00d78aed
                                                                0x00d78af0
                                                                0x00d78af4
                                                                0x00d78af6
                                                                0x00d78af8
                                                                0x00d78afa
                                                                0x00d78afc
                                                                0x00d78afe
                                                                0x00d78b00
                                                                0x00d78b02
                                                                0x00d78b04
                                                                0x00d78b06
                                                                0x00d78b08
                                                                0x00d78b0a
                                                                0x00d78b0b
                                                                0x00d78b0d
                                                                0x00d78b0f
                                                                0x00d78b11
                                                                0x00d78b13
                                                                0x00d78b15
                                                                0x00d78b17
                                                                0x00d78b1a
                                                                0x00d78b1c
                                                                0x00d78b1e
                                                                0x00d78b20
                                                                0x00d78b22
                                                                0x00d78b24
                                                                0x00d78b26
                                                                0x00d78b28
                                                                0x00d78b29
                                                                0x00d78b2b
                                                                0x00d78b2d
                                                                0x00d78b30
                                                                0x00d78b32
                                                                0x00d78b34
                                                                0x00d78b35
                                                                0x00d78b38
                                                                0x00d78b3a
                                                                0x00d78b3b
                                                                0x00d78b3e
                                                                0x00d78b40
                                                                0x00d78b41
                                                                0x00d78b44
                                                                0x00d78b46
                                                                0x00d78b47
                                                                0x00d78b4a
                                                                0x00d78b4c
                                                                0x00d78b4d
                                                                0x00d78b50
                                                                0x00d78b52
                                                                0x00d78b53
                                                                0x00d78b56
                                                                0x00d78b58
                                                                0x00d78b59
                                                                0x00d78b5c
                                                                0x00d78b5e
                                                                0x00d78b5f
                                                                0x00d78b62
                                                                0x00d78b64
                                                                0x00d78b65
                                                                0x00d78b68
                                                                0x00d78b6a
                                                                0x00d78b6b
                                                                0x00d78b6e
                                                                0x00d78b75
                                                                0x00d78b78
                                                                0x00d78b7a
                                                                0x00d78b7c
                                                                0x00d78b7d
                                                                0x00d78b7f
                                                                0x00d78b81
                                                                0x00d78b84
                                                                0x00d78b86
                                                                0x00d78b88
                                                                0x00d78b89
                                                                0x00d78b8a
                                                                0x00d78b8c
                                                                0x00d78b90
                                                                0x00d78b92
                                                                0x00d78b94
                                                                0x00d78b96
                                                                0x00d78b98
                                                                0x00d78b9a
                                                                0x00d78b9b
                                                                0x00d78b9e
                                                                0x00d78ba0
                                                                0x00d78ba1
                                                                0x00d78ba2
                                                                0x00d78ba4
                                                                0x00d78ba8
                                                                0x00d78baa
                                                                0x00d78bac
                                                                0x00d78bae
                                                                0x00d78bb0
                                                                0x00d78bb2
                                                                0x00d78bb3
                                                                0x00d78bb6
                                                                0x00d78bb8
                                                                0x00d78bb9
                                                                0x00d78bbb
                                                                0x00d78bbd
                                                                0x00d78bc0
                                                                0x00d78bc2
                                                                0x00d78bc4
                                                                0x00d78bc5
                                                                0x00d78bc6
                                                                0x00d78bc8
                                                                0x00d78bcd
                                                                0x00d78bcf
                                                                0x00d78bd2
                                                                0x00d78bd4
                                                                0x00d78bd6
                                                                0x00d78bd8
                                                                0x00d78bda
                                                                0x00d78bdc
                                                                0x00d78bdd
                                                                0x00d78be2
                                                                0x00d78be3
                                                                0x00d78be6
                                                                0x00d78be8
                                                                0x00d78bea
                                                                0x00d78bec
                                                                0x00d78bee
                                                                0x00d78bf0
                                                                0x00d78bf2
                                                                0x00d78bf4
                                                                0x00d78bf5
                                                                0x00d78bfa
                                                                0x00d78bfb
                                                                0x00d78bfe
                                                                0x00d78c00
                                                                0x00d78c02
                                                                0x00d78c04
                                                                0x00d78c06
                                                                0x00d78c08
                                                                0x00d78c0a
                                                                0x00d78c0c
                                                                0x00d78c0d
                                                                0x00d78c10
                                                                0x00d78c12
                                                                0x00d78c13
                                                                0x00d78c15
                                                                0x00d78c17
                                                                0x00d78c1a
                                                                0x00d78c1e
                                                                0x00d78c1f
                                                                0x00d78c22
                                                                0x00d78c27
                                                                0x00d78c29
                                                                0x00d78c2f
                                                                0x00d78c32
                                                                0x00d78c34
                                                                0x00d78c36
                                                                0x00d78c37
                                                                0x00d78c39
                                                                0x00d78c3b
                                                                0x00d78c3e
                                                                0x00d78c40
                                                                0x00d78c42
                                                                0x00d78c44
                                                                0x00d78c46
                                                                0x00d78c48
                                                                0x00d78c4a
                                                                0x00d78c4c
                                                                0x00d78c4e
                                                                0x00d78c50
                                                                0x00d78c52
                                                                0x00d78c54
                                                                0x00d78c55
                                                                0x00d78c56
                                                                0x00d78c58
                                                                0x00d78c5a
                                                                0x00d78c5b
                                                                0x00d78c5d
                                                                0x00d78c5f
                                                                0x00d78c62
                                                                0x00d78c64
                                                                0x00d78c64
                                                                0x00d78c64
                                                                0x00d78c66
                                                                0x00d78c68
                                                                0x00d78c6a
                                                                0x00d78c6c
                                                                0x00d78c6e
                                                                0x00d78c70
                                                                0x00d78c72
                                                                0x00d78c77
                                                                0x00d78c7b
                                                                0x00d78c7d
                                                                0x00d78c7d
                                                                0x00d78c7e
                                                                0x00d78c7f
                                                                0x00d78c84
                                                                0x00d78c89
                                                                0x00d78c8b
                                                                0x00d78c8d
                                                                0x00d78c8f
                                                                0x00d78c95
                                                                0x00d78c9b
                                                                0x00d78c9e
                                                                0x00d78ca2
                                                                0x00d78ca3
                                                                0x00d78ca6
                                                                0x00d78ca8
                                                                0x00d78caa
                                                                0x00d78cae
                                                                0x00d78cb3
                                                                0x00d78cb6
                                                                0x00d78cba
                                                                0x00d78cbb
                                                                0x00d78cbe
                                                                0x00d78cc0
                                                                0x00d78cc2
                                                                0x00d78cc6
                                                                0x00d78ccb
                                                                0x00d78cce
                                                                0x00d78cd0
                                                                0x00d78cd2
                                                                0x00d78cd3
                                                                0x00d78cd5
                                                                0x00d78cd7
                                                                0x00d78cda
                                                                0x00d78cde
                                                                0x00d78cdf
                                                                0x00d78ce2
                                                                0x00d78ce7
                                                                0x00d78ce9
                                                                0x00d78cef
                                                                0x00d78cf2
                                                                0x00d78cf4
                                                                0x00d78cf6
                                                                0x00d78d26
                                                                0x00d78d26
                                                                0x00d78d27
                                                                0x00d78d2a
                                                                0x00d78d2c
                                                                0x00d78d2e
                                                                0x00d78d30
                                                                0x00d78d32
                                                                0x00d78d33
                                                                0x00d78d35
                                                                0x00d78d37
                                                                0x00d78d3d
                                                                0x00000000
                                                                0x00d78cf8
                                                                0x00d78cf8
                                                                0x00d78d01
                                                                0x00d78d03
                                                                0x00d78d06
                                                                0x00d78d08
                                                                0x00d78d0a
                                                                0x00d78d0c
                                                                0x00d78d0e
                                                                0x00d78d3e
                                                                0x00d78d40
                                                                0x00d78d42
                                                                0x00d78d44
                                                                0x00d78d46
                                                                0x00d78d48
                                                                0x00d78d4a
                                                                0x00d78d4c
                                                                0x00d78d4e
                                                                0x00d78d10
                                                                0x00d78d10
                                                                0x00d78d12
                                                                0x00d78d14
                                                                0x00d78d15
                                                                0x00d78d18
                                                                0x00d78d1a
                                                                0x00d78d1c
                                                                0x00d78d1e
                                                                0x00d78d20
                                                                0x00d78d22
                                                                0x00d78d24
                                                                0x00000000
                                                                0x00d78d24
                                                                0x00d78d20
                                                                0x00d78d0e
                                                                0x00d78d52
                                                                0x00d78d54
                                                                0x00d78d56
                                                                0x00d78d58
                                                                0x00d78d5a
                                                                0x00d78d5c
                                                                0x00d78d5e
                                                                0x00d78d60
                                                                0x00d78d62
                                                                0x00d78d63
                                                                0x00d78d66
                                                                0x00d78d68
                                                                0x00d78d69
                                                                0x00d78d6a
                                                                0x00d78d6c
                                                                0x00d78d70
                                                                0x00d78d72
                                                                0x00d78d76
                                                                0x00d78d78
                                                                0x00d78d7c
                                                                0x00d78d7e
                                                                0x00d78d80
                                                                0x00d78d82
                                                                0x00d78d84
                                                                0x00d78d86
                                                                0x00d78d88
                                                                0x00d78d8a
                                                                0x00d78d8c
                                                                0x00d78d8e
                                                                0x00d78d90
                                                                0x00d78d92
                                                                0x00d78d93
                                                                0x00d78d98
                                                                0x00d78d99
                                                                0x00d78d9e
                                                                0x00d78d9f
                                                                0x00d78da1
                                                                0x00d78da3
                                                                0x00d78da5
                                                                0x00d78da6
                                                                0x00d78da8
                                                                0x00d78dac
                                                                0x00d78dae
                                                                0x00d78db2
                                                                0x00d78db4
                                                                0x00d78db6
                                                                0x00d78db7
                                                                0x00d78dbc
                                                                0x00d78dbd
                                                                0x00d78dc2
                                                                0x00d78dc3
                                                                0x00d78dc5
                                                                0x00d78dc7
                                                                0x00d78dc9
                                                                0x00d78dca
                                                                0x00d78dcc
                                                                0x00d78dd0
                                                                0x00d78dd2
                                                                0x00d78dd4
                                                                0x00d78dd5
                                                                0x00d78dda
                                                                0x00d78ddb
                                                                0x00d78de0
                                                                0x00d78de1
                                                                0x00d78de3
                                                                0x00d78de5
                                                                0x00d78de8
                                                                0x00d78dea
                                                                0x00d78dec
                                                                0x00d78dee
                                                                0x00d78df0
                                                                0x00d78df2
                                                                0x00d78df4
                                                                0x00d78df6
                                                                0x00d78df8
                                                                0x00d78dfa
                                                                0x00d78dfc
                                                                0x00d78dfe
                                                                0x00d78e00
                                                                0x00d78e02
                                                                0x00d78e04

                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.253909298.0000000000D72000.00000002.00020000.sdmp, Offset: 00D70000, based on PE: true
                                                                • Associated: 00000003.00000002.253870292.0000000000D70000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 10504380a61c6705c8f0aac67b4c6e59aeecc4467a62ea62e6671e74d29bf851
                                                                • Instruction ID: 6ee864a6b07076e393f6234a8d70f2575bd7470c799d6625a5f587ac91bf2753
                                                                • Opcode Fuzzy Hash: 10504380a61c6705c8f0aac67b4c6e59aeecc4467a62ea62e6671e74d29bf851
                                                                • Instruction Fuzzy Hash: 8502AD6240E7D18FD7439BB898B51907FB0AE5725471E09DBC4C4CF0B7E229296AE732
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07724507, Relevance: .3, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 931a616df96da0174ecd9596b1be676b37a60b82b07c320b7b90ef4158a2fa61
                                                                • Instruction ID: 5b14de828adc78ce326e5d7c7a9dc4675532923df2e522895a377c0c8a1a0d98
                                                                • Opcode Fuzzy Hash: 931a616df96da0174ecd9596b1be676b37a60b82b07c320b7b90ef4158a2fa61
                                                                • Instruction Fuzzy Hash: BDD1E631D2474A8ACB14EF64C954ADDB7B1FFE5200F519BAAD1093B620EB706AC5CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164D314, Relevance: .3, Instructions: 265COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.254912306.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c933fa2bb7e9c8c54bcacdcf464301e062965c1ed0fc81210d975d9a0a8e86c4
                                                                • Instruction ID: 8bb286e93a06fb4299bb92756ba57d56b0bb8c2959d0987140ae656a4aac60b6
                                                                • Opcode Fuzzy Hash: c933fa2bb7e9c8c54bcacdcf464301e062965c1ed0fc81210d975d9a0a8e86c4
                                                                • Instruction Fuzzy Hash: 3BA19E36E1021A8FCF05DFB9C9445DDBBB2FF85300B1585AAE905BB261EB35A905CB40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07724518, Relevance: .3, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 542211ac8406c51380fe178c583609ddce091e59a50d96555d76a41dc522ac55
                                                                • Instruction ID: 6110f29d7d95a9d675210f38e5ea15edfa90db9fba236f53c25ccea3ddf96031
                                                                • Opcode Fuzzy Hash: 542211ac8406c51380fe178c583609ddce091e59a50d96555d76a41dc522ac55
                                                                • Instruction Fuzzy Hash: 02D1E631D2064A8ACB14EF64C950ADDB7B1FFE5200F519BAAD10977620EB70AAC5CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772C598, Relevance: .2, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cac6f832b63d7024ef3562588752b805d19d95ae92935c473f26c3260b4aa52
                                                                • Instruction ID: afee4d47e1b0fde11833b79684e4394a1f72732c1eb625ff90cc3abe7c8908bc
                                                                • Opcode Fuzzy Hash: 1cac6f832b63d7024ef3562588752b805d19d95ae92935c473f26c3260b4aa52
                                                                • Instruction Fuzzy Hash: 61813AB4E146298FCB14DF69C980A9EFBB2FF89344F2081A9D518A7315D7309E42CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772C591, Relevance: .2, Instructions: 176COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bdb8ca6012323d8645d9c6fa6dcae122feb2a4709c25ea9922803a5bd2a589e7
                                                                • Instruction ID: 4471b2a8e55809557269f66305a51425951d4b46c418092f7c2dd429657ca43c
                                                                • Opcode Fuzzy Hash: bdb8ca6012323d8645d9c6fa6dcae122feb2a4709c25ea9922803a5bd2a589e7
                                                                • Instruction Fuzzy Hash: B88127B4E146298FCB14CF65C980A9EFBB2FF89340F2081A9D418A7315DB309E42CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772BF08, Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e590439d7eb0257e23f885f572c9d35c72a2853172a783706f3919f8c7e361a
                                                                • Instruction ID: 604c2f44e13c0bc7321b43ee62985b7419966252aa5b9f2a05a360e2cea2c553
                                                                • Opcode Fuzzy Hash: 2e590439d7eb0257e23f885f572c9d35c72a2853172a783706f3919f8c7e361a
                                                                • Instruction Fuzzy Hash: A1314FF0E112298BDF28DF5AD9406AEBBB2FF89340F14C06AD519A7254EB3059429F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772BEF8, Relevance: .1, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 862699e444d7200832d8c0e58e30f46cdbaf76684bc2d5f6f77644b68d0edb97
                                                                • Instruction ID: 3cf5e86e141b54de7d182a5cf303320277c4b5d0c1d8873dcde0c72b067680ec
                                                                • Opcode Fuzzy Hash: 862699e444d7200832d8c0e58e30f46cdbaf76684bc2d5f6f77644b68d0edb97
                                                                • Instruction Fuzzy Hash: 573163F0E112198BDF28CF66D94069EBBF3BF88340F14C46AD519E7254EB3059429F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772AF50, Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6b004efe75383dcbf4d10d17dc4460660d4f452bf73b0f4d47d014b970291bc
                                                                • Instruction ID: 9153b23eea872cb2ad75d084b0c887d6a9a1ae2ffc75660ec90eaa4b78ced4ef
                                                                • Opcode Fuzzy Hash: b6b004efe75383dcbf4d10d17dc4460660d4f452bf73b0f4d47d014b970291bc
                                                                • Instruction Fuzzy Hash: 8D314CB1E157189BDB18CFABC80469EFBF7AFC8240F05C0B6D808A7264EB3455468F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0772D858, Relevance: .1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a51b41a661770f5008365752a92665a33f6da1bbfaad485c46e5ef06d329bf37
                                                                • Instruction ID: 532082e77b25df5efa9488de451c9589f0f6395f1e283540d3e9fd14dfb3e107
                                                                • Opcode Fuzzy Hash: a51b41a661770f5008365752a92665a33f6da1bbfaad485c46e5ef06d329bf37
                                                                • Instruction Fuzzy Hash: 29112CB1E116199BDB18CFAAD9416DEFBF7ABC8240F14C07AD518A7214DB3059428F91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07725658, Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05fc2243e4cbcbaaa60e567bbc97eca5d924bfe12cc3cb2ab51af48377341823
                                                                • Instruction ID: d0ca95331ec3c6dde70a0f1e370a3540ace59262c2827c9325e71525594b2426
                                                                • Opcode Fuzzy Hash: 05fc2243e4cbcbaaa60e567bbc97eca5d924bfe12cc3cb2ab51af48377341823
                                                                • Instruction Fuzzy Hash: 8411ECB1E04618DBEB18CFABD8046DEFBF7AFC8200F14C07AC918A6224EB3415568F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07725649, Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.267234621.0000000007720000.00000040.00000001.sdmp, Offset: 07720000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e26fc6b3c456a73cda888d60bd63be5781e8f2670f54047a9ba17c90d65cc53
                                                                • Instruction ID: 22ab754a09171ecfca38d536008e9dda1e64294b145abdc07e04f3887a28c494
                                                                • Opcode Fuzzy Hash: 5e26fc6b3c456a73cda888d60bd63be5781e8f2670f54047a9ba17c90d65cc53
                                                                • Instruction Fuzzy Hash: AF21D3B1E046588BEB18CFABC81469EFBF3AFC9240F14C076C918A7264EB3445458F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Analysis Process: name.exe PID: 6612 Parent PID: 6380 name.exeCOMMON

                                                                Executed Functions

                                                                Function 0745366F, Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: q=S$q=S$kCd
                                                                • API String ID: 0-4131342096
                                                                • Opcode ID: 86838b84ef9146007fa03717ef809a191372671f406b133eb2f39f2a3ae0a183
                                                                • Instruction ID: ad98efc1984c2cf4fef6afc13b67164c18ee672ed8742ea777150ed6871afa23
                                                                • Opcode Fuzzy Hash: 86838b84ef9146007fa03717ef809a191372671f406b133eb2f39f2a3ae0a183
                                                                • Instruction Fuzzy Hash: B87113B0C29219CFCB24CFA5D5849EDFBF5FB4A384F10A91AD416AB256D334A906CF14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05693BC8, Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr$X1Xr
                                                                • API String ID: 0-3809233243
                                                                • Opcode ID: e476cf8c072aa31d52f0ab56010983b7d73b9f6e42abbb83441f32cec840da59
                                                                • Instruction ID: 0facf9795640e0fab0d207e9d45119160664594fb9b53fce5ac66af1fdbe5fe0
                                                                • Opcode Fuzzy Hash: e476cf8c072aa31d52f0ab56010983b7d73b9f6e42abbb83441f32cec840da59
                                                                • Instruction Fuzzy Hash: 1551D8B4E05219DFDB08DFA9C980AAEFBF6BF88300F24C565D414A7355D7349A41CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569368F, Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr$X1Xr
                                                                • API String ID: 0-3809233243
                                                                • Opcode ID: 4666ce53208ebcbd3fd4e332ce09451007351bd5c4a366e16eacca320eecd8fd
                                                                • Instruction ID: 1958f91d579f9b844cd83b598ca1a026ac3522a7dffe6c8ea9f3bfd610a2ea92
                                                                • Opcode Fuzzy Hash: 4666ce53208ebcbd3fd4e332ce09451007351bd5c4a366e16eacca320eecd8fd
                                                                • Instruction Fuzzy Hash: DE51A2B4E012089FDB48DFAAC950AAEBBF2BF88300F14C569E515AB354DB359942CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 056936A0, Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr$X1Xr
                                                                • API String ID: 0-3809233243
                                                                • Opcode ID: 980e13be81394c944f869bc4876931432edceaf487d60a44240fe49f3fc60945
                                                                • Instruction ID: ac773df370b9a1e6eea41b68a1965ddcdd47a9eab1a5d1885fe60b469342de8a
                                                                • Opcode Fuzzy Hash: 980e13be81394c944f869bc4876931432edceaf487d60a44240fe49f3fc60945
                                                                • Instruction Fuzzy Hash: A951A3B4E01208DFDB48DFAAC950AAEBBF2BF88300F14C569E515AB354DB359941CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05695259, Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: lbhl$v _
                                                                • API String ID: 0-778964739
                                                                • Opcode ID: 75a982954c4e3c2e362b77c15b3a0a90dca4d70ee76b9f57f3785c0b0c2274e5
                                                                • Instruction ID: 03a97921fff4c99775a83f0efbd43a3712112e1da2912a87282ccf43398245d3
                                                                • Opcode Fuzzy Hash: 75a982954c4e3c2e362b77c15b3a0a90dca4d70ee76b9f57f3785c0b0c2274e5
                                                                • Instruction Fuzzy Hash: BB5115B1D042098FDF09CFA6D9416AEFBF6BF88300F24916AD816AB254D7748A41CB64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05692588, Relevance: 2.2, Strings: 1, Instructions: 914COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr
                                                                • API String ID: 0-3325931706
                                                                • Opcode ID: 9e3348680a35e203f59f59e74acaad3692b221e181750419d5ffc2f5bbb83c00
                                                                • Instruction ID: 133c0afd58fc70e8f6548068c24d93008de1583fe299ab910736550a229ed662
                                                                • Opcode Fuzzy Hash: 9e3348680a35e203f59f59e74acaad3692b221e181750419d5ffc2f5bbb83c00
                                                                • Instruction Fuzzy Hash: 1592B375D05268DFDF68CFA6C8583EDBAFABB88305F1480EAD509A6251D7740AC9CF10
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590279B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0590281B
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: AdjustPrivilegesToken
                                                                • String ID:
                                                                • API String ID: 2874748243-0
                                                                • Opcode ID: 6002ef162b48df128d94d399f9a75d93036c9612a65407961e0be889decd7e68
                                                                • Instruction ID: fdcdc92f42b0a0cd6024d1280dd35bfe0bb478631595461065d54bc80b614301
                                                                • Opcode Fuzzy Hash: 6002ef162b48df128d94d399f9a75d93036c9612a65407961e0be889decd7e68
                                                                • Instruction Fuzzy Hash: 44219F755097849FEB228F25DC44B62BFB8FF06210F0885DAE9858B5A3D274A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901382, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameA.ADVAPI32(?,00000E2C), ref: 059013E9
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID:
                                                                • API String ID: 2645101109-0
                                                                • Opcode ID: f28bfc758d4bc4907ce3604733e9236aca8bf5a832229b636bf10c8748d8e498
                                                                • Instruction ID: 81f7ae3ac282e7ace684c2675652576b9ff9c10f030b9a55068c5a43c275f858
                                                                • Opcode Fuzzy Hash: f28bfc758d4bc4907ce3604733e9236aca8bf5a832229b636bf10c8748d8e498
                                                                • Instruction Fuzzy Hash: D911AF72500204AFF711DF65DC85FBAFB9CEF44720F14886AEA45CB281D6B4A945CBB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 056968B1, Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: GsX
                                                                • API String ID: 0-3761113861
                                                                • Opcode ID: c2dc97a9f65067bfc9997a5ccd5e7171db9540fc1c0d66fcde958f7a17db9fe6
                                                                • Instruction ID: 6b053e036bda5d62294d2cd174537691afde8a6fe0cd133d4e53658f558652b5
                                                                • Opcode Fuzzy Hash: c2dc97a9f65067bfc9997a5ccd5e7171db9540fc1c0d66fcde958f7a17db9fe6
                                                                • Instruction Fuzzy Hash: E3E1907090530ADFCF18CFA4C9818AEFBB9FF45310B65955AD402AB615D730EA92CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902868, Relevance: 1.6, APIs: 1, Instructions: 62nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 059028DD
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: 6bb5bee9b6c6d6c41a750fe16d18b3da47977e9a5dcb7f2739f26cf035a5127b
                                                                • Instruction ID: bc384bfbc3e0d1d17d0b65c5a0504eaaa024d65dd00fa361ad716c57f7b8b60c
                                                                • Opcode Fuzzy Hash: 6bb5bee9b6c6d6c41a750fe16d18b3da47977e9a5dcb7f2739f26cf035a5127b
                                                                • Instruction Fuzzy Hash: 4821AE724093C49FDB128B21DC45A62BFB4EF06314F0984DAE9844F263D265A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059027D2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0590281B
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: AdjustPrivilegesToken
                                                                • String ID:
                                                                • API String ID: 2874748243-0
                                                                • Opcode ID: b20321d5d2592ccd48adb47363fc84b86d91883b60319a0e6e17f0f4407a4e64
                                                                • Instruction ID: 479f3f586fb017202acf743977ce2499aff2e6e98bae48dcb06dbf52b2cce64c
                                                                • Opcode Fuzzy Hash: b20321d5d2592ccd48adb47363fc84b86d91883b60319a0e6e17f0f4407a4e64
                                                                • Instruction Fuzzy Hash: E1115E79500604DFDB21CF55D888B66FBE8FF04620F08C8AADE4A8B651D275E418DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059028A2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 059028DD
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: 3eb94924e309985a9e66457d514d4fe7e555b48080fe079748a4fba3d0e1b301
                                                                • Instruction ID: c7319e4a7643ab3893b5df0129b04d572c28116160b4d957934cd8e4f29eb997
                                                                • Opcode Fuzzy Hash: 3eb94924e309985a9e66457d514d4fe7e555b48080fe079748a4fba3d0e1b301
                                                                • Instruction Fuzzy Hash: 24018F39800604DFDF21CF05D888B26FBA4FF04720F08C89ADE8A4B652D275A418CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05696998, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: GsX
                                                                • API String ID: 0-3761113861
                                                                • Opcode ID: f0137481c99ebe864a152b8faa0a0256c4ef3507786f075359fe59a6b6c835ff
                                                                • Instruction ID: 6db2199b10bfa4c624ce9fdc4311dc24928e553d0cfe36c94a5b307d983f253e
                                                                • Opcode Fuzzy Hash: f0137481c99ebe864a152b8faa0a0256c4ef3507786f075359fe59a6b6c835ff
                                                                • Instruction Fuzzy Hash: F2C15E7090531ADFCB18CFA4C5808AEFBB6FF49310B65955AD406BB614C7309A92CFA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569ADD8, Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: u<B
                                                                • API String ID: 0-3419542075
                                                                • Opcode ID: b7109999e36b327eb1cde5e07699ddcb5ad3a4fb7e4cae0e8c37890b719d283a
                                                                • Instruction ID: 37195b3089d91af6a238fd4a78cd9eeff0f543f5126249f1c5cf6c45fc069cbb
                                                                • Opcode Fuzzy Hash: b7109999e36b327eb1cde5e07699ddcb5ad3a4fb7e4cae0e8c37890b719d283a
                                                                • Instruction Fuzzy Hash: 38514DB0D0520ADFDF08CFE6D940AAEBBF6BF89310F249659C410BB254D7349A42CB65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569ADE8, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: u<B
                                                                • API String ID: 0-3419542075
                                                                • Opcode ID: 92d5c92ac0b4dae26a924e316b5d05e21e90d4ee4d6a65e530e72820fb0ebc41
                                                                • Instruction ID: 7635a324966634b0d746e8b65ac71e02eda0b8c6ed3907388a23ee5987ccb05e
                                                                • Opcode Fuzzy Hash: 92d5c92ac0b4dae26a924e316b5d05e21e90d4ee4d6a65e530e72820fb0ebc41
                                                                • Instruction Fuzzy Hash: 7D512AB0D0520ADFCF08CFE6D940AAEBBF6BF89310F249659C415BB254D7349A42CB65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E780, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: :@1r
                                                                • API String ID: 0-3055443387
                                                                • Opcode ID: 9c0e5c984241571dc7ac06ac4acb6010e184b3bf4485a7b62fd1853212fe4714
                                                                • Instruction ID: 7fec3211e7f229c789b85a7df1edfabbb276342d41f127b3f564ce87ce67ef42
                                                                • Opcode Fuzzy Hash: 9c0e5c984241571dc7ac06ac4acb6010e184b3bf4485a7b62fd1853212fe4714
                                                                • Instruction Fuzzy Hash: 0A61E074D04229DFCF58CFA4C984AADBBF6BF49300F1095AAD40AAB354EB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E510, Relevance: .2, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16689191a4073984b3ac8720737a7d5c6303ebd75a2a68b378c381dfd68d08b0
                                                                • Instruction ID: c2991add113857bb7bab05e996bae01df13410f004cca5cead3ffa73b70216fb
                                                                • Opcode Fuzzy Hash: 16689191a4073984b3ac8720737a7d5c6303ebd75a2a68b378c381dfd68d08b0
                                                                • Instruction Fuzzy Hash: D4A144B0D04219DFCF18CFA5C945AADBBFABF49300F1091AAD40AAB355EB364A45CF11
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05694A98, Relevance: .2, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f0a9ec17b6daea998105003eabe06b1b3d5a0e14ebba5900815489fad3fb4e65
                                                                • Instruction ID: c89ee860c57f5313a8d0fd3ef0505ffaf8280ec0ed337222f9d58e9e982ee436
                                                                • Opcode Fuzzy Hash: f0a9ec17b6daea998105003eabe06b1b3d5a0e14ebba5900815489fad3fb4e65
                                                                • Instruction Fuzzy Hash: 7D912270D05209DFCF08CFA9D995AADBBFAFF89302F10916AD405AB254DB359A02CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05694B40, Relevance: .2, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cef04cbf4d999de88874fd3cf4ce211a4738bd731523299d66d66c1598f5bfd3
                                                                • Instruction ID: 2eef14254a717ac92ed50c7cc616f4523409a8a7794dfdcda2370b22967410ac
                                                                • Opcode Fuzzy Hash: cef04cbf4d999de88874fd3cf4ce211a4738bd731523299d66d66c1598f5bfd3
                                                                • Instruction Fuzzy Hash: C971CE74E04219DFDF08CFA9C994AAEBBB2BF88301F10816AD416AB354DB355A42CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E8A3, Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e107ec128ef1df9f7d798037035c2d62700ec8557576ec3c2b785a49b8f0662
                                                                • Instruction ID: 0b524d791a70f74382aadb0e064798457db9af72f551235aa7526e359f759ea2
                                                                • Opcode Fuzzy Hash: 2e107ec128ef1df9f7d798037035c2d62700ec8557576ec3c2b785a49b8f0662
                                                                • Instruction Fuzzy Hash: 3B512474D04269DFCF58CFA4C984AADBBF6FF49300F10929AD40AAB258DB359A41CF14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E924, Relevance: .1, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 35ae990972c78a5c661e54b3ec8445dc6fab1182e528ec8aec44b1db5acbc86f
                                                                • Instruction ID: e4cbeb3c417520275eb74377c7bd4b157a7ebac3961652228cfa484c7579941d
                                                                • Opcode Fuzzy Hash: 35ae990972c78a5c661e54b3ec8445dc6fab1182e528ec8aec44b1db5acbc86f
                                                                • Instruction Fuzzy Hash: 39510374D04229DFCF58CFA4C944AADBBFABF49300F10959AD40ABB254DB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E63E, Relevance: .1, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e5a89cfbf82fd7c592b73480661944f0d98233e30e50040af14fe154952684c2
                                                                • Instruction ID: 9d434c18c0fe452dcdb772f1ffc06b5947c8a0497285b8f9a992fe1cb168368e
                                                                • Opcode Fuzzy Hash: e5a89cfbf82fd7c592b73480661944f0d98233e30e50040af14fe154952684c2
                                                                • Instruction Fuzzy Hash: 60510374D04229DFCF58CFA4C984AADBBF6BF49300F1095AAD40ABB258DB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E756, Relevance: .1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e334ea85ea65785cb98f2046431fb089f6ca129252c50d897cbd1d8b476c42a9
                                                                • Instruction ID: 1ffd530e8337a4723c1539f23c01e53876b46af6366baf38e67712d999e2d48a
                                                                • Opcode Fuzzy Hash: e334ea85ea65785cb98f2046431fb089f6ca129252c50d897cbd1d8b476c42a9
                                                                • Instruction Fuzzy Hash: 6E511274D04229DFCF58CFA4C944AADBBF6BF49300F1091AAD40ABB218DB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E8FF, Relevance: .1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6465ccad194ac3c30db4a7217d3cb3a7969b01476aa9c13573632aa2b2c38468
                                                                • Instruction ID: 84e0a48ab4f0a869db394799de15ac11454d79f9a119f89d6249bf283f951c1b
                                                                • Opcode Fuzzy Hash: 6465ccad194ac3c30db4a7217d3cb3a7969b01476aa9c13573632aa2b2c38468
                                                                • Instruction Fuzzy Hash: B2510174D04229DFCF58CFA4C948AADBBF6BF49300F1095AAD40AAB258DB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E9A7, Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a99a8edf9cb9e09cd390ca27fa18d8560ab1dd0f3228d1fbebc683307c16a5d4
                                                                • Instruction ID: 6ec84462a82933c1481406c9a692dbb5dd1c584a3e66ff99e1cb60ba918a2f77
                                                                • Opcode Fuzzy Hash: a99a8edf9cb9e09cd390ca27fa18d8560ab1dd0f3228d1fbebc683307c16a5d4
                                                                • Instruction Fuzzy Hash: 01510274D04229DFCF54CFA4C948AADBBF6BF49300F1091AAD40AAB218DB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569E91C, Relevance: .1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b1475ca143785fe74b2a7a59820e5e9a336a00ae807a3147a3b6e24f1076ed66
                                                                • Instruction ID: 9a9db0151e5a8cb5977e5c8262dfff689b47a36c217f0b8cd52a6be745bcde05
                                                                • Opcode Fuzzy Hash: b1475ca143785fe74b2a7a59820e5e9a336a00ae807a3147a3b6e24f1076ed66
                                                                • Instruction Fuzzy Hash: 1D510374D04229DFCF58CFA4C944AADBBF6BF49300F1095AAD40ABB258DB359A41CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C020, Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d904fc5a9a408372182abf03da15060ddaeda5c4c5ca6b1305958e95086dd7ab
                                                                • Instruction ID: 4e5d1872db661c8151a92a6e987bbeaa33b7961bc8254e7d17beb4a9a6a0722c
                                                                • Opcode Fuzzy Hash: d904fc5a9a408372182abf03da15060ddaeda5c4c5ca6b1305958e95086dd7ab
                                                                • Instruction Fuzzy Hash: 0B313970D1A209DFDF48CFA5D981AEEBBF9EB4A210F50A42AD005B7214D7319D15CF68
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C030, Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33d14c00630a6ab8ce830c0324a86d552aa4b9eebbd40ef71cd502b024515193
                                                                • Instruction ID: b2c1c8f0509c7793b30e91b47c14c64c4511408ad51ebfd5d33a3f02be6d3ccb
                                                                • Opcode Fuzzy Hash: 33d14c00630a6ab8ce830c0324a86d552aa4b9eebbd40ef71cd502b024515193
                                                                • Instruction Fuzzy Hash: 21312870D1A209DFDF48CFA5D980AEEBBFAEB4A210F50A52AD005B7214D7319D15CF68
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05695B59, Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c244d39dd6b4ed85260de057460f1aa94726cc2ae76a9c4870d4aa09f8c98f77
                                                                • Instruction ID: 47edbcf367f98f450205f8cf49aa7952aa58148951316aa557e944535fee8769
                                                                • Opcode Fuzzy Hash: c244d39dd6b4ed85260de057460f1aa94726cc2ae76a9c4870d4aa09f8c98f77
                                                                • Instruction Fuzzy Hash: 6621D9B1E016188BDB18CFABD9402DEFBF7AFC9310F14C16AD509AA268DB341A55CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901322, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameA.ADVAPI32(?,00000E2C), ref: 059013E9
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID:
                                                                • API String ID: 2645101109-0
                                                                • Opcode ID: 3cecabe231e6ee489ccf7e93361da4e47c24d639daafade198861dc0fe7a7402
                                                                • Instruction ID: 935e22f9f466134c077f28a03baef846d1f910596390920bf6353de024d40fb2
                                                                • Opcode Fuzzy Hash: 3cecabe231e6ee489ccf7e93361da4e47c24d639daafade198861dc0fe7a7402
                                                                • Instruction Fuzzy Hash: 5A416D7110E3C06FE7138B249C55BA6BFB8AF43614F0984DBE984CF1A3D2689949C772
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590218B, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0590223B
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: a264a86b5a3ca4cd095a17635b94f3ac85769ed2bcc06113434a4df7eddc103e
                                                                • Instruction ID: a492b91659a0a59b6a784361e0d7dc0d98c0e5911c4e4a294dd8e7227d4c24b5
                                                                • Opcode Fuzzy Hash: a264a86b5a3ca4cd095a17635b94f3ac85769ed2bcc06113434a4df7eddc103e
                                                                • Instruction Fuzzy Hash: CF31D472004384AFEB128F65CC44F6BBFACEF46710F0489AEE985CB152D324A909CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901A7A, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 05901B24
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: InformationToken
                                                                • String ID:
                                                                • API String ID: 4114910276-0
                                                                • Opcode ID: 8b2d72fa82bac8f3b5be992ba1a719bdb7847407d0ffc3d8cc2a1a36257e3177
                                                                • Instruction ID: 85f8c0583d3869efbb87e2930f86c5ba17cab7ee3b63ee1da84fcc9d15649b58
                                                                • Opcode Fuzzy Hash: 8b2d72fa82bac8f3b5be992ba1a719bdb7847407d0ffc3d8cc2a1a36257e3177
                                                                • Instruction Fuzzy Hash: 5531B571409781AFEB22CF61DC45FA7BFBCEF46710F08849BE9858B152D324A948C761
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DAC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 016DACD1
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: 6e4e17e0a5b40715dd321874f50362f7ac6e5d14498e711eb764360102e46228
                                                                • Instruction ID: d4cb050039850183c101df249fd9db03d9641e58edcd9155577cfaf8d50938ad
                                                                • Opcode Fuzzy Hash: 6e4e17e0a5b40715dd321874f50362f7ac6e5d14498e711eb764360102e46228
                                                                • Instruction Fuzzy Hash: 8331D472408384AFE7228B25CC45FA7BFBCEF45710F0884AAED818B152D364A809CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901608, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 059016A9
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 7f6e603090aa57aab9fbd7fffc1fe0e0e39ee6d805c382cfe4fc9a43aa3c8754
                                                                • Instruction ID: fde1a3191f89c93e777c35b4fd90e6c626406ab0b809895334ad863d64d5e239
                                                                • Opcode Fuzzy Hash: 7f6e603090aa57aab9fbd7fffc1fe0e0e39ee6d805c382cfe4fc9a43aa3c8754
                                                                • Instruction Fuzzy Hash: 65317CB1505340AFE722CF25CC44F66BBE8EF45610F0888AEE9858B252D375E809DB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059006CA, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMutexW.KERNELBASE(?,?), ref: 05900771
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateMutex
                                                                • String ID:
                                                                • API String ID: 1964310414-0
                                                                • Opcode ID: 880c2c1ad78e8a653ce6dd07e857838723681fa94130571bb0e17bfd70f450a2
                                                                • Instruction ID: f9caae454593479397270596fc3dee240ffdcd594fa84df79216849daa92cfd7
                                                                • Opcode Fuzzy Hash: 880c2c1ad78e8a653ce6dd07e857838723681fa94130571bb0e17bfd70f450a2
                                                                • Instruction Fuzzy Hash: 24319571509780AFE712CF25DC88F66FFE8EF46610F18849AE945CB293D374A905CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DAD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 016DADD4
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: f0dba47afa0ccd84cf3b349df9436ce06d69f10f33104414fd2c3b8b2aa2a044
                                                                • Instruction ID: ba0eb129650ffd81c46542093f3ba01b61f20b78ed5abe0c1bade3595075a9cc
                                                                • Opcode Fuzzy Hash: f0dba47afa0ccd84cf3b349df9436ce06d69f10f33104414fd2c3b8b2aa2a044
                                                                • Instruction Fuzzy Hash: 0831B3725093849FE722CB65CC44FA6BFB8EF46710F08849AE985CB253D364E549CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059007C8, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 0590087E
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: c1ecf6ca6875c93ee8fddf8edc532880510551e550fb7006f20cf510ab12f0cd
                                                                • Instruction ID: 2cbbdd51fcb6460fe606b5a7acc120d8bba246bd2564a9bbb217cc280e69079c
                                                                • Opcode Fuzzy Hash: c1ecf6ca6875c93ee8fddf8edc532880510551e550fb7006f20cf510ab12f0cd
                                                                • Instruction Fuzzy Hash: A831F6714093806FD3038B259C55B62BFB8FF47614F0A81DBD8848B5A3E225690AC7B1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901DAB, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05901E47
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: OpenPolicy
                                                                • String ID:
                                                                • API String ID: 2030686058-0
                                                                • Opcode ID: c669aed3c454644009895942f3da1e0ba188f58f2cccd22c193a0043c2b639e2
                                                                • Instruction ID: 7d1c55b9495640fd12ebb4942f121e4be433905688cc98d39cbd4437788cf6ab
                                                                • Opcode Fuzzy Hash: c669aed3c454644009895942f3da1e0ba188f58f2cccd22c193a0043c2b639e2
                                                                • Instruction Fuzzy Hash: B1219E72504344AFE721CF25DC44F6ABBA8EF45710F0888AAED859B192D364A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901447, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowA.USER32(?,00000E2C), ref: 059014EA
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: FindWindow
                                                                • String ID:
                                                                • API String ID: 134000473-0
                                                                • Opcode ID: 51f1267c987b49968bc71abb189bf9bc26ffe81325c8e173990357100b41ce7b
                                                                • Instruction ID: 2d58d2939e1b0c9f864c582a0e64ec5ad843d3ecfd3efa60a9c94b3e04182bca
                                                                • Opcode Fuzzy Hash: 51f1267c987b49968bc71abb189bf9bc26ffe81325c8e173990357100b41ce7b
                                                                • Instruction Fuzzy Hash: C421BA71409380AFEB228F11DC45FA6BFB8EF46710F1884DAE9448F192D378A949C771
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059021BE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0590223B
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: dff000e59d34bd5abfea4a761e94d9b12ad20da12fe01706db11eac949a756e0
                                                                • Instruction ID: dd6901f63e03c1acc33bff8472ba95760e1813d02a65dbaab7af5af57bb3885d
                                                                • Opcode Fuzzy Hash: dff000e59d34bd5abfea4a761e94d9b12ad20da12fe01706db11eac949a756e0
                                                                • Instruction Fuzzy Hash: 7121BD72500305AFEB219F65DC84F6BFBACEF48720F04896AEA45CB151D370A8198BA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902299, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNELBASE(?), ref: 05902320
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: 9c6b77d2f156646c2dc6373f868bbc7373fa99cd2cf804e2fde8b32fbd3655e2
                                                                • Instruction ID: e20e2db799183edd15734457f1b8709f67c2858212c6ed04e30764bd7f04fe74
                                                                • Opcode Fuzzy Hash: 9c6b77d2f156646c2dc6373f868bbc7373fa99cd2cf804e2fde8b32fbd3655e2
                                                                • Instruction Fuzzy Hash: 72219F765093C09FDB13CB25DC95BA6BFA8EF07610F0984DADC858F2A3D225A908C761
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901700, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileType.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 05901795
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: FileType
                                                                • String ID:
                                                                • API String ID: 3081899298-0
                                                                • Opcode ID: b439e33482e0142b131d1cf9f6bcecb2ff474b60ff62aafcd764a70d841c3fb9
                                                                • Instruction ID: e02436c4461b354627ab5d2c36d734bb381e891fd1ba9c59aa8884eeadfa899b
                                                                • Opcode Fuzzy Hash: b439e33482e0142b131d1cf9f6bcecb2ff474b60ff62aafcd764a70d841c3fb9
                                                                • Instruction Fuzzy Hash: 6721B6B64097846FE712CB259C40FA6BFBCEF46B20F18849AE9858B193D364A905C771
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590162A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 059016A9
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: f3f71441f83d782376e261ea02e8f810443521a18065f98a3f609231e1264d34
                                                                • Instruction ID: 80ecce98d37fede4f0e61d6278e14f9215e8224d3c651ceb7cc998780e5b1597
                                                                • Opcode Fuzzy Hash: f3f71441f83d782376e261ea02e8f810443521a18065f98a3f609231e1264d34
                                                                • Instruction Fuzzy Hash: D6217A71504700AFEB21DF66CC84B66FBE8FF08710F18886EE9858B691D371E804CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DA2AC, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 016DA346
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 639bf1614f3f457ddb05c970ff12487056b402387b942d77b7bd50bf587a311f
                                                                • Instruction ID: 4ad180f89b8a385f1be06923046c89e582b0e884e60e5baab8df98075e268817
                                                                • Opcode Fuzzy Hash: 639bf1614f3f457ddb05c970ff12487056b402387b942d77b7bd50bf587a311f
                                                                • Instruction Fuzzy Hash: 2E2198715497C06FD3138B259C51B62BFB4EF87A10F0941DBEC84CB553D225A91AC7B2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902618, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0590269A
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: f23457301b7cdd22547768a10204a05bce767c3a5136ae087274efe1b7f0aa34
                                                                • Instruction ID: fb89d23cb660ed0ad621946b29078afd512f4d21e8d6acff8e2999add17612e7
                                                                • Opcode Fuzzy Hash: f23457301b7cdd22547768a10204a05bce767c3a5136ae087274efe1b7f0aa34
                                                                • Instruction Fuzzy Hash: CF21A1765093849FDB12CF25DC45B92BFA8EF06220F0984EBE889CF253D264D848CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DAC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 016DACD1
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: b0f71ca5cefaf35ed8d0d07f07924c3d92fec94ba3b040da6be756b156fb10e9
                                                                • Instruction ID: 3d28430b3a779394407ef2a602cfc3326fba69a24fdb49e1a14d91bd11e792a1
                                                                • Opcode Fuzzy Hash: b0f71ca5cefaf35ed8d0d07f07924c3d92fec94ba3b040da6be756b156fb10e9
                                                                • Instruction Fuzzy Hash: 9D21CD72904704AFE7219F55CC84FABFBACEF44B20F04846AEA418B241D370E8098BB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901DD6, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05901E47
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: OpenPolicy
                                                                • String ID:
                                                                • API String ID: 2030686058-0
                                                                • Opcode ID: b6b67832cb44977126c44c96a22a34a882045b98787f87bc54061525a4dd0546
                                                                • Instruction ID: 612680bc2d908b4ab7c523c61452a73e0465d2d544a93e9a86d1d7bbb94ca757
                                                                • Opcode Fuzzy Hash: b6b67832cb44977126c44c96a22a34a882045b98787f87bc54061525a4dd0546
                                                                • Instruction Fuzzy Hash: 29215E72500304AFEB21DF65DC45F6AFBACEF44B10F14886AED459B281D774A908CBB5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059006FE, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMutexW.KERNELBASE(?,?), ref: 05900771
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateMutex
                                                                • String ID:
                                                                • API String ID: 1964310414-0
                                                                • Opcode ID: 34e97c5d9c0d137988ae16a165583ca07f31899bef357204eb595a3990970bf6
                                                                • Instruction ID: 9110f801ae901929784ad039f88af5fce6fefa0d5ec0f1e2b9551ce45f0f0d5d
                                                                • Opcode Fuzzy Hash: 34e97c5d9c0d137988ae16a165583ca07f31899bef357204eb595a3990970bf6
                                                                • Instruction Fuzzy Hash: 97218071504200AFE721DF25DC89F66FBE8EF44610F5888AAE945CB282D374E805CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DB703, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 016DB786
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: FileNameTemp
                                                                • String ID:
                                                                • API String ID: 745986568-0
                                                                • Opcode ID: b78ce450f35a98b046815f103b304660d26a35bb9e205cb9ce707c484c555d3b
                                                                • Instruction ID: ea27210b68915fe76dd4cf96a6dffa83c87dc8dfefaffc7a80cd8eb8b25f84a8
                                                                • Opcode Fuzzy Hash: b78ce450f35a98b046815f103b304660d26a35bb9e205cb9ce707c484c555d3b
                                                                • Instruction Fuzzy Hash: 2D210871545380AFD312CF25DC41F76BFB4EF86620F09859AED448B652D230A916CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059018B2, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 05901931
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: 752372b77e13215e2fbfcd9dce4709afb97115ba16e9fe8489f6d483b999284d
                                                                • Instruction ID: 67cf771d5d4cd37c1c550141075ae11be23a18bb162351dc2bcc4dcb5e81abb7
                                                                • Opcode Fuzzy Hash: 752372b77e13215e2fbfcd9dce4709afb97115ba16e9fe8489f6d483b999284d
                                                                • Instruction Fuzzy Hash: 22218072405340AFEB228F51DC44F6ABFB8EF45610F0884AAE9859B152C364A508CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901ABA, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 05901B24
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: InformationToken
                                                                • String ID:
                                                                • API String ID: 4114910276-0
                                                                • Opcode ID: 9abf10505f5f84c98eb991fcf17aef31760fc902d7fb50632bda273573f9096d
                                                                • Instruction ID: 3fd9c35f8322f52f2eabbf760481ed99df730eeba778c8432603909656b1a53c
                                                                • Opcode Fuzzy Hash: 9abf10505f5f84c98eb991fcf17aef31760fc902d7fb50632bda273573f9096d
                                                                • Instruction Fuzzy Hash: FD119071500205AFEB21DF65DC45FABFBACEF84B10F04886AE9458B251D774A845CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DAD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 016DADD4
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: 4a44f9adadf0bfae00194c52151234daa24842665ee5264b0592426e0c2e7eea
                                                                • Instruction ID: 48e20a1e633150cbb688bcd7d20f412281a4ae7b4957efc12cdd747ee4aa1d22
                                                                • Opcode Fuzzy Hash: 4a44f9adadf0bfae00194c52151234daa24842665ee5264b0592426e0c2e7eea
                                                                • Instruction Fuzzy Hash: F521AE72904704AFE721CE56CC80FA7FBECEF04B10F04846AE9468B251D760E404CAB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590053C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE ref: 059005AC
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: ChangeCloseFindNotification
                                                                • String ID:
                                                                • API String ID: 2591292051-0
                                                                • Opcode ID: c24d05e05bbd47fa4cc6c382928a99b47376fabf7a8e46c46e5516c4226290a0
                                                                • Instruction ID: 9eec1379b27b03f19005c10d41e0e7f7d5cc3e6bafeb0be4ca379d45cf0e420f
                                                                • Opcode Fuzzy Hash: c24d05e05bbd47fa4cc6c382928a99b47376fabf7a8e46c46e5516c4226290a0
                                                                • Instruction Fuzzy Hash: 3B21A4B14097C49FD712CB25DC89B55BFB8EF12224F0984EBD8858F5A3D2749809CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590255C, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059025DC
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: df6953ee514e13a35786065de904c256c2a5777dbd3424b86d0938d959647fd4
                                                                • Instruction ID: ff7339a1ae54c1bb8509ff1450cb0ef4f663ed04d16ea621396ca1d0c4ad9213
                                                                • Opcode Fuzzy Hash: df6953ee514e13a35786065de904c256c2a5777dbd3424b86d0938d959647fd4
                                                                • Instruction Fuzzy Hash: 6521CF760093809FDB128B25DC84AA6FFB4EF06210F0984DFD9858B163D224A849DB21
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059008A7, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05900933
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: 07b9ab67df06cf69a161e5cf9dd95272879d802980564ed89d40c2a8842b1382
                                                                • Instruction ID: fb3b0316b3088eec36ab14718c5da524266e447db1972f4d8fa6096cb1bb0a4c
                                                                • Opcode Fuzzy Hash: 07b9ab67df06cf69a161e5cf9dd95272879d802980564ed89d40c2a8842b1382
                                                                • Instruction Fuzzy Hash: E621E771508384AFEB21CB11DC85F66FFA8EF45B20F14849AFD855F192D3B4A948C762
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DB2B9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 016DB335
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: LibraryLoadShim
                                                                • String ID:
                                                                • API String ID: 1475914169-0
                                                                • Opcode ID: 6d0162b1a1953682d17e5853e48129be86484b0f98c8cd33b3f46431c33623c2
                                                                • Instruction ID: ff26bf8ab7f624ef383666484992c96861704e1f391f375f9e2d49fbd18ea19f
                                                                • Opcode Fuzzy Hash: 6d0162b1a1953682d17e5853e48129be86484b0f98c8cd33b3f46431c33623c2
                                                                • Instruction Fuzzy Hash: 902190715093809FD7228E19DC45B62FFF8EF06614F09809AED85CB253D365E809DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05900007, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0590007D
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: ExtentPoint32Text
                                                                • String ID:
                                                                • API String ID: 223599850-0
                                                                • Opcode ID: 83529aee860dccaa6890847b46d393a2fd49bbd26b8c13b60f73e846ba5fdaaf
                                                                • Instruction ID: 8b786f98139f15c6080072cc09584515605c8e990ae1cb24cf6384809c07fd66
                                                                • Opcode Fuzzy Hash: 83529aee860dccaa6890847b46d393a2fd49bbd26b8c13b60f73e846ba5fdaaf
                                                                • Instruction Fuzzy Hash: 05215C71508384AFD722CF65DC44B67BFF8EF45620F0984AAED858B252E375E848CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059029B5, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,?,?,?), ref: 05902A29
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: d0f176a1fce45d161e6ca1de35d9fd8680311793d72385f2e6ad920730d5a6c5
                                                                • Instruction ID: 8acd7e90c77515f6bf09a74afc12b7cb4444ed01305d291c3a7f8f63813b34d6
                                                                • Opcode Fuzzy Hash: d0f176a1fce45d161e6ca1de35d9fd8680311793d72385f2e6ad920730d5a6c5
                                                                • Instruction Fuzzy Hash: 65218C714093C09FDB238F25CC44A62FFB4EF17210F0984DAE9858F1A3D265A818DB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590147E, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowA.USER32(?,00000E2C), ref: 059014EA
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: FindWindow
                                                                • String ID:
                                                                • API String ID: 134000473-0
                                                                • Opcode ID: ee1a4f1d0461dcc545c1683ffa9f0a3c0dcee4c161e2503b2d2d28585ea9918f
                                                                • Instruction ID: dde707934e503a1f5ac7ce73320e1edcc936f75fcfd2443e84f0a6968e5ca935
                                                                • Opcode Fuzzy Hash: ee1a4f1d0461dcc545c1683ffa9f0a3c0dcee4c161e2503b2d2d28585ea9918f
                                                                • Instruction Fuzzy Hash: 4F119471500204AFFB21DF15DC45FAAFBA8EF44B10F1488AAED459F281D3B4A505CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016DA666
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: b79824770cd7f646609ff93bf4879eb80be508e587435c597984e9c365a6ce2c
                                                                • Instruction ID: fb99689cbc1ff2d9ee51e392bdb016dfa857eaf8b557f1c93fa3d74401ce39e2
                                                                • Opcode Fuzzy Hash: b79824770cd7f646609ff93bf4879eb80be508e587435c597984e9c365a6ce2c
                                                                • Instruction Fuzzy Hash: 65118172409780AFDB238F55DC44A62FFF4EF4A210F0885DAEE858B663D375A418DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059018D2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 05901931
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: 9c36be3c12e989dd0a46e1b9f5cc7d65272a48b2787ef5abcd2a4aa93f027910
                                                                • Instruction ID: 92c5933d641bd1817d99b5d86ea465bd522259f8d3bab43c6b3dbf573e65e75e
                                                                • Opcode Fuzzy Hash: 9c36be3c12e989dd0a46e1b9f5cc7d65272a48b2787ef5abcd2a4aa93f027910
                                                                • Instruction Fuzzy Hash: 7611BF71400200EFEB21CF55DC44FAAFBA8EF44B20F1488AAEA459B251C374A404CBB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059024BB, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05902520
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: 05f973962a48171843eb48496ef17589347b49250d61bb5f3a482eb89d265767
                                                                • Instruction ID: 0c0ddd13195247b3476ad6d1ffe0d98565b741e360ac8fe6ce94ce6140c27c3c
                                                                • Opcode Fuzzy Hash: 05f973962a48171843eb48496ef17589347b49250d61bb5f3a482eb89d265767
                                                                • Instruction Fuzzy Hash: 9B11E2764097809FDB228F25DC44E62FFB4FF06220F0884DEED858B663D275A458DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059008CA, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05900933
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: 7eda698819400567f553d38d61f3719ef08f63a389219de45b6c6131ad6f4dc9
                                                                • Instruction ID: 79add4d1c22866ed174c37d51b6e47deffd5853cfeb14143040f70a682fcf708
                                                                • Opcode Fuzzy Hash: 7eda698819400567f553d38d61f3719ef08f63a389219de45b6c6131ad6f4dc9
                                                                • Instruction Fuzzy Hash: 3711E571500304AFFB20DB15DC85F76FB98EF44B20F14889AEE455A281D3B4A504CAB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902D47, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,?,?,?), ref: 05902DB1
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: 192535ecac948bfb8ea41fa9f6475bfed41da6999a5c8420bb96bcf22a3315c0
                                                                • Instruction ID: 1b5dd308176da102dd356c76d756abf443bacb47c1deb3dda3e8ba52750e2e2d
                                                                • Opcode Fuzzy Hash: 192535ecac948bfb8ea41fa9f6475bfed41da6999a5c8420bb96bcf22a3315c0
                                                                • Instruction Fuzzy Hash: 6D11D0754093849FDB228F15DC45F62FFB4EF06224F0884EEED854B6A3C275A819CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902414, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetThreadContext.KERNELBASE(?,?), ref: 05902473
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: ContextThread
                                                                • String ID:
                                                                • API String ID: 1591575202-0
                                                                • Opcode ID: 9b32ca95771e1fe3b4303f6d3b5731294af0bfa99412b006ea48462abc7a553b
                                                                • Instruction ID: 0d44fd86934b5a89469de4b3f53842dd802983430be9391ab013063323168e8c
                                                                • Opcode Fuzzy Hash: 9b32ca95771e1fe3b4303f6d3b5731294af0bfa99412b006ea48462abc7a553b
                                                                • Instruction Fuzzy Hash: 0C1194755093849FDB11CF15DC85F66FFE8EF06220F0984AEED458B2A2D274E848CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902652, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0590269A
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 2b31294a08a073129bcfc439d5ca1cc6aaf4712f15fa6b5e9cff182a7acd171d
                                                                • Instruction ID: a7f5f7788606811df37d92e7199a7816defc9e526217ac64803a221e2d5e5381
                                                                • Opcode Fuzzy Hash: 2b31294a08a073129bcfc439d5ca1cc6aaf4712f15fa6b5e9cff182a7acd171d
                                                                • Instruction Fuzzy Hash: 05115275A046459FDB20CF29D849B66FBD8FF04620F0898ABDD4ACB641D674D444CA61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05901742, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileType.KERNELBASE(?,00000E2C,DE2F60FA,00000000,00000000,00000000,00000000), ref: 05901795
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: FileType
                                                                • String ID:
                                                                • API String ID: 3081899298-0
                                                                • Opcode ID: 65f1f3c6db3668384f6678d12c5c173a02f30113ff130542dbb4e670afcd1885
                                                                • Instruction ID: f41d7debe08bf4041e1004eccfcacdd227d45ae1c0b6b6eebf992ae3db68551f
                                                                • Opcode Fuzzy Hash: 65f1f3c6db3668384f6678d12c5c173a02f30113ff130542dbb4e670afcd1885
                                                                • Instruction Fuzzy Hash: E301D671500704AFE710CB15DC85F7AFB9CEF44B20F1884AAEE459B281D7B4A404CAB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05900032, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0590007D
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: ExtentPoint32Text
                                                                • String ID:
                                                                • API String ID: 223599850-0
                                                                • Opcode ID: f5b283c0d5e74125782aa6f7659d71e9794e808c3c9ebe2f8fb73c65b1b80f13
                                                                • Instruction ID: fa4dadbfa9e9836ced90c60d5f6b7e730ae0def3194a89e0acdb2516c02ce362
                                                                • Opcode Fuzzy Hash: f5b283c0d5e74125782aa6f7659d71e9794e808c3c9ebe2f8fb73c65b1b80f13
                                                                • Instruction Fuzzy Hash: BD118271904200DFD720CF55D848B67FBE8FF04610F48C8AADD498B252E375E404CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DA42A, Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ResumeThread.KERNELBASE(?), ref: 016DA480
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 9fd1ba7295689997d72ffebb471f86273a7b4c93c7f324950269929b9ecb4078
                                                                • Instruction ID: b9415619ccce54def7c491603e813839cc9090a0e5aeea94a47cd2393699daa2
                                                                • Opcode Fuzzy Hash: 9fd1ba7295689997d72ffebb471f86273a7b4c93c7f324950269929b9ecb4078
                                                                • Instruction Fuzzy Hash: E5115275409384AFD7128B15DC44B62FFB4DF46624F0880DAED854B253D275A808CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DAEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 016DAF50
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 55f0949f9d868d1c249eef6ef3688aecff7af392921ea7d7470fa7e95679c70e
                                                                • Instruction ID: abd96c24256fc113ebd9d45b34aa818636b7019907ab7b2fbc0fa2f1d808e895
                                                                • Opcode Fuzzy Hash: 55f0949f9d868d1c249eef6ef3688aecff7af392921ea7d7470fa7e95679c70e
                                                                • Instruction Fuzzy Hash: A1118C72409784AFDB228F55DC44E56FFF4EF09220F0884DEE9854B662C375A418CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902596, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059025DC
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: e53c3f23cb04ad11a2f6008ac1af99cf68604c96c541bbe092269a3f3f7ba67f
                                                                • Instruction ID: 564847914976401378ddc2a34f40efb1484127e56fa525be3276b82df10fba83
                                                                • Opcode Fuzzy Hash: e53c3f23cb04ad11a2f6008ac1af99cf68604c96c541bbe092269a3f3f7ba67f
                                                                • Instruction Fuzzy Hash: 7D01AD39500600DFDB20CF16D888B66FBE9FF04620F0888AADE4A8B651D271E858DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059022E6, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNELBASE(?), ref: 05902320
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: e0ab94367f4199075f4ccd17983f777b517453524099e762dd6f69615ad0c71e
                                                                • Instruction ID: b24e9fe3688e39efa74b4ede5d1595062628d9c6e073fca787b7a6177f2e78e7
                                                                • Opcode Fuzzy Hash: e0ab94367f4199075f4ccd17983f777b517453524099e762dd6f69615ad0c71e
                                                                • Instruction Fuzzy Hash: 38017175904244DFDB10CF2AD889766FB98EF44A20F18D8BADD0ACF686D674E804CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DB736, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 016DB786
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: FileNameTemp
                                                                • String ID:
                                                                • API String ID: 745986568-0
                                                                • Opcode ID: 548ca48a816832e43fe446db4bd5577ef43a4e33bbfd8b504a349dd3de2ddc03
                                                                • Instruction ID: 29aad98ec750545cf65b6b5a30d1415bafe14614098cdbb205dd19324092f845
                                                                • Opcode Fuzzy Hash: 548ca48a816832e43fe446db4bd5577ef43a4e33bbfd8b504a349dd3de2ddc03
                                                                • Instruction Fuzzy Hash: 4D017172500200AFD710DF16DC85B26FBA8FB88A20F14856AED099B745E271B916CBE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DB2EA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 016DB335
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: LibraryLoadShim
                                                                • String ID:
                                                                • API String ID: 1475914169-0
                                                                • Opcode ID: c35542f43c8b9f7883f6f831846229f1a2e394578982eab2593df4d69e78caa2
                                                                • Instruction ID: 4b6e3e006c48e964b70f4bca2341f9564b7debb3fb8bc18ded6adba7f2a745cc
                                                                • Opcode Fuzzy Hash: c35542f43c8b9f7883f6f831846229f1a2e394578982eab2593df4d69e78caa2
                                                                • Instruction Fuzzy Hash: F6018071900640DFD720CE1ADC45B26FBE8EF05610F0980A9DE498B356D771E405DB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016DA666
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 77a9af5715869e72b9ce7ce050f3cea5bf8f6b9f2f1f50de09517e3c2aba7226
                                                                • Instruction ID: 48bed88513d04a3bfe8ae2d88ad6b223618025ba93301d9a40b33338e5f4f8f6
                                                                • Opcode Fuzzy Hash: 77a9af5715869e72b9ce7ce050f3cea5bf8f6b9f2f1f50de09517e3c2aba7226
                                                                • Instruction Fuzzy Hash: BD016D31804640DFDB228F95DD44B66FFE4EF48720F08C9AADE4A4B612D375A415DF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902436, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetThreadContext.KERNELBASE(?,?), ref: 05902473
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: ContextThread
                                                                • String ID:
                                                                • API String ID: 1591575202-0
                                                                • Opcode ID: e65616813b48fb4517916bdb341aca93d67878790cf7420cb3c145d04cf7df01
                                                                • Instruction ID: bb3894e9f82f4003c68a88e538ee5acf87dc1b0a5a197432f0853f8233948acc
                                                                • Opcode Fuzzy Hash: e65616813b48fb4517916bdb341aca93d67878790cf7420cb3c145d04cf7df01
                                                                • Instruction Fuzzy Hash: A7018839904644CFDB50CF16D888B66FBD8EF04720F08D4AADD458B696D275E848CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059024E2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05902520
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: 1838d106dab4362d3bc24de09554a32989afc0dd7c73ab1ffd5ec89076151229
                                                                • Instruction ID: ec03ef6cd2d0d10605b647f4accf208cb95471383e90d4ff452abb913fb391f9
                                                                • Opcode Fuzzy Hash: 1838d106dab4362d3bc24de09554a32989afc0dd7c73ab1ffd5ec89076151229
                                                                • Instruction Fuzzy Hash: B601B136504600DFDB218F16D848B66FBA5FF08720F08C8AEDE4A4B661D271E418CF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590082E, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 0590087E
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: 5ccaeebcd32152f6b69edacc86b9ce2b3c0000d0875147a4a22b7443f4e33332
                                                                • Instruction ID: 02ce9fadfff414ebae2adf656935e70f9d1b27e86fd547e0e7f3ab7b00a405b7
                                                                • Opcode Fuzzy Hash: 5ccaeebcd32152f6b69edacc86b9ce2b3c0000d0875147a4a22b7443f4e33332
                                                                • Instruction Fuzzy Hash: AC016D72500601ABD210DF16DC86B26FBA8FB88B20F14816AED095B745E371F916CBE6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0590057A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE ref: 059005AC
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: ChangeCloseFindNotification
                                                                • String ID:
                                                                • API String ID: 2591292051-0
                                                                • Opcode ID: e5a353f131d97f784cd89d493fc02a1516e0b9995a9347cc92bdb834e6181564
                                                                • Instruction ID: b2f6aab045995c270701741ce1cf2e86bd81722265e6ab2050661d5a2cfe499c
                                                                • Opcode Fuzzy Hash: e5a353f131d97f784cd89d493fc02a1516e0b9995a9347cc92bdb834e6181564
                                                                • Instruction Fuzzy Hash: 6F01A271904640DFDB11CF1AD888B6AFFA8EF44620F58C8AADD4A8F652D674E804CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 016DA346
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 29739407fe725028e2484b947607f1eb803700639a5a33c0b5b1627e05c5a79a
                                                                • Instruction ID: 47d5170559a8911a3860b83a1b87d8d10f8d99e1e47c3cd72684b45d33664275
                                                                • Opcode Fuzzy Hash: 29739407fe725028e2484b947607f1eb803700639a5a33c0b5b1627e05c5a79a
                                                                • Instruction Fuzzy Hash: A101AD72500200ABD210DF16DC82B26FBA8FB88A20F14816AED084B741E371F916CBE6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05902D76, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,?,?,?), ref: 05902DB1
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: 80256844bce91b6f5a6074c0a84f0106e0ce7dda19ec7d9c541cfaa98cd1156b
                                                                • Instruction ID: e04abebe6837b213a68a932208583870f6d4e4ad7d8170d7d88d0d65791fcf3d
                                                                • Opcode Fuzzy Hash: 80256844bce91b6f5a6074c0a84f0106e0ce7dda19ec7d9c541cfaa98cd1156b
                                                                • Instruction Fuzzy Hash: 8B01B135504600CFDB218F16D888B66FBA4FF04320F08C4AEDD464B652D271E859CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DAF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 016DAF50
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: e818fd13570382bd345e18dd6752549d2a0ad147d2a5c917a0baa2f65ea86321
                                                                • Instruction ID: 3793c425586587c746c239dc86b6541c367b509a778dd8d0b81267a29c9528a3
                                                                • Opcode Fuzzy Hash: e818fd13570382bd345e18dd6752549d2a0ad147d2a5c917a0baa2f65ea86321
                                                                • Instruction Fuzzy Hash: 46018F71804600DFDB218F4ADC44B66FFA0EF08720F08C4DADE4A0B662D375A419CFA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 059029EE, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,?,?,?), ref: 05902A29
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.257539976.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: 241ed76e0d916286810e5a8c656766d3dcf9f3e327240beabb58fc34922373e1
                                                                • Instruction ID: ed1f653bece07bd94caf781fb0a298a5da4542e43d5991f7d031cd0779fd65bc
                                                                • Opcode Fuzzy Hash: 241ed76e0d916286810e5a8c656766d3dcf9f3e327240beabb58fc34922373e1
                                                                • Instruction Fuzzy Hash: 14018F35800604DFDB31CF06D848B26FBA4FF08720F08D89ADE4A4B696D675A418CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DA44E, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ResumeThread.KERNELBASE(?), ref: 016DA480
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250889632.00000000016DA000.00000040.00000001.sdmp, Offset: 016DA000, based on PE: false
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 924aa352af68385098a9861e8bd40ba53a5bcebe024d1dfa7f9ac6e5c06688da
                                                                • Instruction ID: 1e19429e1a5c62d9f25fbd9427e35b0b3a77001889422d25e20ee14a6bebdab7
                                                                • Opcode Fuzzy Hash: 924aa352af68385098a9861e8bd40ba53a5bcebe024d1dfa7f9ac6e5c06688da
                                                                • Instruction Fuzzy Hash: 22F0A435C09644CFD711CF5ADC88766FBA4EF04724F08C0AADD494B316D379A405CEA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05690BC0, Relevance: 1.5, Instructions: 1522COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9eb3413b11f7df306d0273b5700ba44031d452c6ca0b78f4b46ddf7cabb64c5d
                                                                • Instruction ID: 42f20623771d7e17eda5c382e07b5f40b987ba5748692aaacf0a13e3493e5a6c
                                                                • Opcode Fuzzy Hash: 9eb3413b11f7df306d0273b5700ba44031d452c6ca0b78f4b46ddf7cabb64c5d
                                                                • Instruction Fuzzy Hash: 1AF2B034A01219DFDB25DB64C988FA9B7B2BF4A300F5141E9E50DAB361CB31AE85CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05690BD0, Relevance: 1.5, Instructions: 1517COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6637411b9c6b6b803e5b1235dee03539e397ba81c2320cba8b0db280f3194955
                                                                • Instruction ID: 9168745a53f6069499deeda743ebbd406577012ef14cc47c44957dd126b5217a
                                                                • Opcode Fuzzy Hash: 6637411b9c6b6b803e5b1235dee03539e397ba81c2320cba8b0db280f3194955
                                                                • Instruction Fuzzy Hash: 58F2B034A01219DFDB25DB64C988FA9B7B2BF4A300F5541E9E50DAB361CB31AE85CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450E10, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: :@1r
                                                                • API String ID: 0-3055443387
                                                                • Opcode ID: 74da46729ce926d89056a9b80acb99a74f8c32e2aa04803fd3ecca0d795e5007
                                                                • Instruction ID: a610bd66ee23744efc6ff9fa96bda32c787671c8d898d64b2ae4781f9caa54bc
                                                                • Opcode Fuzzy Hash: 74da46729ce926d89056a9b80acb99a74f8c32e2aa04803fd3ecca0d795e5007
                                                                • Instruction Fuzzy Hash: 7C61CF74E012099FCB59DFA4C9546AEBBF6FF89300F20916AD806AB358DB345A42CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05697F68, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ^r
                                                                • API String ID: 0-2107450400
                                                                • Opcode ID: 143b3fa95ea3ecedf268cb5c07450ec2118639a9fb0f7e2248621b412b99deea
                                                                • Instruction ID: 3dfaac63bc2361d091122d7f13b78d402c2062c1f343b5ca5fbe07fab2377558
                                                                • Opcode Fuzzy Hash: 143b3fa95ea3ecedf268cb5c07450ec2118639a9fb0f7e2248621b412b99deea
                                                                • Instruction Fuzzy Hash: AA61E2B4D15209DFCF08CFA8C985AAEBBB6FF49310F248559D805AB704D734AA91CF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569965C, Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (!
                                                                • API String ID: 0-2090601011
                                                                • Opcode ID: d7ac6b6a3f6fc9b056747da0070724020ca040470aa839f29905e61bc82d51a7
                                                                • Instruction ID: 5eb6a7571d3d085984a9d32c2d63b0547e094fcebb4adafbee20efdf8f5937c9
                                                                • Opcode Fuzzy Hash: d7ac6b6a3f6fc9b056747da0070724020ca040470aa839f29905e61bc82d51a7
                                                                • Instruction Fuzzy Hash: 40715670A01349CFDB08CFA4E989A9CBBF9FB45314F24A56AE005DF265DB309949CF10
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450E20, Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: :@1r
                                                                • API String ID: 0-3055443387
                                                                • Opcode ID: f0b55a94d4e0b8bc118be32e1502ef8ebd1f780d9500eec6bb81822851737e3d
                                                                • Instruction ID: 4c0cd39b0433be703939580d44949f4d14b1a7226bbf1743aaa317d8f9f616aa
                                                                • Opcode Fuzzy Hash: f0b55a94d4e0b8bc118be32e1502ef8ebd1f780d9500eec6bb81822851737e3d
                                                                • Instruction Fuzzy Hash: EE619174E01209DFCB58DFA4D9546AEBBF6FF89300F20912AD806AB358DB345A51CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 056996F8, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (!
                                                                • API String ID: 0-2090601011
                                                                • Opcode ID: eff30c12e2428a746e56b60e95fbd36bb3fe4bc6656dd3a6943b5c74e404e77c
                                                                • Instruction ID: c820708fc406a3ffc46c3923eca81053a28873082f1744a6479086df8e775ed6
                                                                • Opcode Fuzzy Hash: eff30c12e2428a746e56b60e95fbd36bb3fe4bc6656dd3a6943b5c74e404e77c
                                                                • Instruction Fuzzy Hash: 0A516674A01348DFDB54DFA8E984AACBBF9FF48305F2491A9D4099B618DB349D81CF01
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05699762, Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (!
                                                                • API String ID: 0-2090601011
                                                                • Opcode ID: 5bc89aa67c20e195579698dd5b13bbf132f0b805799ed961e90cf207317c0653
                                                                • Instruction ID: 37c244904df3897f37ff7943337bf387697a58b940cd236857d82be8a89f3d7c
                                                                • Opcode Fuzzy Hash: 5bc89aa67c20e195579698dd5b13bbf132f0b805799ed961e90cf207317c0653
                                                                • Instruction Fuzzy Hash: 4A612374A01349CFCB54DFA8E9889ACBBF9FF48305F649569D40A9B258DB349D85CF00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07451079, Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ]j:*
                                                                • API String ID: 0-2742112570
                                                                • Opcode ID: 4d0fc0e80bd6cca53f5c0fd30d8aa8755388f24175e5f340ecd62735b763d7e6
                                                                • Instruction ID: 308c2a0662bcac2bd00bd0119eb565c5b7391ecae332872adaafc065114daabd
                                                                • Opcode Fuzzy Hash: 4d0fc0e80bd6cca53f5c0fd30d8aa8755388f24175e5f340ecd62735b763d7e6
                                                                • Instruction Fuzzy Hash: C32186B4D15289DFCF15DFA4C9816AEBFB0EF8A210F2095ABC805AB206D2348A41CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 056900C8, Relevance: .6, Instructions: 602COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e6659dddc41d2cff7106430a8cdca3ec30898b1369ff490fa84b36fe58d608c
                                                                • Instruction ID: 01c65a71fbfeddda943b130d84b3dad93bb8dd09f779c72ba70e030d3988f956
                                                                • Opcode Fuzzy Hash: 8e6659dddc41d2cff7106430a8cdca3ec30898b1369ff490fa84b36fe58d608c
                                                                • Instruction Fuzzy Hash: 8052A738A012298FDB64DF68C990BDAB7B6BF89300F1081E9D54DAB355CB719E81CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 056900B8, Relevance: .6, Instructions: 566COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6083b15d84159e857176251248b0644854e20a93e743bfcaade87dde380519fc
                                                                • Instruction ID: 7efb0907abff4811f569002844c5e7d1d8ff42c91e62f46b0e8b6e74363e7799
                                                                • Opcode Fuzzy Hash: 6083b15d84159e857176251248b0644854e20a93e743bfcaade87dde380519fc
                                                                • Instruction Fuzzy Hash: 0F42B838A012298FDB64DF68C950BDAB7B6BF8A300F1081E9D549AB355CB719E81CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05693920, Relevance: .2, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa3182fb28cf43d5299c62ee724785b62889a7a2a0c2d80997c6d016575845e2
                                                                • Instruction ID: 5c16d89b73d28a55b579199a733aaa0cf0b1788f297001c555eb619c3c26036b
                                                                • Opcode Fuzzy Hash: fa3182fb28cf43d5299c62ee724785b62889a7a2a0c2d80997c6d016575845e2
                                                                • Instruction Fuzzy Hash: C2810231E00228DFDF19CFA5C941BEEBBB6BF46314F1084A9D508AB260DB716A85CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05693D98, Relevance: .2, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83916a661b8f508d34580b600619cf4328d6ef70479b46df6932c070da5da599
                                                                • Instruction ID: 6faed9b960d355b29a3778d9ff1402a74489d55800304d82c874addcbb5b32bb
                                                                • Opcode Fuzzy Hash: 83916a661b8f508d34580b600619cf4328d6ef70479b46df6932c070da5da599
                                                                • Instruction Fuzzy Hash: 61513B74E002199BDF18DFA9D850BAEBBB6BFC9600F24842AE505BB354DB315D02CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074519D8, Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 25d351d0cc92cf77c1114e79e678380f42b61f4779f9f83fa620f22c96736b14
                                                                • Instruction ID: 6e34a377ef74ead0e379f7bd7e9ca2c5445dd3a2545ac97ca6c2d23431ee790b
                                                                • Opcode Fuzzy Hash: 25d351d0cc92cf77c1114e79e678380f42b61f4779f9f83fa620f22c96736b14
                                                                • Instruction Fuzzy Hash: 4D4133B0D1A20CDFCB15CFA6E584BEEBFF1AB4A350F10942AE405B6256E7744586CF14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05697DE2, Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fed8602bbc0c6ece31f3797dd03be232b631429d03b31218ea8351dbaede79d8
                                                                • Instruction ID: 95ad9058b2f4b76dcb258fb8f078f899aa1a7af71684a9a083efa819d9fe4d86
                                                                • Opcode Fuzzy Hash: fed8602bbc0c6ece31f3797dd03be232b631429d03b31218ea8351dbaede79d8
                                                                • Instruction Fuzzy Hash: 7941B2B4D11209EFCF08CFA8D985AAEBBB6FF49310F248159D905A7714D730AA91CF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05697DF0, Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb49afa6427e2541dc5a3985d88199b26dfa7ea59149d992c88001a11c5e6932
                                                                • Instruction ID: 7f17c7e3bdc9c829b4e84aad765e1e04b5517ac5a576166d1092532e278ccfa8
                                                                • Opcode Fuzzy Hash: eb49afa6427e2541dc5a3985d88199b26dfa7ea59149d992c88001a11c5e6932
                                                                • Instruction Fuzzy Hash: 7341C0B4D11209EFCF08CFA8D985AAEBBB6FF49310F209159D905A7314D730AA91CF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C240, Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8db88a8c5cc8df5d539847fff725e57bfb0cd7adffb9ace9964c2417ef52a5f0
                                                                • Instruction ID: e85bd2fbc8a377329c5c7e5a565e8e388cf2a4721cc4bbab3c47cc5d47a39b78
                                                                • Opcode Fuzzy Hash: 8db88a8c5cc8df5d539847fff725e57bfb0cd7adffb9ace9964c2417ef52a5f0
                                                                • Instruction Fuzzy Hash: 4741C274A052288FDBA8DF25CD4879ABBF6BF89304F1091EA844DA7354DB304E81CF00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05693578, Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 779ab7ea038f222efbe14f77137cfbbf2f32268eb85f39a08e00bd09ef5b9146
                                                                • Instruction ID: d9678c6d1c860a75182a88ac5d32d96894f103a48a58c4d5cc188296c8f5dd02
                                                                • Opcode Fuzzy Hash: 779ab7ea038f222efbe14f77137cfbbf2f32268eb85f39a08e00bd09ef5b9146
                                                                • Instruction Fuzzy Hash: 5A414AB4E01218DFCF48CFAAD584AADBBF6AF48314F60946AE414B7350E7746A81CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569CDDE, Relevance: .1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7cc8e0258a933a2b3d4082ffbe8f78949032004e430c0cbacf679c183e423b9e
                                                                • Instruction ID: ffe55350ac34dd241d48b497a6f45ca512c77db5eb6f6f130cacae79cc45f170
                                                                • Opcode Fuzzy Hash: 7cc8e0258a933a2b3d4082ffbe8f78949032004e430c0cbacf679c183e423b9e
                                                                • Instruction Fuzzy Hash: 4B3112B4E05228CFDF64CF24C8497EDBBB6BB49300F1091EA800EAB251DB704A91CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569A6A8, Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f72fc2af866970d72310fb0791daca43cb2a04487dc05e2d74cee91e2b69228
                                                                • Instruction ID: ae58d5dde5bcb32f2c1f6cb7613f65ee9cfe82827f375320fd346622827d1541
                                                                • Opcode Fuzzy Hash: 8f72fc2af866970d72310fb0791daca43cb2a04487dc05e2d74cee91e2b69228
                                                                • Instruction Fuzzy Hash: 89311679D042099FCF08CFA8D98669EFBF6FF88204F14959AD411AB354D7359A41CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05695520, Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2d6d5999836abc764250703da623c1d5814dfba2e10ea74e907e8f80507ef8f7
                                                                • Instruction ID: f0e9d17a7fa8e8e7b14dccffc2ee810b9f1be3bafe38f6e384ee0bcce9454044
                                                                • Opcode Fuzzy Hash: 2d6d5999836abc764250703da623c1d5814dfba2e10ea74e907e8f80507ef8f7
                                                                • Instruction Fuzzy Hash: 742107B0D04209DFCB08CF99C885AAEBBF6FF98300F148499D516AB315D3309A41CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05695421, Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a63f0c18606a87ad23942eeed0227bb2f81d0f4f8f7bd56e76d771f3d2091a51
                                                                • Instruction ID: 11887f49f06c8399c5eba78188c985d923c0495ff13ecc77f5c46b20c5c0d10d
                                                                • Opcode Fuzzy Hash: a63f0c18606a87ad23942eeed0227bb2f81d0f4f8f7bd56e76d771f3d2091a51
                                                                • Instruction Fuzzy Hash: B631F7B4D04209DFCB44CF9AC580AAEBBF6FF88301F5095AAD816AB714D734AA41CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C230, Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0e86fff6602a1fa21b62f312171e22d35abe4a1eeff86058ba14a96489de5a45
                                                                • Instruction ID: 887f7d5cbc03a8f992869eca06a2e9ca041cb773231aeff253a448f1c9595bf4
                                                                • Opcode Fuzzy Hash: 0e86fff6602a1fa21b62f312171e22d35abe4a1eeff86058ba14a96489de5a45
                                                                • Instruction Fuzzy Hash: 9831E374E012288FDBA8DF25CC4979ABBF2AF89304F14C1EA944DA7354EA304E85CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05696F10, Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eea0c4fcd895e5ded7ae1b1f5093c541d5024030ff32b778b916b03c995079cc
                                                                • Instruction ID: e9e4254bcdcfe4d6efbcc0896aa20d7bdd6e332a913af12813f882594b72e7af
                                                                • Opcode Fuzzy Hash: eea0c4fcd895e5ded7ae1b1f5093c541d5024030ff32b778b916b03c995079cc
                                                                • Instruction Fuzzy Hash: 77214870E15209EBCB08CFA5D9409AEBBB6FF85380F24D4AAD41AAB354D3309A41DF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05695430, Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93fd671a44ef144ba286f3545f0c447dc8788d78564fefff351668c216008472
                                                                • Instruction ID: 6d286fe96f17c9295a6e20709cb783745843e4766ad6768f88623ea73848b294
                                                                • Opcode Fuzzy Hash: 93fd671a44ef144ba286f3545f0c447dc8788d78564fefff351668c216008472
                                                                • Instruction Fuzzy Hash: 8121F7B4D04209DFCB48CF9AC580AAEBBF6FF48301F50956AD81AAB714D734AA41CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 031B1C60, Relevance: .1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.251122474.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8623969fbda04eef9d9406f04dadce3c075e3a1a4a974f86eaa4925be337135a
                                                                • Instruction ID: 6bb1dfd687208cac79319af6bde75740f7316dc3fbda03873c2f4158f060f40c
                                                                • Opcode Fuzzy Hash: 8623969fbda04eef9d9406f04dadce3c075e3a1a4a974f86eaa4925be337135a
                                                                • Instruction Fuzzy Hash: 3511BAB5908301AFD350CF19D880A5BFBE4FB88664F14896EF999D7311D235EA048FA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B075C, Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c8c0799eaa3a4a24c299bb065651a30763dc59081b4969721ea7fe5648d4b80b
                                                                • Instruction ID: a51ec0fedd835289a3e36933076b3c8b3ade2bbbe8761ad34267f9349debe378
                                                                • Opcode Fuzzy Hash: c8c0799eaa3a4a24c299bb065651a30763dc59081b4969721ea7fe5648d4b80b
                                                                • Instruction Fuzzy Hash: EA119D34204244DFD7168B24C984B76FFA5AB88B08F28C9ACF9490B753C77B9883CB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05690006, Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c11ef0476ef28c2ad37e1b5dc5b5aae2dd79cee839332c726da906f1cec2b248
                                                                • Instruction ID: 9147ef291e832524c1593c2d96fd2887bf1c656b68ce69f665b465ea333ca027
                                                                • Opcode Fuzzy Hash: c11ef0476ef28c2ad37e1b5dc5b5aae2dd79cee839332c726da906f1cec2b248
                                                                • Instruction Fuzzy Hash: E611E56140E3815FD707CB70DC25B667FB89F43724F0A21DBD4809B5E3D6A95A04C726
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569A6F8, Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 64b52333d182d2b2e90c5531076bb73055daa6f8df88d2c10be8d6913e9dedd4
                                                                • Instruction ID: 9d4ac375c969862539b656f42dfb605f80b56dd40b15edb2a913a18eece565f2
                                                                • Opcode Fuzzy Hash: 64b52333d182d2b2e90c5531076bb73055daa6f8df88d2c10be8d6913e9dedd4
                                                                • Instruction Fuzzy Hash: D021D3B8D04209EBCF48CFA9D9855AEFBF6FF88200F10956AD815AB344D7359A41CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B072F, Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c71661cd4a76ee5848adf5bdc4f23c9d7adea1c80dc7a8dbee013006d9cc949f
                                                                • Instruction ID: 928fc0b6609427d03b556066bd92ca5d6f7616ee6cb09481b6a38e24ec89c951
                                                                • Opcode Fuzzy Hash: c71661cd4a76ee5848adf5bdc4f23c9d7adea1c80dc7a8dbee013006d9cc949f
                                                                • Instruction Fuzzy Hash: 16216F3510D3C09FC7078B24C890B65BFB1AB46208F1985EEE4844B6A3C33A8846DF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B0710, Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ecaa635242ab84e22f5b49203d8c5f84f6c6a20d7e7a7652f02b0a9e5dd0ec5c
                                                                • Instruction ID: 29d819a6729fd7c44b8b375c2a3bef09ad7325fc1da718a4ac952cf64149ed60
                                                                • Opcode Fuzzy Hash: ecaa635242ab84e22f5b49203d8c5f84f6c6a20d7e7a7652f02b0a9e5dd0ec5c
                                                                • Instruction Fuzzy Hash: 3421303550D3C49FC717CB24C894B65BFB1AF46218F1985EEE4858B6A3D33A8847CB52
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07453421, Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8b6adffa7ecabb0e0a8b6e3d7eccd53c7369090530b1fb47ce7b56cfe548c19a
                                                                • Instruction ID: f4dcf8b72f88373fa2ae84190a6b399b130d87eb85c861f471347e7106db03c1
                                                                • Opcode Fuzzy Hash: 8b6adffa7ecabb0e0a8b6e3d7eccd53c7369090530b1fb47ce7b56cfe548c19a
                                                                • Instruction Fuzzy Hash: 941191B4E41209EFCB44DFB9DD545EEBBF2FB8A210F10846AC406A7355DB345A40CB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EADBC, Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250909886.00000000016E2000.00000040.00000001.sdmp, Offset: 016E2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aa3d05bd9e4112a416cd77bd89fd73aec151032aa670eda965faa977eabd7b1f
                                                                • Instruction ID: 94c2ea584312d095f8114067a33fac2ad6959126e8913dadeaab99675c480406
                                                                • Opcode Fuzzy Hash: aa3d05bd9e4112a416cd77bd89fd73aec151032aa670eda965faa977eabd7b1f
                                                                • Instruction Fuzzy Hash: 5111ECB5908301AFD350CF09DC40A5BFBE8EB88660F14892EFD9997311D271E9048BA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07453430, Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3fc0ce823217690a2806e720c2a15f6fbe900df4f748fe1843ad426fdc6d92f
                                                                • Instruction ID: 68ad6c5e0e88a32412b40457f6ccdf38f2366b4d543f1d676ce2a989780e7da3
                                                                • Opcode Fuzzy Hash: e3fc0ce823217690a2806e720c2a15f6fbe900df4f748fe1843ad426fdc6d92f
                                                                • Instruction Fuzzy Hash: 4211A1B4E41209EFCB04DFA9DD545AEB7F6FB8A640F10846AC406A7345DB349A50CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B05CF, Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0fb5bb8b2f5259e33d7522735b258f3b9b0622fb6609c96d2a84c7ef2c39c804
                                                                • Instruction ID: 05757f8fd3b04229e187b748a980114f5a147ee62ffe4d57b6be6caf1123663c
                                                                • Opcode Fuzzy Hash: 0fb5bb8b2f5259e33d7522735b258f3b9b0622fb6609c96d2a84c7ef2c39c804
                                                                • Instruction Fuzzy Hash: 0001D8B6409780AFD722CF1ADC44862FFB8EB86620709819FED498B652D235A804CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05699932, Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97f50cc29832ffcaa57eb2fa307f02f19680e04dd9092c245059c5a227e1b58d
                                                                • Instruction ID: f4a5d94f3aff5b0738d7be968c3cc53304c1c79d5a2bd00ea043e2d693bae845
                                                                • Opcode Fuzzy Hash: 97f50cc29832ffcaa57eb2fa307f02f19680e04dd9092c245059c5a227e1b58d
                                                                • Instruction Fuzzy Hash: 8F115A70A0124ACFCB18DFA4E8446AEBBFAFF44305F248559D00A9B348E7749D41CF55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569CBB6, Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 199bba0b1b46c386091d6354a73bc235d1fcc74110269d481206cb50a5a1816f
                                                                • Instruction ID: 13bd18d6ef4b1ded3508e0fe5b1420e1e4d2bb1633bb309be5dd7de6f04fdd47
                                                                • Opcode Fuzzy Hash: 199bba0b1b46c386091d6354a73bc235d1fcc74110269d481206cb50a5a1816f
                                                                • Instruction Fuzzy Hash: EF219074908628CFDB64DF24CC483DABBB1BF8A301F1082E9944AAA744DB351ED5CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05697008, Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: baa5232560086c01720b316fd892ed26c6231207dace671145d35b47feb54812
                                                                • Instruction ID: 7127bd22af723b90ebb5c0c098851edab862f51fcccb9b32e17cf2052dc23ce1
                                                                • Opcode Fuzzy Hash: baa5232560086c01720b316fd892ed26c6231207dace671145d35b47feb54812
                                                                • Instruction Fuzzy Hash: 6601E879E002089FDB44DFA8C944B9DBFF2EF88210F15C0A9DA089B361D6319A51CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C0F3, Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 07be11d6553d8653b2f9a06a746e8a91fdd20b886176feaca33add3e626c26d9
                                                                • Instruction ID: 5de74713a5b520d1eae7385959302305f2dfe81c1e59ebe30906866f21eac518
                                                                • Opcode Fuzzy Hash: 07be11d6553d8653b2f9a06a746e8a91fdd20b886176feaca33add3e626c26d9
                                                                • Instruction Fuzzy Hash: E4012F74E06208EFDB08CFA8E9909ECBBB6FB88200F10A42AE115B6204D6319D158F58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569D267, Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59fb96094c3b69e72401b936660b328715db6806cd4271aa0a9ede740acd9d9d
                                                                • Instruction ID: 25982e2afbec25dbee62f2ce40713142e20d519e40e032776058071b0cbc9bb9
                                                                • Opcode Fuzzy Hash: 59fb96094c3b69e72401b936660b328715db6806cd4271aa0a9ede740acd9d9d
                                                                • Instruction Fuzzy Hash: 7811B0B4D9126D8FCF64DF24CC8C2DDBBB1AF59304F1086DA9509AA354CA300E82CF98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569D025, Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 354413014860666ace9f80dd7b29000b694da8978dcf56ff67d916f70378db8a
                                                                • Instruction ID: 8f0dd02a1f81b2ac6d5a57eb2723efb3023ba812619e184b54be5379b3041bba
                                                                • Opcode Fuzzy Hash: 354413014860666ace9f80dd7b29000b694da8978dcf56ff67d916f70378db8a
                                                                • Instruction Fuzzy Hash: 6E11BD749042289FCB64DF24D8583E9BBB5AF49304F5092EA990EA7354DB305E91CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C8B8, Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc899f75e34d282c45da9729f9eb251f54e148ef66c5225c3e987a124ce48e11
                                                                • Instruction ID: 9d8f2c5d6997cb02d882eeb07ee7332a6ae75fe5aac69fda915b939dbef2a8b8
                                                                • Opcode Fuzzy Hash: cc899f75e34d282c45da9729f9eb251f54e148ef66c5225c3e987a124ce48e11
                                                                • Instruction Fuzzy Hash: 7D11B37094222A9FCB64EF64ED4C6ADBBF2BF48240F1042E99449AB650CB304E92CF04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569CC9B, Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b1ea964b41c7fae8871117895f80e4e6d4c3b6dafa2c7c83ead7714b12bca44
                                                                • Instruction ID: 496bdb20d001f0f7676d89ba99b00e34d4c2aeb9e45648528605028c9db512ef
                                                                • Opcode Fuzzy Hash: 2b1ea964b41c7fae8871117895f80e4e6d4c3b6dafa2c7c83ead7714b12bca44
                                                                • Instruction Fuzzy Hash: 6811B074A15228CFDF69DF24D949399BBBABF48301F1052DA950EAA344DB305E92CF01
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569CE97, Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd4fc6792c211cb6a78c0fd358f0522c732efeed85a8cdd051425ed500e444fd
                                                                • Instruction ID: e6794ec339bd7dc7cc9ae6816d2fd76d5e9911f18f5c8b27498707b364b9ba5d
                                                                • Opcode Fuzzy Hash: dd4fc6792c211cb6a78c0fd358f0522c732efeed85a8cdd051425ed500e444fd
                                                                • Instruction Fuzzy Hash: BF11A4B49022288FDB25EF64D96879DBBF6BF48300F1092D99809AB356D7305F91CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BAC5, Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c488ea270be948b96ba6952dc38a11b4d7c98eda336128fcf409fc7939c5079
                                                                • Instruction ID: 5c766503b3a4c6da9406a7c4b1a216f06e410d9e7796a69c9358d9aec06bea8e
                                                                • Opcode Fuzzy Hash: 9c488ea270be948b96ba6952dc38a11b4d7c98eda336128fcf409fc7939c5079
                                                                • Instruction Fuzzy Hash: DC118D78E152288FCB60CF64DD84799BBB5BF4A200F1051DAD94DAB316EA305E918F11
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C3B3, Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cbe6a9a4d3947b3e289fc6da287d21cd0b694be5c09a5a3f423ce9c175246d57
                                                                • Instruction ID: 422aaeb195b4f956bcca09db4c8be1fabc4efd0228dcbceb6773e5fc6b386987
                                                                • Opcode Fuzzy Hash: cbe6a9a4d3947b3e289fc6da287d21cd0b694be5c09a5a3f423ce9c175246d57
                                                                • Instruction Fuzzy Hash: A801D774A102288FDB24DF20DD557D9B7B2BB49300F4081D6964DA6254CB344E91CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C6B6, Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9dfb55e553fe95a8ab9e4db1ad09ca5dbcf1e36e6a29f466023cbde092b5fa71
                                                                • Instruction ID: 9fd3f9e0b66212cd03d908e4df072a91118930c040f94fa1d1ee09101a73dce9
                                                                • Opcode Fuzzy Hash: 9dfb55e553fe95a8ab9e4db1ad09ca5dbcf1e36e6a29f466023cbde092b5fa71
                                                                • Instruction Fuzzy Hash: D011B37491522CCFDB64DF20D8883E9BBB9FB08300F2051DAE509AA294D7340F82CF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05697018, Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ee4cc0266b6c3677e46e005773401a6d06e50707b4884ca8201827cdca8c036
                                                                • Instruction ID: 336021da812d250501a55f1f9a391050e943e54863dc357b222e6aa00bf0880c
                                                                • Opcode Fuzzy Hash: 7ee4cc0266b6c3677e46e005773401a6d06e50707b4884ca8201827cdca8c036
                                                                • Instruction Fuzzy Hash: C2F07979A00208AFDB44DFA9C948A5DBBF6EF88201F15C1D9DA089B365D631D951CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0745276F, Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59058bce4d42f9d7063323c766e8c257cc161e3f65cc768b8ba3daea02bd076b
                                                                • Instruction ID: 080ab7c5eb127d17781e586ec6205c7866d949de3f125757ae26b22e96bdacfc
                                                                • Opcode Fuzzy Hash: 59058bce4d42f9d7063323c766e8c257cc161e3f65cc768b8ba3daea02bd076b
                                                                • Instruction Fuzzy Hash: 1901E2B081122C8FDB64DF64CC847DDBBB4BB49300F1081EA8A29A7255E7701F85CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0745077B, Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f993d70cd8315ededf8ef638bd29b902fa4ffe7f011e5f3208e27fba878ad4e
                                                                • Instruction ID: 7a064137642dc3e2f3e7e6304af16b4eb247e83eb91b12bf57dcf71a5b407fe9
                                                                • Opcode Fuzzy Hash: 0f993d70cd8315ededf8ef638bd29b902fa4ffe7f011e5f3208e27fba878ad4e
                                                                • Instruction Fuzzy Hash: 210160B480222ACFDB64DFA4DD94BADBBB1BB55300F1046EAC019BB291D7301A85CF64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569EC1E, Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f412937ca5a6c4e48a9bb255b10a261d992e46b56ff1ec82c08350f49e17c1b
                                                                • Instruction ID: 4a84a60bb5b2e30d737818fad0be4107a2fdd3deea5f741336d6a21f6b38e0c0
                                                                • Opcode Fuzzy Hash: 8f412937ca5a6c4e48a9bb255b10a261d992e46b56ff1ec82c08350f49e17c1b
                                                                • Instruction Fuzzy Hash: 7FF044B1C04248AFCB46DFA8C9417ADBFF4AF06300F0481AAD804DB252D7365A94DB81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B0818, Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 25fd2b16779b1854695fb5743cded0297375a8572f452f2d1e0822a2e9fa09c9
                                                                • Instruction ID: 832e56742c95fb9d087b2f6665e51715fde6a0194b22e766704d2af691f7b560
                                                                • Opcode Fuzzy Hash: 25fd2b16779b1854695fb5743cded0297375a8572f452f2d1e0822a2e9fa09c9
                                                                • Instruction Fuzzy Hash: C8F0FB35108644DFC606CB44D980B66FBA6EB89718F24C6A9E9490B752C7379813DF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B05AD, Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 958a50366eda7c7fef7dacc887e8db13a24d2e0bc9c628e623327f0b29f24ded
                                                                • Instruction ID: 8b6720f61879d257e7900f2867b7845a48680eced4f60b0dd242032f29fd56d1
                                                                • Opcode Fuzzy Hash: 958a50366eda7c7fef7dacc887e8db13a24d2e0bc9c628e623327f0b29f24ded
                                                                • Instruction Fuzzy Hash: 4BF03076A496408FDB61CF1AEC95095FBA0EB91230B1CC4BFD84A8B711D635A509CFA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450A99, Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 206ce99514d7b630bd7657bcd2caa74c688007d0fef16df41675b9004400ee39
                                                                • Instruction ID: c23f582d0845ce6d5007234ca65c6d45f56ed187face521d3bcd7d059f3f4e3d
                                                                • Opcode Fuzzy Hash: 206ce99514d7b630bd7657bcd2caa74c688007d0fef16df41675b9004400ee39
                                                                • Instruction Fuzzy Hash: 2A013CB4E01319CECF24CF34D8547DEBAB1AF86300F1085EAC589A7250DB344A81CF45
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569D110, Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 41167ece2822acf11b78b2a49c9262e4d89d6adc47c04e95b94d20c8fa9af036
                                                                • Instruction ID: 698fa1b719a8bcf0f06b79fa975f9db7efa1eabebaf2756d59b891b7b11dc25e
                                                                • Opcode Fuzzy Hash: 41167ece2822acf11b78b2a49c9262e4d89d6adc47c04e95b94d20c8fa9af036
                                                                • Instruction Fuzzy Hash: 5C016C74A012288FCB65DF24DC587DABBF2AF89304F1082DAD90AA6344DB305E91CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05693FCF, Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 62ed6fe81a06b70fa3dd9ff2e3f312afdf814b55a7a528c8c078a6f2478316e3
                                                                • Instruction ID: eb449d4806b100e20fb834ddea6cbfb26334b6979fb32279f7e7a399f3ea353d
                                                                • Opcode Fuzzy Hash: 62ed6fe81a06b70fa3dd9ff2e3f312afdf814b55a7a528c8c078a6f2478316e3
                                                                • Instruction Fuzzy Hash: 09E09272504209EFDF28AB61EC097697BFCFB06212F101A25E40AD3740D63104E1CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C9C4, Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ac237575c22258f7869af0662b11700fd7fa24e1b26e636322295fdbed02944
                                                                • Instruction ID: a1fdeceda8760cde0579e2ffe1790f69d76d533b17f10f6ca1d980c6a5e652ab
                                                                • Opcode Fuzzy Hash: 0ac237575c22258f7869af0662b11700fd7fa24e1b26e636322295fdbed02944
                                                                • Instruction Fuzzy Hash: 1001DA74A156688FCF69DF24DC582A9BBF9BF49305F1492DA9419A6364DB304E81CF00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569C7B5, Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0530ca3d2c01faf9d71fd6c445630c6aa6ad230ba4bed0c24f43d80e87845be8
                                                                • Instruction ID: f974d31d058c5643d655d15a781274e813fba445970c505ee7bb90e1a8289857
                                                                • Opcode Fuzzy Hash: 0530ca3d2c01faf9d71fd6c445630c6aa6ad230ba4bed0c24f43d80e87845be8
                                                                • Instruction Fuzzy Hash: 0A018474A4522A8FCF64DF24DC586EDBAF1AF49308F1082EA841DA7355DA301E928F44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569CF89, Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 420456a36b049f04377b3c67e7c227eb93168b7f40ad2d2511bba340147378a8
                                                                • Instruction ID: eb93d6b726efee2bfeb6076f0bbc8ae37b1a012563f45597855d3aa310968e36
                                                                • Opcode Fuzzy Hash: 420456a36b049f04377b3c67e7c227eb93168b7f40ad2d2511bba340147378a8
                                                                • Instruction Fuzzy Hash: EE01D274A152288FCF65DF24CC9829EBBFABF48704F1052DAA90AA7344DA305F81CF04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07452A26, Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c71c28dcb816c43f2688bf3fb6a431926f27bc2d4b2c6f69b50fe82c845b52a
                                                                • Instruction ID: b7f37a1286aedd1545cc0647f1fc0b03a8376d790d856079241be2e6ed790ac7
                                                                • Opcode Fuzzy Hash: 7c71c28dcb816c43f2688bf3fb6a431926f27bc2d4b2c6f69b50fe82c845b52a
                                                                • Instruction Fuzzy Hash: 01F01771D503299EDB24CBA0CC41BDCB7B4AB08700F0040A6E609BA2D0DB70AA84CF04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074516B1, Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 938affcd9b910704c3ce4a346003ccd8d7c727594215966127dd0e72f661a37d
                                                                • Instruction ID: d34b2572a6e502e568f1a0d813de9f1f67a3478bbfd315b66950ae2dabbbec09
                                                                • Opcode Fuzzy Hash: 938affcd9b910704c3ce4a346003ccd8d7c727594215966127dd0e72f661a37d
                                                                • Instruction Fuzzy Hash: A3F08C71D11308DFCB50DF60D9057AD7BF4EB0A310F1482AAC804A7252E6355950DF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569CF7A, Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 016937f2a513b1c7af012634305ca2322eedcf3fba792db84a6873f0785e5485
                                                                • Instruction ID: 8881b7a24382138ce5066c7ff06acd464d3e7fb3f2e5451294d03843c5e37423
                                                                • Opcode Fuzzy Hash: 016937f2a513b1c7af012634305ca2322eedcf3fba792db84a6873f0785e5485
                                                                • Instruction Fuzzy Hash: C701B6749152288FCF65DF24CC9829DBBFABF48714F1052DA950AA7344EA305F81CF04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B05F6, Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3abf37bec10e67228b7e9f43ff4628b7e80f91f1ef5142e8ca52b656e359b57c
                                                                • Instruction ID: fb9639945d2b76c905dcb48843ff1c94b91a1ac6152a5f3be8e60d0bcaab46f3
                                                                • Opcode Fuzzy Hash: 3abf37bec10e67228b7e9f43ff4628b7e80f91f1ef5142e8ca52b656e359b57c
                                                                • Instruction Fuzzy Hash: 2AE092766046008FD650CF0BEC81456F7D8EB84630718C07FDC0E8B710D575B504CEA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074526E0, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 11970417b53798ace47288a270b3110ddfdf7d75d59d8e2e52d868aefa1af0e2
                                                                • Instruction ID: 2513c875684cddda08f6af312c9ba151c2bab4e661546c6910de54b13ad2109c
                                                                • Opcode Fuzzy Hash: 11970417b53798ace47288a270b3110ddfdf7d75d59d8e2e52d868aefa1af0e2
                                                                • Instruction Fuzzy Hash: 97018CB181222ACFDB25DF21C984BDDBBB1BB49300F4485DAD54967250C3715B95CF15
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EAE0B, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250909886.00000000016E2000.00000040.00000001.sdmp, Offset: 016E2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 92a0013f3f0fcfafd03545205b422286177233a61ddd077350e30f4c00cbc031
                                                                • Instruction ID: 8115e62191bb5f0fcb620872bd00dc7cc89d45864f3fdfd932f329eb31f64804
                                                                • Opcode Fuzzy Hash: 92a0013f3f0fcfafd03545205b422286177233a61ddd077350e30f4c00cbc031
                                                                • Instruction Fuzzy Hash: 8CE0D872940204ABD2108E0BDC41B63FB58EB50A31F14C56BEE095B302D5B5B5048AF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 031B1577, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.251122474.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3cf0fe9eac365b1dd4b2c6f48d464a0cf9e6409980222b6a94e92c6dd79d781e
                                                                • Instruction ID: 6dba3216fcffe526f5bf2db13e217ad55de5198859181973d5175ed8176b9126
                                                                • Opcode Fuzzy Hash: 3cf0fe9eac365b1dd4b2c6f48d464a0cf9e6409980222b6a94e92c6dd79d781e
                                                                • Instruction Fuzzy Hash: AEE0D872900600ABD210DE0BDC41B63FB98EB40A30F14C56BEE0A5B301D176B514CEE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 031B1CCB, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.251122474.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4de4e4f92ac40243bd5ceed372001dadd31a96b218cdd9455d57141211c28cf2
                                                                • Instruction ID: fa283f966baf5fba39e5f600e1b70a220615f0e135aa873a0fd1c272ae4dee46
                                                                • Opcode Fuzzy Hash: 4de4e4f92ac40243bd5ceed372001dadd31a96b218cdd9455d57141211c28cf2
                                                                • Instruction Fuzzy Hash: 29E0D8B2940200ABD2508E0BDC41B63FB98EB54A30F14C56BED095B301D575B5148AE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450DCF, Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b8292f4a96e1a43609983b39529266335fa8f1a3dfe892c7a5c3f8f9b304e61
                                                                • Instruction ID: e9d091ed6886f4dd986f74eff80558f1e5e0179afa27fe497cb7340c857c0a77
                                                                • Opcode Fuzzy Hash: 6b8292f4a96e1a43609983b39529266335fa8f1a3dfe892c7a5c3f8f9b304e61
                                                                • Instruction Fuzzy Hash: E1F03970C493889FCB55DFB4984169DBFF1EF46200F1881EBC84897266D2355659DF82
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074515F0, Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f4aa99a66f607a62cee3668a2530c477e0190b127f73fec25bea2fafac97187
                                                                • Instruction ID: db9a6f2be27f28bf83eef40040a7d4305c6b3c6aafa54412911d947a8558f1f2
                                                                • Opcode Fuzzy Hash: 0f4aa99a66f607a62cee3668a2530c477e0190b127f73fec25bea2fafac97187
                                                                • Instruction Fuzzy Hash: 11E03275C083889FCB11EFA8C84039DBFF0EF06600F0885EEC8888B252E6356964CF52
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05690070, Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a48d5487015adc8c64899064ae9b2af4b92d7169890a8d5cbd4238f9148545c6
                                                                • Instruction ID: 514bac29ff7759b33c584f51f77e2418304042b23add22f9ec311a286f6ea34e
                                                                • Opcode Fuzzy Hash: a48d5487015adc8c64899064ae9b2af4b92d7169890a8d5cbd4238f9148545c6
                                                                • Instruction Fuzzy Hash: EBE0CD70543205D7E708FBB4DD1477F73A9DF82E14F01395C880627241DE715E60D669
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B05BF, Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250855455.00000000016B0000.00000040.00000040.sdmp, Offset: 016B0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6d2b903df4acdc3e2da82a55d2a905cbc09e1484b148b09811a9a64610c08de
                                                                • Instruction ID: 1a12d2a982d1dc463a0d074c9918df4f2401c14ac82bea26409e3b0d03213e6a
                                                                • Opcode Fuzzy Hash: c6d2b903df4acdc3e2da82a55d2a905cbc09e1484b148b09811a9a64610c08de
                                                                • Instruction Fuzzy Hash: 79E02677B055408BEA10CA09FC820A5FB90DB80230B1884BFD80D86700D226B208CB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07452544, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91bd4c51d538f1faa0db09587179a192362e157c7e87e60dab063bb99c081a60
                                                                • Instruction ID: d6e0669dc43933655064cc764e755c15a8da3d0f4dfb2dc8f8115837d636fe39
                                                                • Opcode Fuzzy Hash: 91bd4c51d538f1faa0db09587179a192362e157c7e87e60dab063bb99c081a60
                                                                • Instruction Fuzzy Hash: 7FF0AFB1D012698FCB20DF60CE48BECBBB5BB84302F1041EAD109AB255D7745E84CF14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450D51, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 76d0948a08aa404bae0998c51904942448bf31bd760169517729ef26588b9c75
                                                                • Instruction ID: 00b9d880671c05bcff0577dd2be7792de6ca3865332ead233770a679c704f9da
                                                                • Opcode Fuzzy Hash: 76d0948a08aa404bae0998c51904942448bf31bd760169517729ef26588b9c75
                                                                • Instruction Fuzzy Hash: 14E09AB2C083489FCB92EBB8AC0539DBFF09F45200F4485EAC88497252E635A654CB81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450C78, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c9dcb3d156815915bd92dc8085dc011c34b1710b76bab33804e00226261c86b9
                                                                • Instruction ID: ba5b62bc831ae841585ddef1968b88624c9b54b068414432a78266490f78d719
                                                                • Opcode Fuzzy Hash: c9dcb3d156815915bd92dc8085dc011c34b1710b76bab33804e00226261c86b9
                                                                • Instruction Fuzzy Hash: 80E06D71D093889FCB12DFB8C845789BFF09F46A00F5484EFC884D7252E6356914CB82
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07451408, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 41049e58165b4d7475e28d81cff2ef47af2513e231da187bf7a0fa5e4ef4399a
                                                                • Instruction ID: b982e82c35ffb3f4359fc136a5273b014bd4e32486b06dd02ec82010bda73741
                                                                • Opcode Fuzzy Hash: 41049e58165b4d7475e28d81cff2ef47af2513e231da187bf7a0fa5e4ef4399a
                                                                • Instruction Fuzzy Hash: 6DF039749093888FCB2ADBB5888479CBFB0AF0B210F0441EFD848DB213E236498CCB11
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569EC7B, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a534370ab732c8b44e875df8440a8cbf89bfb81f79bb565f396d0abcbe2b6d84
                                                                • Instruction ID: d0876728c622bf67b27f3fa7e3dae0bdb54e2802f443485b86654f07b734de5f
                                                                • Opcode Fuzzy Hash: a534370ab732c8b44e875df8440a8cbf89bfb81f79bb565f396d0abcbe2b6d84
                                                                • Instruction Fuzzy Hash: 77F01C75C04248DFCB05EFA8C84165CBBB0FF05300F1485AACC5897351D3729AA1DF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074516C0, Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5493aea27c30b266485ca3ccb97373c530029b5db12887cc90f5ec11d7de4d50
                                                                • Instruction ID: fc1a23ae5b4debee187ade9cbdafad9e91a0e66c170ae3334a10d88bef1c9e0e
                                                                • Opcode Fuzzy Hash: 5493aea27c30b266485ca3ccb97373c530029b5db12887cc90f5ec11d7de4d50
                                                                • Instruction Fuzzy Hash: 71E01A70D01308EFC714EFA4ED097ADBBB8EB45301F1052A9C809A7245E7755990CF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074514D1, Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4ae80bbf880f0b60051b02886690a6fdf20aea140dceac30a2b2a7bf2cf22807
                                                                • Instruction ID: c864518ab1266381a1a41f20873f1ad0a539d7739f489380134dac024de0caa0
                                                                • Opcode Fuzzy Hash: 4ae80bbf880f0b60051b02886690a6fdf20aea140dceac30a2b2a7bf2cf22807
                                                                • Instruction Fuzzy Hash: 6DE0E571E452889FCB15DFB8D8442A97FF1EF4A300F1885EAC84897321D63565A1DB41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07453539, Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d591328e05d9a71a9bec5320875b1fc791d20461dd72808b58fbbc02e1ca13f
                                                                • Instruction ID: 7aa15baa349c53d658cc9f112690d012fd1682f86a90e81161922e0cbcc84253
                                                                • Opcode Fuzzy Hash: 6d591328e05d9a71a9bec5320875b1fc791d20461dd72808b58fbbc02e1ca13f
                                                                • Instruction Fuzzy Hash: 65E086F0C153489FCB96EFB485003997FF0AB05305F1045AECD08962A1E6314A54CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569EC38, Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dcceec36eaa065436460cf2abbca4d167a4f882af697219f82527d7ebb96614c
                                                                • Instruction ID: 25c21f4aac362e54e1f86d2381048dfb9cf7e2aeba0df6af276e9dbcde2cf8b5
                                                                • Opcode Fuzzy Hash: dcceec36eaa065436460cf2abbca4d167a4f882af697219f82527d7ebb96614c
                                                                • Instruction Fuzzy Hash: E4E012B5D04218DFCB45EFA8C8006ADBBF4FB04301F1085AAD954E7340D7715690DF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07451671, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40188102277ad69f43a19f7986d84e95dd3bc6fe1b844eab9b24c09a0e21c140
                                                                • Instruction ID: da897a5a798c3594f8becb99618f12d3ec533cc6b00f4d2ad26ce1bdf03bcb6e
                                                                • Opcode Fuzzy Hash: 40188102277ad69f43a19f7986d84e95dd3bc6fe1b844eab9b24c09a0e21c140
                                                                • Instruction Fuzzy Hash: 0BE08CB2C5134C9FCB95EBB4DC023AD7FB4AB45201F1845ABCD089A261D6351A948B50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450D91, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 23731732fc77d63e763f6b9e01bd0420cb1e6bda9ccd2b7d7e455ee9ba1af9a0
                                                                • Instruction ID: 113fd22add778020d34f79c1cb0445de4eecf3db504fc34ed09895f846d346d3
                                                                • Opcode Fuzzy Hash: 23731732fc77d63e763f6b9e01bd0420cb1e6bda9ccd2b7d7e455ee9ba1af9a0
                                                                • Instruction Fuzzy Hash: 17E012B0D1434C9FDB95DFB889056ACBFB0EB49300F1081EEC90897262E6719A98DF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569254F, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87f0bb7c9d31bfe2d10654f260acf7325173861df12ef38c795def9f61435655
                                                                • Instruction ID: e46f88e179f52ecdf5046ca68be6f0034d73edfc960303b6bae97d85b3c18ba5
                                                                • Opcode Fuzzy Hash: 87f0bb7c9d31bfe2d10654f260acf7325173861df12ef38c795def9f61435655
                                                                • Instruction Fuzzy Hash: 3BE0CD70C493449FCF167F64DC153687FB4EB03205F0151D6D84457656D57055B8CBA7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05690B88, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b0b85a58ce248948a2956d9222881722cc335f403657e76d7caabdc50489c9aa
                                                                • Instruction ID: 518d535467aa4fac3660b0c3c38e57e7c23b5d158d7e569de87d714cc37f4f62
                                                                • Opcode Fuzzy Hash: b0b85a58ce248948a2956d9222881722cc335f403657e76d7caabdc50489c9aa
                                                                • Instruction Fuzzy Hash: 6FD05E7584520C9FCB19DBA0EA067F97BB8EB41321F60516AC80552B60CB725EA5DA41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569EC88, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5aa37ab8dc6a9c11bac9feb471eef1d8b6c52068957281027f5fecc4bcc2b91
                                                                • Instruction ID: a46248d9434a841cbefad4cb67716075a026302368f758c57d6fefbe272abcd7
                                                                • Opcode Fuzzy Hash: c5aa37ab8dc6a9c11bac9feb471eef1d8b6c52068957281027f5fecc4bcc2b91
                                                                • Instruction Fuzzy Hash: 16E01A75D04208EFCB04EFA8C8446ADBBB4FB04300F1085AAD814A7300D7725A91CF84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569DBC3, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1171f11c9aba55dfd4a5bfc8c3411ad024676d563bcffdf5fc3018c79b4e7a69
                                                                • Instruction ID: 3fcf211277ee5491c2809b84ddd5a84d8bd63924ed8b51b3fbcdd1b9244bb06d
                                                                • Opcode Fuzzy Hash: 1171f11c9aba55dfd4a5bfc8c3411ad024676d563bcffdf5fc3018c79b4e7a69
                                                                • Instruction Fuzzy Hash: 8CF098B4905268CBDFA4CA14C888AACB776BF54341F5092E4D00A67364CA705DC1CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569EBC4, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a44b30dbc248c1d73d70f550e2e85708a2a0125d78a47ccaaebc7eb6ed2ecac
                                                                • Instruction ID: 74540a7725b8972e9d4d3475cb81cd662658a01066921fadcd6f584279a9dd60
                                                                • Opcode Fuzzy Hash: 6a44b30dbc248c1d73d70f550e2e85708a2a0125d78a47ccaaebc7eb6ed2ecac
                                                                • Instruction Fuzzy Hash: E6E0DF3046430FCA8F8CCE90EA83465BFFCF246244300266FD0105B220EA339E01C780
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 056966D3, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 306300446e660b3ba94f3850791c3f9336266199246eab3f7aee95555bd9f3aa
                                                                • Instruction ID: 232daed4133e06c1d9bd4598c7af31ce49b1ba9b28303b5cdda468dd782c44a5
                                                                • Opcode Fuzzy Hash: 306300446e660b3ba94f3850791c3f9336266199246eab3f7aee95555bd9f3aa
                                                                • Instruction Fuzzy Hash: BDF01F74916328CFCB65CF68CA80A99BBB5FB09300F5011D9E449A7310D7319E81CF00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569F4A8, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 99d6f6923e7d015ed6f04a27d2a0bc20f4d297074433453670a08388a6b23779
                                                                • Instruction ID: b081ad586afd1e9820087c869338eb42c5b280c77e519922b18f18e6c38431c2
                                                                • Opcode Fuzzy Hash: 99d6f6923e7d015ed6f04a27d2a0bc20f4d297074433453670a08388a6b23779
                                                                • Instruction Fuzzy Hash: 69E08670D0020CDFCB18EFA4D80079CB7B5AB44600F2081A9C90897351D6316A94CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07451449, Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e86a226f25783834923829daf327196beefdda4ea053a46d728345836c2eea81
                                                                • Instruction ID: 477303ac3a2728470859868ea9fb6b2960885c1a817f7b08e48c1716bd79952a
                                                                • Opcode Fuzzy Hash: e86a226f25783834923829daf327196beefdda4ea053a46d728345836c2eea81
                                                                • Instruction Fuzzy Hash: 85E04F718052948FC701DFB8DC052987FF0EF0A201F1805D6C884D7212D63155A4CB82
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450DE0, Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5b44dc97acc668ea7060194f774895e07935ff2f3c2061e5ad6582f550d9f963
                                                                • Instruction ID: cb25f8afc9922f0f3a6c9c4c6ac5108114ebe3a2aeb86c9ce3f19fee60da9a14
                                                                • Opcode Fuzzy Hash: 5b44dc97acc668ea7060194f774895e07935ff2f3c2061e5ad6582f550d9f963
                                                                • Instruction Fuzzy Hash: 13D017B4D44208AFCB54EFB8D8057ADBBB5AB44300F1081AAC818A3354E6316A94CF85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569F668, Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8164f4e1fc341cff35a570f61048ffd98cbda8c8924ef7b64791070fbefb58a
                                                                • Instruction ID: d899b52a4b5f801aa24fabb121fc0bda4db522bc2409cfa129777598cb9ef15a
                                                                • Opcode Fuzzy Hash: e8164f4e1fc341cff35a570f61048ffd98cbda8c8924ef7b64791070fbefb58a
                                                                • Instruction Fuzzy Hash: EFE0EC71D04308DFCB55EFB8940535DB7B4AB44201F1041A9C80896750E6355590CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450D60, Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45a081ef3ebbf176bff1746e5f53d444d417e76946dae145bcaec91c4a41756c
                                                                • Instruction ID: c24549b07464ef15d7e0005cbecc139031a113655e097011750f53a696525b06
                                                                • Opcode Fuzzy Hash: 45a081ef3ebbf176bff1746e5f53d444d417e76946dae145bcaec91c4a41756c
                                                                • Instruction Fuzzy Hash: 2AD017B4D0420CAFCB55EFB9A8043ADBBF4AB44201F1091AAC89896251E6355694CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450C88, Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: feb93efb404947684e518a21fdfa8237643ce1a54af41a5c50396cb7ac766309
                                                                • Instruction ID: e7ccbaac93db68c032a0c8985b51ea3cfc20e3204d393ea7977aab57c69484f3
                                                                • Opcode Fuzzy Hash: feb93efb404947684e518a21fdfa8237643ce1a54af41a5c50396cb7ac766309
                                                                • Instruction Fuzzy Hash: D5D017B5D00208EFCB54EFB8D84539DBBF4AB44701F2081AACC0897390E6315A50CF82
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07450DA0, Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b8296a5ae3db95989e8170bb67eb0c3f27944a473d6b73c4d36c8833a67ecd2e
                                                                • Instruction ID: cf671b6b42677e51db078ba3a75e01e83520d79e23e74c35894fbf9b943e424a
                                                                • Opcode Fuzzy Hash: b8296a5ae3db95989e8170bb67eb0c3f27944a473d6b73c4d36c8833a67ecd2e
                                                                • Instruction Fuzzy Hash: 67D017B4D0020CAFCB94EFB8D80439DBBF4AB04300F0081AAC80897351E6716A94CF81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BD69, Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc456aefacfdb845184bcffc2924f054dd8801e95ad86545339fb1dfe5530e7c
                                                                • Instruction ID: f1a412b40f1fef9b6edf4a29ea4f922db3019e6c0477241409d6ba4c93825512
                                                                • Opcode Fuzzy Hash: dc456aefacfdb845184bcffc2924f054dd8801e95ad86545339fb1dfe5530e7c
                                                                • Instruction Fuzzy Hash: A7E012B4C4A209DECF24DFA0E6945AEBBF1FF46740F201A1AD452B2660D3741B02CB20
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BA13, Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9be77ec5a2e31d6b611349044503e72b4a0f684b016a022e51ed5dd82a6262c3
                                                                • Instruction ID: 5bd91dba5e69f04806ede0c2566fa96aeb062d71286c2a9fe1b39487b19b06bb
                                                                • Opcode Fuzzy Hash: 9be77ec5a2e31d6b611349044503e72b4a0f684b016a022e51ed5dd82a6262c3
                                                                • Instruction Fuzzy Hash: 9EE01A78C05218CFCB64CFA0E98469CBBF4FB08211F6095AAE449E7344DB344A84DF20
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07452B1C, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 322f14350c1437cf47c54eaf0006cd118aebd1170da0b55d871b0cd534c8d7f2
                                                                • Instruction ID: e1885fe5709653de22a97bdfd50c3524c7da6de56af898c8c89c184120e5f9d5
                                                                • Opcode Fuzzy Hash: 322f14350c1437cf47c54eaf0006cd118aebd1170da0b55d871b0cd534c8d7f2
                                                                • Instruction Fuzzy Hash: EDE09275C052298FCF20DFA0CA44BDDBBF5AB19340F1044D99158B2251D2755B95CF14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016D23F4, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250874816.00000000016D2000.00000040.00000001.sdmp, Offset: 016D2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 958217a527456474944f12586a70db4b836b26963b0a2717022352c38065313b
                                                                • Instruction ID: 9b72081ba0151798440d5b3dbf5161c5e5083c47d766f400ca9fe693b770b059
                                                                • Opcode Fuzzy Hash: 958217a527456474944f12586a70db4b836b26963b0a2717022352c38065313b
                                                                • Instruction Fuzzy Hash: 95D05E79606A814FE3278A1CC5B8B953BA4AB91B04F4644FDEC008B763C369D5D1D200
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074522F5, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2d690f8ab5ff4b1912763a7d56f9b594bacf831ceed52c4b20ec53dfdf872a8
                                                                • Instruction ID: d0782a120c27485173f8f943d2829f83a8b5fffd7df9cde89c5203946376a133
                                                                • Opcode Fuzzy Hash: d2d690f8ab5ff4b1912763a7d56f9b594bacf831ceed52c4b20ec53dfdf872a8
                                                                • Instruction Fuzzy Hash: 60E0EC74D4521D9BCF24CF90DD95BDDBBB1BB08340F1084DA9A28BB291DB756A818F04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05692560, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91aebec66da654661f9d18fdfb0ee048d4d2e789b178bfb08a8d04cef140e524
                                                                • Instruction ID: f3a2ea9ded9c8e74496eff9a27bd8563a0a8826f0737f484387ed171ba1df6fc
                                                                • Opcode Fuzzy Hash: 91aebec66da654661f9d18fdfb0ee048d4d2e789b178bfb08a8d04cef140e524
                                                                • Instruction Fuzzy Hash: DED0C970C493089BDB19AFA4ED19369BBB8AB02206F1052A9D80826645DA7115A4CBA6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05694732, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2be15dcba24ce11a153c7bba4bb9bbcd24e4893751a6dd85b6c7e0a939cec310
                                                                • Instruction ID: 508c52537cce9d8ebbc1809d788fd320bfc29f9e72d7bf91e81c8bed12a62f00
                                                                • Opcode Fuzzy Hash: 2be15dcba24ce11a153c7bba4bb9bbcd24e4893751a6dd85b6c7e0a939cec310
                                                                • Instruction Fuzzy Hash: 90E01270D02228DFDF50DB24DC80B9CBBB6FB40200F00429AD40AAB218DB306E80CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05693FE0, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 852f0f1be85ecf23c2ae41d252ab01b51b988992af9beb786239346fdb3764a6
                                                                • Instruction ID: c44aa56d22723d26ec6bab63a9ccce95777805cfb479ca56a0c799b8d922e155
                                                                • Opcode Fuzzy Hash: 852f0f1be85ecf23c2ae41d252ab01b51b988992af9beb786239346fdb3764a6
                                                                • Instruction Fuzzy Hash: 47D0A9324042088BC720ABB2AC0932A76ECEB05212F002260D909D7200EA3204A0CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569D1CF, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1c184c3baae3e80092946292679d79f8f66cd1ba73d0eb1c34a30e99252fdb1
                                                                • Instruction ID: c2c03d86a22445328007adc2b43774a4f8186c09e1fc309bce6b595f4fdef8c5
                                                                • Opcode Fuzzy Hash: d1c184c3baae3e80092946292679d79f8f66cd1ba73d0eb1c34a30e99252fdb1
                                                                • Instruction Fuzzy Hash: 91E01AB4904328CFCB64CF20D949689B7F1AF05304F0092D6915AEB251CA300E80CF00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05690B98, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5df9d0d1680d00d0efc8084d24cdc6df27bf037eecd08149b11e8bb3847b8b82
                                                                • Instruction ID: e704996db97e8e2ee340257cd674aab0669e19df1662932e88751d46101999db
                                                                • Opcode Fuzzy Hash: 5df9d0d1680d00d0efc8084d24cdc6df27bf037eecd08149b11e8bb3847b8b82
                                                                • Instruction Fuzzy Hash: 56C0127080520CDBC719DB94DE05769B3ACDB01724F6011A8D80513750DE725EA0C695
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016D23BC, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.250874816.00000000016D2000.00000040.00000001.sdmp, Offset: 016D2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c3fdcc387662d54063783a72ba3e2f111e49fcff377b751170510d3d0189090
                                                                • Instruction ID: b5971595425adaa36b605fe4d456a28edf06e6bee619f0c00d3c051956edfaf3
                                                                • Opcode Fuzzy Hash: 4c3fdcc387662d54063783a72ba3e2f111e49fcff377b751170510d3d0189090
                                                                • Instruction Fuzzy Hash: 0BD05E346002818BD715DB0CC5A4F593BD4AB81B00F0745ECAD00CB3B2C7A4D881C600
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074521DB, Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be25383297f084bb683aadd0de98a49084e5266d612491b7b4b62cca4b369064
                                                                • Instruction ID: 492572ff3a91ad0c41b1441d9e3369f3ef49a455ad5e51638a5c4574066ef331
                                                                • Opcode Fuzzy Hash: be25383297f084bb683aadd0de98a49084e5266d612491b7b4b62cca4b369064
                                                                • Instruction Fuzzy Hash: 65D017B681462CCECB208F34CA583D8BAB5BB21350F4447E6816563295C7F60BC48F00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07451F8B, Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4b0590199e54b8defd5b8a870dd26076f986d06fe85e7206f397710560411f7
                                                                • Instruction ID: c97d337a40ffb4811394b615e5308dbb50f1b8b22ff752b3bbddfc916ec2e30c
                                                                • Opcode Fuzzy Hash: a4b0590199e54b8defd5b8a870dd26076f986d06fe85e7206f397710560411f7
                                                                • Instruction Fuzzy Hash: 97E0E2B5926229CECB24CF60C9447DABBB0EB12340F4054EA8189A6244D7745BC5CF55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BE44, Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 23738c76548255cfe71598df672130789e856b300611ab0d7d3bbe22d88de9dc
                                                                • Instruction ID: 20012b8fa8aefac73be9efdcd337f024acd6e39b3e1ac9e09adfa6a83a7fd037
                                                                • Opcode Fuzzy Hash: 23738c76548255cfe71598df672130789e856b300611ab0d7d3bbe22d88de9dc
                                                                • Instruction Fuzzy Hash: 0FE0B634E05368CFDB64CF64E884B9DBBB6FB49200F20A199E049A7214D7305E50CF11
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569B8F1, Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8aff470f137f7c2df79be15bb474ceb47c669f6ddc495de96556c04f082b806e
                                                                • Instruction ID: dc281bcbee8b7e5141d1ae73ffaf73fa4439346d3d435677f12d692e0dc0bc59
                                                                • Opcode Fuzzy Hash: 8aff470f137f7c2df79be15bb474ceb47c669f6ddc495de96556c04f082b806e
                                                                • Instruction Fuzzy Hash: E7D05E35C14219EFCF18CFA0E6886DCBBF4AB14350F50202AA001A6264C7344680CF14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07451F4E, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 73d779a590a9bd3ab40faeca3df0c4f1b2ef28b5f0804ecf8fb4742182c06176
                                                                • Instruction ID: 3d70d2f3044943efa6f2d794f6408956d3b3f135b382e6a5cd123e7769f7fa0f
                                                                • Opcode Fuzzy Hash: 73d779a590a9bd3ab40faeca3df0c4f1b2ef28b5f0804ecf8fb4742182c06176
                                                                • Instruction Fuzzy Hash: 19D01774C0622B8BCB64EF24CE40B99F7B1ABA5200F0048EA8608A7200D2305EC48F04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05695FB6, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe5a97feb33560fda609eab59101038e5f91838ffe14b3effb3720679b3105c9
                                                                • Instruction ID: 280680207142317c0fcd522f1116cab6b6eea74466dfc5b2a6cd7d0b744e821d
                                                                • Opcode Fuzzy Hash: fe5a97feb33560fda609eab59101038e5f91838ffe14b3effb3720679b3105c9
                                                                • Instruction Fuzzy Hash: 45D06C74502314CFCB69CF24DA948987BB6EF5A392F511198E40A6F295CB32DAD1CF04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05699454, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 56fa24f95afcb760befbce0ec7c6b32288e10289f5d66230e9bdf3c019b08ecf
                                                                • Instruction ID: aa75fb657852c2c4a378d22d2eee1468e625935297c210ab7cc4f0165e2dac47
                                                                • Opcode Fuzzy Hash: 56fa24f95afcb760befbce0ec7c6b32288e10289f5d66230e9bdf3c019b08ecf
                                                                • Instruction Fuzzy Hash: 93D01730E02269DACF54DF60E980A98B7BABB44200F0008A88509A7109DB305E42CB81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 07452472, Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cdb8b15abdc563b9768bcf59292171ac669bad98121f5facee2f1ec760e1e6c3
                                                                • Instruction ID: 75bd285972cc5c2605e09169777805e18f84d59151d0022ab18133b1ecd46c8f
                                                                • Opcode Fuzzy Hash: cdb8b15abdc563b9768bcf59292171ac669bad98121f5facee2f1ec760e1e6c3
                                                                • Instruction Fuzzy Hash: 35D05E758202248ECB20CE24CA442D8BAB09B11310F4092DA8065620D5C67007C18F10
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BB79, Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a16fd7fd3e0eaf4248a60c568665fd00581880b548588c2ac6f8fecde60b26f
                                                                • Instruction ID: 2b3943ea82d1d09687f8f0c3fe663ac9bde89dc988c556c084d1e4e80cff3585
                                                                • Opcode Fuzzy Hash: 9a16fd7fd3e0eaf4248a60c568665fd00581880b548588c2ac6f8fecde60b26f
                                                                • Instruction Fuzzy Hash: DDD09274C09249DECF24CFA0E5814ACBFF1AB4A350F60211AA05AAB250D6385651CF00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BC5A, Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7dd89b0efa6c560fe334cf908e75d60f281900f9d82f892f04089fed305b2e55
                                                                • Instruction ID: fe634bb67d1002362ac3efdcd37c9d9e149faa577c871192d69431ab7f5f6575
                                                                • Opcode Fuzzy Hash: 7dd89b0efa6c560fe334cf908e75d60f281900f9d82f892f04089fed305b2e55
                                                                • Instruction Fuzzy Hash: 92C08C3400C104EFCB60CB50FC8459F3AA8EB40350F209284E143AA038CB3009418B44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569B8A2, Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 08e72183ed4fe6615544f4e5c46b249223131767b6ef5bb1f69fcb6d285fb473
                                                                • Instruction ID: dd3977bbda0a29a815647fa8fec19df19fc2f9af8fbd112178dffc1442f1886f
                                                                • Opcode Fuzzy Hash: 08e72183ed4fe6615544f4e5c46b249223131767b6ef5bb1f69fcb6d285fb473
                                                                • Instruction Fuzzy Hash: 46C08C328D6609AFCB82CAD0FA8989EFBACFB005107103582A0029A120D220A309C728
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 074524A4, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.262578614.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad5877a71025f42f909280fbeae88e09923effb51e75127d411a8e0598a61762
                                                                • Instruction ID: a283465fa44ad7db5152561d7f424391fad5478e0d80d5c8d2c0f4b3302d2f37
                                                                • Opcode Fuzzy Hash: ad5877a71025f42f909280fbeae88e09923effb51e75127d411a8e0598a61762
                                                                • Instruction Fuzzy Hash: 7CC08C70C1210A8EC3208E108E006A8B7B0A716241F007486C51EAB008D27081428A08
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BCA3, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17a6f9f441ace66a5bdd5f9234d06b7e20e606e28d105ae02a9b03e93b6a970b
                                                                • Instruction ID: ffe30dfd72825fadad4d66761291f324773631e62ab5699fb5f79180e9881d89
                                                                • Opcode Fuzzy Hash: 17a6f9f441ace66a5bdd5f9234d06b7e20e606e28d105ae02a9b03e93b6a970b
                                                                • Instruction Fuzzy Hash: ABC08C3588A206DBC704CFA0FCC005DBBBEE702361F103A199002AF028CB309550CF20
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0569BBE0, Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.256216645.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eab58e3f44f02246a646b1e7648a9c1042ef1a0e524e908606a2370d510f48a2
                                                                • Instruction ID: 9afa6ba9789a016fd2055d0e2e24e357e7d6fe007bde50f1d401c2b0acd487da
                                                                • Opcode Fuzzy Hash: eab58e3f44f02246a646b1e7648a9c1042ef1a0e524e908606a2370d510f48a2
                                                                • Instruction Fuzzy Hash: 0FC09234904284DFCB14CF60FC98A6E7BBAFF45321F109288E21AA7228CB302C81CF45
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Analysis Process: file.exe PID: 7156 Parent PID: 6588 file.exeCOMMON

                                                                Executed Functions

                                                                Function 0164145B, Relevance: 1.7, Strings: 1, Instructions: 418COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,
                                                                • API String ID: 0-3772416878
                                                                • Opcode ID: 719f4da23e622c6bca3ac9226a2e4e2a7ba1cbab273efd463deadd9301f3cb3a
                                                                • Instruction ID: cb5409d44d83bd814650ea87df5ae6544b0a04905dc84707243fcdb3cc212f45
                                                                • Opcode Fuzzy Hash: 719f4da23e622c6bca3ac9226a2e4e2a7ba1cbab273efd463deadd9301f3cb3a
                                                                • Instruction Fuzzy Hash: F5F1CB30B002059FD714EB74D840AAAB7E2FF89318F158569D9169F3A1DF74ED86CB81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640A48, Relevance: .2, Instructions: 170COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 143694486eb5bfe1263b0842f50d8a85758d9833075ed80a0c23269cfad87ff2
                                                                • Instruction ID: 789b54a1a5358d6c999f25e422cab37d42b9898742e1ea7927499fc2e19e1406
                                                                • Opcode Fuzzy Hash: 143694486eb5bfe1263b0842f50d8a85758d9833075ed80a0c23269cfad87ff2
                                                                • Instruction Fuzzy Hash: 92518B31B102148FDB44DF68C454AADBBF2BF89714F2580AAE506EF7A5CB719D02CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016408B0, Relevance: .1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 471a65f9e5d3a487abbd8f918a44bb3215ac0e32440061b3dc3eb824af1880c3
                                                                • Instruction ID: a723bb9a45e02015507c01ea0b0645ab797c1156af3d5e85a67c64c2b42fba32
                                                                • Opcode Fuzzy Hash: 471a65f9e5d3a487abbd8f918a44bb3215ac0e32440061b3dc3eb824af1880c3
                                                                • Instruction Fuzzy Hash: D941E135B042148FDB14DF68C854AAEBBF2BF89204F1544AAE105EF3A1CB75DC05CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640660, Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d013e59daf2c0c97e7ba72c7ad0aacfbd1bd76f4991e49552e16d6c59e772da8
                                                                • Instruction ID: 773e61fc367c231ff59b9e0ddb0a9f6aec3343c9e31ca00fc7db3135a88ed0da
                                                                • Opcode Fuzzy Hash: d013e59daf2c0c97e7ba72c7ad0aacfbd1bd76f4991e49552e16d6c59e772da8
                                                                • Instruction Fuzzy Hash: B741FC34606209CFD7A4EF35E5444497772FB8E3093118969D8219B364EF39AD8BDF80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640D60, Relevance: .1, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c1b83f01943aa62cc12f4898123610930b18fa1da6e93a2f35ecc0e8db20e6d
                                                                • Instruction ID: cb55d46f7bba952c9165c6c6c3f21f6d9c9d7355871176ce802266a80cc7666f
                                                                • Opcode Fuzzy Hash: 4c1b83f01943aa62cc12f4898123610930b18fa1da6e93a2f35ecc0e8db20e6d
                                                                • Instruction Fuzzy Hash: 71319071E04208DFCB54DF68C9405AEBBF2EF88304B1585A9D959DB305DB34EE96CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016408A0, Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1eec4863df3bf8e657c7ce81252f5b53a3d6d2327e638046b366147281da2a7c
                                                                • Instruction ID: 034b5cb5246c505db9132f4c4092ae8a29705804741aa591e514d29618b6cfdc
                                                                • Opcode Fuzzy Hash: 1eec4863df3bf8e657c7ce81252f5b53a3d6d2327e638046b366147281da2a7c
                                                                • Instruction Fuzzy Hash: AF31CF35A002058FEB14DFA8C454AEDBBF2FF89304F1485AAE501AB7A1CB71EC45CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015CD3B4, Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.471929119.00000000015CD000.00000040.00000001.sdmp, Offset: 015CD000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 325587931e573d72ac0a77b7b9a3cd4b6a83fc8e1c2e30e46caf4433dc52f5bd
                                                                • Instruction ID: 8e0a22604b78ee331564a31d3b13ed1e01e2ca4986c8f54ecc6f8540dfaa63b8
                                                                • Opcode Fuzzy Hash: 325587931e573d72ac0a77b7b9a3cd4b6a83fc8e1c2e30e46caf4433dc52f5bd
                                                                • Instruction Fuzzy Hash: 102100B1508240DFCB01DF94D8C0B6ABBB5FB84B24F24897CEA058E246C376E846C6E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640578, Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05c84e0421991982187812eedc9d012752661b28b4ba691af4137c8d9b0d6501
                                                                • Instruction ID: 88543b61170ecb92b7d91084036e12f10ee8046f942a7641b995660ff82c76da
                                                                • Opcode Fuzzy Hash: 05c84e0421991982187812eedc9d012752661b28b4ba691af4137c8d9b0d6501
                                                                • Instruction Fuzzy Hash: D411DA307222218FEB786B749D586BE3BA5EF44646751002CFA13CA385FF24CC45DBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640580, Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f0bff9c5f8a8cc93c947a7b99b54625dcd7568de31a6f1f4539fb1447257454f
                                                                • Instruction ID: 923b0db2783cff700b407bc73cd84a1f6fea3aaf3b143e4dbf1d66e733779f9d
                                                                • Opcode Fuzzy Hash: f0bff9c5f8a8cc93c947a7b99b54625dcd7568de31a6f1f4539fb1447257454f
                                                                • Instruction Fuzzy Hash: EA1129307122218BEB7C3B759D186BE3AA4DF54546711042CFA13CA782FF24CC45DBA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 015CD3AF, Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.471929119.00000000015CD000.00000040.00000001.sdmp, Offset: 015CD000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0c4970787f2fda04949aac124d9468e0093009a6ce9120cc45a5e3f71d40d573
                                                                • Instruction ID: d190280d01a0f6b703af765162af046eae2a3cdf0ffab0ac771e9681de868490
                                                                • Opcode Fuzzy Hash: 0c4970787f2fda04949aac124d9468e0093009a6ce9120cc45a5e3f71d40d573
                                                                • Instruction Fuzzy Hash: BA11CD72404280CFCB02CF94D9C0B5ABF71FB84324F24C6A9D9054B616C376E45ACBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016409CD, Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db1b7726341215555e2af7b0463d1be614c0f94a51f1a0f64f45c5ec08ad21a0
                                                                • Instruction ID: c423c9a58ff2332a629993652182f323c37e5ef7aa1c928adeedc96a62fe45b4
                                                                • Opcode Fuzzy Hash: db1b7726341215555e2af7b0463d1be614c0f94a51f1a0f64f45c5ec08ad21a0
                                                                • Instruction Fuzzy Hash: 6901F43130D3944FC35A973C68244AE3BF2AFCB16431640BBD20ACF3A6DE258C068766
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640A10, Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000A.00000002.472338178.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 88147452a41f06654dd3ad5a51bceae549b192a2f7eecf4ff9f19c7d7915db9d
                                                                • Instruction ID: 9597d69ff58c53cc9c615a08ac50b7f4e35486a8e1aa8a7e40c1d5951f3b5947
                                                                • Opcode Fuzzy Hash: 88147452a41f06654dd3ad5a51bceae549b192a2f7eecf4ff9f19c7d7915db9d
                                                                • Instruction Fuzzy Hash: 92E0C2313012044F8364977EA88489BB7DAEFDA1B531500BAE11EC7321DE71CC058390
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Analysis Process: name.exe PID: 800 Parent PID: 6612 name.exeCOMMON

                                                                Executed Functions

                                                                Function 0521ACC8, Relevance: 2.2, Strings: 1, Instructions: 945COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: r
                                                                • API String ID: 0-1812594589
                                                                • Opcode ID: 8c6612a5a3b1788fadced5ce53d6a7893156f245e3b78ea17858f780a5a4369a
                                                                • Instruction ID: 1abcf6e3e451a54bdee09910568ea8b5b9c142c02ca6e50f8d7fbfde9948cff0
                                                                • Opcode Fuzzy Hash: 8c6612a5a3b1788fadced5ce53d6a7893156f245e3b78ea17858f780a5a4369a
                                                                • Instruction Fuzzy Hash: 75926970A10605DFCB14CF68C884AAEBBF2FF98310F15C569D95AAB651DB30E981CF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05213850, Relevance: 2.0, Strings: 1, Instructions: 757COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: >_6r
                                                                • API String ID: 0-1632090214
                                                                • Opcode ID: ed7b39279477af3881276acdd6f98f2451ceb439f2b0acbf959e15305058c2f1
                                                                • Instruction ID: 20cd7c29b5f2ab6dd94ba0c8e55851bfd3f0e960447b0888d65350fa19be8c09
                                                                • Opcode Fuzzy Hash: ed7b39279477af3881276acdd6f98f2451ceb439f2b0acbf959e15305058c2f1
                                                                • Instruction Fuzzy Hash: AB42F671A14206CFCB15CF68C4849AAFBF3FFA5300B1589AAD9199F212D771ED42CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05342428, Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • bind.WS2_32(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 053424DB
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: bind
                                                                • String ID:
                                                                • API String ID: 1187836755-0
                                                                • Opcode ID: 507e6b9392558a6328c72266516ded3990c92aa9e8caf9638d46196aec51a19e
                                                                • Instruction ID: be44fac8a2d0b7a34dc3520e93b9b7aa285558ceac5360524fa629815d18a881
                                                                • Opcode Fuzzy Hash: 507e6b9392558a6328c72266516ded3990c92aa9e8caf9638d46196aec51a19e
                                                                • Instruction Fuzzy Hash: 70315A7550A3C05FE7138B208C54B66BFB8EF47610F0984DBE984DF1A3D268A849CB72
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340EF3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05340F73
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: AdjustPrivilegesToken
                                                                • String ID:
                                                                • API String ID: 2874748243-0
                                                                • Opcode ID: dbfea71f543885339878d932baa37d5f14f045af10cd47458f548b0a48a06ffa
                                                                • Instruction ID: 36f1e318fcd4005772f26f4cd049c01cae82b3d14954d270c443747147d1f15d
                                                                • Opcode Fuzzy Hash: dbfea71f543885339878d932baa37d5f14f045af10cd47458f548b0a48a06ffa
                                                                • Instruction Fuzzy Hash: 6821B1755097809FDB138F25DC44B52BFF4EF06210F0885EAE9858F563D270A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534112F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 053411A5
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: 0a58654b336b2f79d7fff0cf96b4c1d735bda83e566c23922433f7197cc6c679
                                                                • Instruction ID: a3fe2da0f269f8851284c80107a07db34282a466e04ab55cb84eb9dbfbc6c752
                                                                • Opcode Fuzzy Hash: 0a58654b336b2f79d7fff0cf96b4c1d735bda83e566c23922433f7197cc6c679
                                                                • Instruction Fuzzy Hash: 2B21DE714097C09FDB238B20DC41A62FFB0EF06214F0980CBED848B1A3D375A509DB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534247A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • bind.WS2_32(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 053424DB
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: bind
                                                                • String ID:
                                                                • API String ID: 1187836755-0
                                                                • Opcode ID: d5ae874221d11c9927d7a6ee5071a6aa6c06921c1393dcbe059db6ca17dac779
                                                                • Instruction ID: f8832eb2299d559ea78514445a229b07d1813a92653e3355355f16ba322461ab
                                                                • Opcode Fuzzy Hash: d5ae874221d11c9927d7a6ee5071a6aa6c06921c1393dcbe059db6ca17dac779
                                                                • Instruction Fuzzy Hash: E2118B75500244AFE721CF55DD84FABFBE8EF44A20F0484AAFE49AB241D7B4A904CA71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340F2A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05340F73
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: AdjustPrivilegesToken
                                                                • String ID:
                                                                • API String ID: 2874748243-0
                                                                • Opcode ID: 5218a54f2c3b36aadf0e372b436a9fab0e39f9ca9324bc15a48dd40aa037dc13
                                                                • Instruction ID: 8d9ef91a687fdd4a38e228bb76e52c58b6408c7986a912a70855706ff9b52288
                                                                • Opcode Fuzzy Hash: 5218a54f2c3b36aadf0e372b436a9fab0e39f9ca9324bc15a48dd40aa037dc13
                                                                • Instruction Fuzzy Hash: 3C119171A006009FDB21CF55D844B66FBE4EF04610F08C5AADE468F651D371E514DF71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340BB6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemInfo.KERNELBASE(?), ref: 05340BE8
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: InfoSystem
                                                                • String ID:
                                                                • API String ID: 31276548-0
                                                                • Opcode ID: 20e574090e498a06a8f93f598e1b355c7c42a1ae016ed0ef42e396035397070d
                                                                • Instruction ID: 24076e91ba66898fc7815088f0fd642f8325a024f25ab003655d6b179f71c546
                                                                • Opcode Fuzzy Hash: 20e574090e498a06a8f93f598e1b355c7c42a1ae016ed0ef42e396035397070d
                                                                • Instruction Fuzzy Hash: 2001D170904244DFDB10CF16D988B66FFE4EF44720F08C4AADE498F612D275A848CFA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534116A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 053411A5
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: f034f8de181f4f7f888658531defc452acc9c1b03a3c8dc7cf48ee78b585fc23
                                                                • Instruction ID: 702cc580e530d98be1c6f66f6b0f9f50b2b3a820d2972d68e544dbfaa2c7b374
                                                                • Opcode Fuzzy Hash: f034f8de181f4f7f888658531defc452acc9c1b03a3c8dc7cf48ee78b585fc23
                                                                • Instruction Fuzzy Hash: 05018B35900A40DFDB21CF46D884B66FFE5EF08720F08C59ADE8A4BA12D375A458CF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218468, Relevance: .5, Instructions: 505COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b119b39014387b01b2944d818b1b4595f726d1dcba88bcf878cf10ce8735177b
                                                                • Instruction ID: 12dec949ce5911a8781915bd701c9b5055b8d73deb1e248a248ea44cb45b6fd5
                                                                • Opcode Fuzzy Hash: b119b39014387b01b2944d818b1b4595f726d1dcba88bcf878cf10ce8735177b
                                                                • Instruction Fuzzy Hash: F112FEB4E20215CFDB24CF25C58066EBBF6FF99300F55856AE80AEB241DBB98841CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052123A0, Relevance: .5, Instructions: 505COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a06225de903a33a31cb2b3857b0aad8ae3e1ce25fc4dbc65dc60f34a512c762a
                                                                • Instruction ID: 1e8e3b44c4ee2e60dbed1d0643f88bc8c49ed6e2dfba6c711e5a170f84cd1d9d
                                                                • Opcode Fuzzy Hash: a06225de903a33a31cb2b3857b0aad8ae3e1ce25fc4dbc65dc60f34a512c762a
                                                                • Instruction Fuzzy Hash: 4512B078E20256CFCB24DF6AC58466EB7F3FF94300F248569E906AB250DB78C846CB54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219068, Relevance: .2, Instructions: 239COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: edd79978a4095d23ca1040c59ec324b0bf59c1c52a1802c2c17e8fd5cea1f14a
                                                                • Instruction ID: 987fc8124bd01dfca1d59f050da9833c18c7ab8059e014c0d37dac9249723693
                                                                • Opcode Fuzzy Hash: edd79978a4095d23ca1040c59ec324b0bf59c1c52a1802c2c17e8fd5cea1f14a
                                                                • Instruction Fuzzy Hash: DB81C172F111159BDB04DB69C8A0A6EB7F3AFD8710F298079E80AEB355DE719C41CB84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05212FA8, Relevance: .2, Instructions: 239COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc533e654739830ce119648482f5c6da0c75ff0a8680c68e192ddde968825017
                                                                • Instruction ID: 59672c69c2b0bf5ba2533020849602f369c28624a3c5219a99699db238a42fcf
                                                                • Opcode Fuzzy Hash: fc533e654739830ce119648482f5c6da0c75ff0a8680c68e192ddde968825017
                                                                • Instruction Fuzzy Hash: 9881B172F101159BDB14DB69C854A6FBBF3AFD8310F2A8478E80AEB355DE749C018B94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052109A5, Relevance: 5.2, Strings: 4, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr$X1Xr$X1Xr$X1Xr
                                                                • API String ID: 0-4129027855
                                                                • Opcode ID: 3b4055b82efe0626e6c6abb812a4ddf48855d418b248e54d3d64d322606b0999
                                                                • Instruction ID: f112806c8b9feee3f9bc3ec1b4c0121b2bb3e57cb6f45fd65e770f41af6c0ffb
                                                                • Opcode Fuzzy Hash: 3b4055b82efe0626e6c6abb812a4ddf48855d418b248e54d3d64d322606b0999
                                                                • Instruction Fuzzy Hash: D551D135B20215EFCB54DBA4C958AAFB7F3BF94704F208469E9069B250DB749D42CB84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052102E8, Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: :@1r$`5Xr
                                                                • API String ID: 0-3722117331
                                                                • Opcode ID: dda4ca84bd43a3a80fde2554ce02ddd7f0696b362e337aa83828d93b97513201
                                                                • Instruction ID: eca66165c84469423cb3574b40de8bdc7707dd3dad26eef7d715e3fd6700c958
                                                                • Opcode Fuzzy Hash: dda4ca84bd43a3a80fde2554ce02ddd7f0696b362e337aa83828d93b97513201
                                                                • Instruction Fuzzy Hash: EB519E34A14205CFDB08DF68C494B6E7BF2FF88700F288469D90AAB761DB75AC41CB56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05212D58, Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $>_6r
                                                                • API String ID: 0-3257682475
                                                                • Opcode ID: 2825ab6ef55e2b6620b47c7c290157ef7fc78f60ccc2ce757813ff7c205153f6
                                                                • Instruction ID: 4dddf30eadd62fa47f9e02dc7a3b5dcdee8af3070bb02b96afe823b25476c0ee
                                                                • Opcode Fuzzy Hash: 2825ab6ef55e2b6620b47c7c290157ef7fc78f60ccc2ce757813ff7c205153f6
                                                                • Instruction Fuzzy Hash: 6841E438F24116CBCB14CF66C8405BFB7E3BFD0244B148426E816DB605C675E842CB9A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218E18, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $>_6r
                                                                • API String ID: 0-3257682475
                                                                • Opcode ID: ac713448a995be9ffa3111e2e4596576165235dcc83aea74177b5153e2587501
                                                                • Instruction ID: 29b8c1002b63d0f667762d1b6b408c27a25da071d29b23d3db8da7e16358e3a3
                                                                • Opcode Fuzzy Hash: ac713448a995be9ffa3111e2e4596576165235dcc83aea74177b5153e2587501
                                                                • Instruction Fuzzy Hash: 9D41AE71E241168FCB10CF65C8C09BFB7F3BF94314B64CA2AE919DB605E675D8028B99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052143C0, Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr$X1Xr
                                                                • API String ID: 0-3809233243
                                                                • Opcode ID: 0d32d8ec73b034d9bdc4a3ebb59af189cb576f9e0d9bd4d59799098a56d8f485
                                                                • Instruction ID: e5324087b0ea412b6aa9034708398e5c22c7044dc79ddf1b954a221038cf3e7e
                                                                • Opcode Fuzzy Hash: 0d32d8ec73b034d9bdc4a3ebb59af189cb576f9e0d9bd4d59799098a56d8f485
                                                                • Instruction Fuzzy Hash: 63411739A10144CFCB05EFA8D8488AE7BF2FF9431431485A9D50AAB221EB399C57DB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C498, Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -?Np^$=?Np^
                                                                • API String ID: 0-2626349109
                                                                • Opcode ID: ee31343d1fd67342b92c495bb036143811e2d61ad64ecd62b3abd07796bd4708
                                                                • Instruction ID: b7dbafd0b8bbf1e3bd3edbf62ca58e2a9c5352c28006d6e17ceab625f25afdf7
                                                                • Opcode Fuzzy Hash: ee31343d1fd67342b92c495bb036143811e2d61ad64ecd62b3abd07796bd4708
                                                                • Instruction Fuzzy Hash: 92110434368210DBD209E768D04013FB7E39FE1604784885EA64FAB740EFB6EC028F5A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C488, Relevance: 2.6, Strings: 2, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -?Np^$=?Np^
                                                                • API String ID: 0-2626349109
                                                                • Opcode ID: f63a3ed93e1121d7d12e333570d9ef708987d1acc01433333bb764c25dfb2176
                                                                • Instruction ID: 6c3e5ec15c448b0483c05c688ffe0aebe54959af31bddd54ec38fd49e09f2188
                                                                • Opcode Fuzzy Hash: f63a3ed93e1121d7d12e333570d9ef708987d1acc01433333bb764c25dfb2176
                                                                • Instruction Fuzzy Hash: 6211E77526821097C208E779D04063F77D39FE1604744885E964FAB650DEB6DC028F5A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215AA1, Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: lVr$-SNp^
                                                                • API String ID: 0-1295124910
                                                                • Opcode ID: a075ac9407cec1796a7b09eb9d24c3fd9d83cfe71f564b4ee7eb16f3544a4fbe
                                                                • Instruction ID: 6f501c24aaafb829dface18733a04205a8eb64ddc21ec53bf164e178a20d4f87
                                                                • Opcode Fuzzy Hash: a075ac9407cec1796a7b09eb9d24c3fd9d83cfe71f564b4ee7eb16f3544a4fbe
                                                                • Instruction Fuzzy Hash: 61E0D815B4A3900FC7532F7958545BE3F665ED291034944DBE582CB253DD148C0A87E5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215AB0, Relevance: 2.5, Strings: 2, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: lVr$-SNp^
                                                                • API String ID: 0-1295124910
                                                                • Opcode ID: a56045fa98f87707fec6d720ba1a8b158a4313538e04e4a678ea0576fe37067c
                                                                • Instruction ID: ea7556889d3d9b897adc1d5edd9d227d85ac1e47506cdd391d5c0537b64ef02e
                                                                • Opcode Fuzzy Hash: a56045fa98f87707fec6d720ba1a8b158a4313538e04e4a678ea0576fe37067c
                                                                • Instruction Fuzzy Hash: 71D0A715781224175A857DBF580097F378FAFD1D51340489EF646CB341ED69DC0243D9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052112A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $gUr
                                                                • API String ID: 0-978027473
                                                                • Opcode ID: c39760b926ad69904c59a136ef2191b8fac975b119f523dff7ff15c845d595e5
                                                                • Instruction ID: 9f5adb75686c73a96d54fc045d8da05a7fe73f0d1c2e1f71218c6e0143f8b50f
                                                                • Opcode Fuzzy Hash: c39760b926ad69904c59a136ef2191b8fac975b119f523dff7ff15c845d595e5
                                                                • Instruction Fuzzy Hash: BB222978A10605CFC724DF28C584A6AB7F2FF88300F1085A9D95AAB755DB38ED86CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053412B0, Relevance: 1.6, APIs: 1, Instructions: 122networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 053413A6
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: Query_
                                                                • String ID:
                                                                • API String ID: 428220571-0
                                                                • Opcode ID: 85e648d70a835ed81f611f3dbcb7c8b7028358a1527936f235ad2a2ef66be599
                                                                • Instruction ID: 6dd6ed83ae036d6447bf16d6841ea38863d6d6d2e1ede4a8c0d274047542cf7d
                                                                • Opcode Fuzzy Hash: 85e648d70a835ed81f611f3dbcb7c8b7028358a1527936f235ad2a2ef66be599
                                                                • Instruction Fuzzy Hash: 0C41246550E7C06FD3138B318C61A61BFB4EF47614B0E85CBE884CF5A3D269690AD7B2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0534045E
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: f784d4fb1905787a37d14ef953eeb3861bce44571a1da79787ba9768a4f840a8
                                                                • Instruction ID: c86defcb5c9c01e6bb8fabaf609c5427ac978749cab8c879cfba30351a1a4371
                                                                • Opcode Fuzzy Hash: f784d4fb1905787a37d14ef953eeb3861bce44571a1da79787ba9768a4f840a8
                                                                • Instruction Fuzzy Hash: 9A31C671104344AFE7228F11CC45FA6FBB8EF05714F04859EEA858B192D3B5A949CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053407F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05340899
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: a755e7989ddfaa129aa26b09ff8c0b3ea7ce0bd60d8416da11f4afc3322ef41f
                                                                • Instruction ID: 48bd69d0be91948e56f7df17f1c2a96eb37cac0a60d4e66d6c17bafc4c33593d
                                                                • Opcode Fuzzy Hash: a755e7989ddfaa129aa26b09ff8c0b3ea7ce0bd60d8416da11f4afc3322ef41f
                                                                • Instruction Fuzzy Hash: 19319EB1504380AFE722CF25CD44F66BFE8EF45610F0884AEE9858B252D375E809CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 014CAAB1
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: d48b54d227f146d038d45f3830ce574699da958fe2829ef323bf1f979b1349c4
                                                                • Instruction ID: b2d389eabf94ab19ae7577dfe2de0723541a4184f8647d01597b7ec463945036
                                                                • Opcode Fuzzy Hash: d48b54d227f146d038d45f3830ce574699da958fe2829ef323bf1f979b1349c4
                                                                • Instruction Fuzzy Hash: F831D4725443846FE7228B25CC45FA7BFBCEF45710F0885ABED818B152D365A809CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534270F, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 053427CA
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FormatMessage
                                                                • String ID:
                                                                • API String ID: 1306739567-0
                                                                • Opcode ID: 6c217ea0b7da633823bb936ef8c1f8a3d1d84951dfcdc0dae5090274aacda2bc
                                                                • Instruction ID: 58b95b7d065a4f20dba6aabc0993b31f0a3ba082402703fedd1db67df7911734
                                                                • Opcode Fuzzy Hash: 6c217ea0b7da633823bb936ef8c1f8a3d1d84951dfcdc0dae5090274aacda2bc
                                                                • Instruction Fuzzy Hash: BF31917250D3C05FD7038B218C61B56BFB4EF87610F0A81CBD984CF1A3E6246909C7A2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053421B0, Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessTimes.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 0534224D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: ProcessTimes
                                                                • String ID:
                                                                • API String ID: 1995159646-0
                                                                • Opcode ID: dd3d33101b86b4432bc2f8eac76af806d32686a24b8cad9fb1a2f4b75288b307
                                                                • Instruction ID: cae77a1d8d249dc3266e543d5a0c63a7d87c3cf3e09834cc2ba98763c4f97b29
                                                                • Opcode Fuzzy Hash: dd3d33101b86b4432bc2f8eac76af806d32686a24b8cad9fb1a2f4b75288b307
                                                                • Instruction Fuzzy Hash: 0431D1721093806FEB128F21DC45FA6BFB8EF46210F0885AAE985DB193D325A905CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053400F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMutexW.KERNELBASE(?,?), ref: 0534019D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateMutex
                                                                • String ID:
                                                                • API String ID: 1964310414-0
                                                                • Opcode ID: 0af6685d3128b87cd0e3e227362abcd6471afca88993ae88955edd41264b6d26
                                                                • Instruction ID: e7b50aaf9bcf2755c00dae838ffc8be96dec1183bfce7952c89bafdf327ef971
                                                                • Opcode Fuzzy Hash: 0af6685d3128b87cd0e3e227362abcd6471afca88993ae88955edd41264b6d26
                                                                • Instruction Fuzzy Hash: E831AFB55093806FE712CB25CC84F66FFF8EF06610F08849AE984CF292D374A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 014CABB4
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: 23eef85c34e4351b40521bbf00c2a9829128235d8e782a2e70c4a35cb4851e6b
                                                                • Instruction ID: ebc122c3e472836afe46141e9fb9af897715499422bcef9fa42f3683c6e644ac
                                                                • Opcode Fuzzy Hash: 23eef85c34e4351b40521bbf00c2a9829128235d8e782a2e70c4a35cb4851e6b
                                                                • Instruction Fuzzy Hash: 0831A1751093846FE722CB25CC44F66BFB8EF46610F18889EE985CB263E360E548CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05341D44, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileView
                                                                • String ID:
                                                                • API String ID: 3314676101-0
                                                                • Opcode ID: 3fc210857eec2a55417c18c2fb7f3c3c6f36f4f728359377f05dde958030b057
                                                                • Instruction ID: 3c77c9e060b077319499ff0edbdf1f1c961f8a69a85b88ceafa1a0ec2e5389b3
                                                                • Opcode Fuzzy Hash: 3fc210857eec2a55417c18c2fb7f3c3c6f36f4f728359377f05dde958030b057
                                                                • Instruction Fuzzy Hash: 0A31AFB2404784AFE722CB15DC45F56FFF8EF06720F08859AE9848B162D365A949CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053404AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 0534055C
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: 8904a9c5288e9a860662bb6cbaeb058172c4f3e9d0745550eb8413d30ca4013c
                                                                • Instruction ID: 21b7961106e6393e6890cb50dfaf5e0c6568fbf0a0bd1ec5fe5ec80b5a6ba4f9
                                                                • Opcode Fuzzy Hash: 8904a9c5288e9a860662bb6cbaeb058172c4f3e9d0745550eb8413d30ca4013c
                                                                • Instruction Fuzzy Hash: 1D3184715097C0AFD722CB25DC44F56BFF8EF46610F0885DAE9858B1A2D364E909CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA120, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 014CA1C2
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Startup
                                                                • String ID:
                                                                • API String ID: 724789610-0
                                                                • Opcode ID: 0e0c442ac84b908c5f338d0701bf7b7a8077b0c14ec659709e60122959f5e3e9
                                                                • Instruction ID: d72d1d5c7563b087aa308de2241974c0418f4bf1bfdf6b08e8f483a747503e14
                                                                • Opcode Fuzzy Hash: 0e0c442ac84b908c5f338d0701bf7b7a8077b0c14ec659709e60122959f5e3e9
                                                                • Instruction Fuzzy Hash: AB31B47140D3C06FD3128B358C55B66BFB4EF87610F1985DBD9C48F1A3D225A919CBA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053402AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05340353
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: a2eaa58251c8d847e668e1f0b5df7b65f3faffd987407a250497cb5334577dbd
                                                                • Instruction ID: 9ba5e57f6057434437d2d03a86ae0757a778e52757584a91677ea13667b2034f
                                                                • Opcode Fuzzy Hash: a2eaa58251c8d847e668e1f0b5df7b65f3faffd987407a250497cb5334577dbd
                                                                • Instruction Fuzzy Hash: 5E21A6761093806FE7228F11DC45FA6BFB4EF46710F0885DAE9848F192D375A909CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05341C62, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenFileMappingW.KERNELBASE(?,?), ref: 05341CED
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileMappingOpen
                                                                • String ID:
                                                                • API String ID: 1680863896-0
                                                                • Opcode ID: bd094e916b4d9755ea36f26866a75321452294312ff870a6ba05084ca8533680
                                                                • Instruction ID: 9c514a98073fbfdc5d491831be4443b5e45299f111d3747a7f09c5132e4c55ff
                                                                • Opcode Fuzzy Hash: bd094e916b4d9755ea36f26866a75321452294312ff870a6ba05084ca8533680
                                                                • Instruction Fuzzy Hash: 2021A1B1509780AFE721CF25CC44F66FFE8EF45620F08849EE9858B252D375A948CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340A9B, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileA.KERNELBASE(?,00000E2C), ref: 05340B3F
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: b16ef00e59930597316a20f2af03a66066ac23ab66645a8acf0dac0c35108a14
                                                                • Instruction ID: ed9ca0ad061ae867ef19da35bdc54b00de8d492e468dbfdbbce221f1096ee974
                                                                • Opcode Fuzzy Hash: b16ef00e59930597316a20f2af03a66066ac23ab66645a8acf0dac0c35108a14
                                                                • Instruction Fuzzy Hash: B92106715083806FE722CB24DC55FA6BFA8EF46714F1880DAED848F193D3A4A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053408F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileType.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 05340985
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileType
                                                                • String ID:
                                                                • API String ID: 3081899298-0
                                                                • Opcode ID: 614d4e575e2b87bf3ed6cab1fef73387b33586c79857ef5f4e6fa2dd32a697e8
                                                                • Instruction ID: 4d931551a9d14825eff55dcaec406e9cb134062068883687d16441126b9273c2
                                                                • Opcode Fuzzy Hash: 614d4e575e2b87bf3ed6cab1fef73387b33586c79857ef5f4e6fa2dd32a697e8
                                                                • Instruction Fuzzy Hash: 532106B65087806FF3128B259C44FA6BFB8EF46720F08809AE9848F163D364A905C771
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053413D2, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 0534145E
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: Socket
                                                                • String ID:
                                                                • API String ID: 38366605-0
                                                                • Opcode ID: 423e42e89ef5d68f7feb4c8edde77f8e167e36fc1d290921773c5b605bcfe412
                                                                • Instruction ID: fa0b8817e7ec5a366723eaa3331bc5901ddf0fb72e39c18dbbaaec630b936a5e
                                                                • Opcode Fuzzy Hash: 423e42e89ef5d68f7feb4c8edde77f8e167e36fc1d290921773c5b605bcfe412
                                                                • Instruction Fuzzy Hash: C221F171504380AFE722CF61CC44F66FFF8EF45220F08849EE9848B652C375A408CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05340899
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 81f2cc0b08e730f21f715cd152073ada2f30a50dd52b57e14ad3a50548f2cb30
                                                                • Instruction ID: bb2cf9ebb26ee45f9a6239bc4c547e477b36b518c76bb82f6079d1b546525e14
                                                                • Opcode Fuzzy Hash: 81f2cc0b08e730f21f715cd152073ada2f30a50dd52b57e14ad3a50548f2cb30
                                                                • Instruction Fuzzy Hash: E4217C71600700AFE722DF65CD48F66FBE8FF08610F048569EA858B651D371E404CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CAF50, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 014CAFEA
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 712f34fb5e2c2569fe15f3a3c7dfa912c6847db739d91070e2a3ce8b7b0667c8
                                                                • Instruction ID: 3a1f64e3c659d037f4b43beb8674f7eb4949dd4913f3e013383d27aed870990a
                                                                • Opcode Fuzzy Hash: 712f34fb5e2c2569fe15f3a3c7dfa912c6847db739d91070e2a3ce8b7b0667c8
                                                                • Instruction Fuzzy Hash: 6921D7715093C06FD3138B259C51B62BFB8EF87A10F0A41DBEC84CB593D225A91AC7B2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053409C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 05340A51
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: fb64203b24e4f8ec4feb5e5799f3d63a5e5fe2639f6f378442f44965cf553ed6
                                                                • Instruction ID: 5a9d542fd9afa0aa1e00dbe16c86ac5b39d87d24a1259d25413271b2eab1fc71
                                                                • Opcode Fuzzy Hash: fb64203b24e4f8ec4feb5e5799f3d63a5e5fe2639f6f378442f44965cf553ed6
                                                                • Instruction Fuzzy Hash: 53219072509380AFE7228F21DD44F66BFB8EF46614F08859BE9848F153C375A909CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053403CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0534045E
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: f0b46ad68898361a88a0c5c9d5383f3ec45e63503f6c92919284f9e70f07e7c3
                                                                • Instruction ID: 2593cfe4b53d1ef2193693f4d4273ecb8a49e3c6f20e7546802f7e838a08e0cc
                                                                • Opcode Fuzzy Hash: f0b46ad68898361a88a0c5c9d5383f3ec45e63503f6c92919284f9e70f07e7c3
                                                                • Instruction Fuzzy Hash: 7521CF71100204AFFB219F11CC45FB6FBACEB04710F04895AEA868A691D7B1A859CFB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 014CAAB1
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: 682287a5d97f8d73bc3b1c24b6fbebf4e646105114cf52f600e53adb8ac93317
                                                                • Instruction ID: 18bfb1ffceb116d33a279c9a614a0392536ed795d05f25dcfce34d12d9c97156
                                                                • Opcode Fuzzy Hash: 682287a5d97f8d73bc3b1c24b6fbebf4e646105114cf52f600e53adb8ac93317
                                                                • Instruction Fuzzy Hash: 9421BE72500204AFE7219A19CD84F6BFBACEF44B10F14855AE9418B251E771E8098A71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMutexW.KERNELBASE(?,?), ref: 0534019D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateMutex
                                                                • String ID:
                                                                • API String ID: 1964310414-0
                                                                • Opcode ID: a3319dd5099e53f4917aa0740d8fe93fcbc54077e8396d26bb6f41058da2c4ee
                                                                • Instruction ID: 2b56ac221689bf8f7fb01d3f06160327e390c9bb51a7655c00e3456cdc4dd2bf
                                                                • Opcode Fuzzy Hash: a3319dd5099e53f4917aa0740d8fe93fcbc54077e8396d26bb6f41058da2c4ee
                                                                • Instruction Fuzzy Hash: B121BE75604200AFE724DF25CC88F6AFBE8EF44610F0484AAEE458F641D374E904CA61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(?,?), ref: 0534079F
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateDirectory
                                                                • String ID:
                                                                • API String ID: 4241100979-0
                                                                • Opcode ID: b74bacab0714522472161641a2ac2caf3dbedb691241f91019d76567b5e8cab4
                                                                • Instruction ID: 74fc151b9b48b3560db83642a2da923d618083bd941da68f08708921389826ba
                                                                • Opcode Fuzzy Hash: b74bacab0714522472161641a2ac2caf3dbedb691241f91019d76567b5e8cab4
                                                                • Instruction Fuzzy Hash: E821B3B25093809FD716CF25DC88B56BFF8EF06210F0984EAE945CF162D274E909CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 014CABB4
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: d0d82f50338af5ceb57b89b86991c824def5ce22787c1c09993c3d4edebe075b
                                                                • Instruction ID: c50b0fcba93cea8d5c93ac0526238ca6ab8e9a96071c102b3c120a3f3e6ec098
                                                                • Opcode Fuzzy Hash: d0d82f50338af5ceb57b89b86991c824def5ce22787c1c09993c3d4edebe075b
                                                                • Instruction Fuzzy Hash: E9216F75500608AFE761CE15CC44F67FBECEF44A10F14896AEA458B261E370E404CA71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05341C82, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenFileMappingW.KERNELBASE(?,?), ref: 05341CED
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileMappingOpen
                                                                • String ID:
                                                                • API String ID: 1680863896-0
                                                                • Opcode ID: e0804b91944c4e66de72dcd8ab05945707d82b2ae0cbbcd2d194d1e199568c7a
                                                                • Instruction ID: 578c167e946601c08b32c190aae1db01c2f0c698be9d8570f49f444515d156b0
                                                                • Opcode Fuzzy Hash: e0804b91944c4e66de72dcd8ab05945707d82b2ae0cbbcd2d194d1e199568c7a
                                                                • Instruction Fuzzy Hash: 0021ACB1500A00AFF721DF26CC85B66FBE8EF45720F0884AAED458B641D3B5A944CA72
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340FC0, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0534102C
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: ChangeCloseFindNotification
                                                                • String ID:
                                                                • API String ID: 2591292051-0
                                                                • Opcode ID: 1b2c6afbf6fcd3528ed551a87d7c52592a9555c3ef4434706a797e7b0395a88e
                                                                • Instruction ID: e37d195a0fc28f31d93f1ac9d69bc06127297ada7b4525f3d5f90af88fcab721
                                                                • Opcode Fuzzy Hash: 1b2c6afbf6fcd3528ed551a87d7c52592a9555c3ef4434706a797e7b0395a88e
                                                                • Instruction Fuzzy Hash: 5421A1725093C05FDB028B25DC54A92BFB4AF47624F0984DAED858F663D275A908CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05341075, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • K32EnumProcesses.KERNEL32(?,?,?,7966162B,00000000,?,?,?,?,?,?,?,?,72FE3C38), ref: 053410E6
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: EnumProcesses
                                                                • String ID:
                                                                • API String ID: 84517404-0
                                                                • Opcode ID: 4d5323e26ae780723a38dbdad559ff6f9d23b7d30ba956dcef3ff806dce5e2a4
                                                                • Instruction ID: d9c551cfc0d83be544c281a8b7fc71c59b610f651e71e40af63ab5d8cface351
                                                                • Opcode Fuzzy Hash: 4d5323e26ae780723a38dbdad559ff6f9d23b7d30ba956dcef3ff806dce5e2a4
                                                                • Instruction Fuzzy Hash: DA2150715093849FD712CF65DC44A96BFF4EF06210F0984EAE985CF162D374A948CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05341D82, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileView
                                                                • String ID:
                                                                • API String ID: 3314676101-0
                                                                • Opcode ID: 142fe30c27496ad5a3ff7cde579d7f0d4d9a489212e8a0430b93614ef7f477ab
                                                                • Instruction ID: e582b22550bf85d048c25a059e8c0ec3c6cc7b0b6d5bfc2b7bebfd3dc41c13d9
                                                                • Opcode Fuzzy Hash: 142fe30c27496ad5a3ff7cde579d7f0d4d9a489212e8a0430b93614ef7f477ab
                                                                • Instruction Fuzzy Hash: F021AE71500604AFE721DF15CD44F6AFBE8EF08720F04855AEA858B651D375B549CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053413F2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 0534145E
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: Socket
                                                                • String ID:
                                                                • API String ID: 38366605-0
                                                                • Opcode ID: dff68fe3a54442ba5f22277b83b052cb10d00bb7234b98e2e84666c596cab3d4
                                                                • Instruction ID: 9c20bfe2f7b6dd50519984f0b76e64a561431f08e525283ed64892b74de6c288
                                                                • Opcode Fuzzy Hash: dff68fe3a54442ba5f22277b83b052cb10d00bb7234b98e2e84666c596cab3d4
                                                                • Instruction Fuzzy Hash: F921FD71500600AFEB21CF65DC44F66FBF8EF48720F04896AEA858AA51C371A418CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053401F4, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE ref: 05340264
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: ChangeCloseFindNotification
                                                                • String ID:
                                                                • API String ID: 2591292051-0
                                                                • Opcode ID: 7afb90f55c9a785354fd63393203fb4580288d9a7bbbeba1165456c929665331
                                                                • Instruction ID: e5a95720033d8acd3f77869899fb6b1932184640de52da0653e04a5688bc7161
                                                                • Opcode Fuzzy Hash: 7afb90f55c9a785354fd63393203fb4580288d9a7bbbeba1165456c929665331
                                                                • Instruction Fuzzy Hash: 6B21F6B15057849FD702CF64DC49B51BFA8FF42220F0981DBDD848F5A3D274A805CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053404EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 0534055C
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: QueryValue
                                                                • String ID:
                                                                • API String ID: 3660427363-0
                                                                • Opcode ID: 89de726cdecc8c89343963dc7bf8a5c319d5ea164317ed0b6127a230745630a2
                                                                • Instruction ID: 4fd3bb1325f4b7e8e741095cab36da7647c4a6db5483101d712919c370535d85
                                                                • Opcode Fuzzy Hash: 89de726cdecc8c89343963dc7bf8a5c319d5ea164317ed0b6127a230745630a2
                                                                • Instruction Fuzzy Hash: D2116D72604644AFEB21CE15DC84F66FBE8EF44B10F04859AEA468B651D370E445CA71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340CEC, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05340D56
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 27719586004f59eb873efa1e7620bfa76cfecb248e4fce8e20725098ed5021e6
                                                                • Instruction ID: 30e37e03ab0f860d74e528f2fb47bd46f48e1a0b08f18722a475e25147776c0c
                                                                • Opcode Fuzzy Hash: 27719586004f59eb873efa1e7620bfa76cfecb248e4fce8e20725098ed5021e6
                                                                • Instruction Fuzzy Hash: BB1172756053809FD715CF25DC85B66FFE8EF46610F0884AAED85CF652D274E808CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053421EE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessTimes.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 0534224D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: ProcessTimes
                                                                • String ID:
                                                                • API String ID: 1995159646-0
                                                                • Opcode ID: c75f64866136bbdbfabf0291ef9d0c90e19acde15cf75f404c8b0631334f82cb
                                                                • Instruction ID: 24a440362193b1c99b6b392f5d1a815b44080cca3deb28cb12d50a2372d99258
                                                                • Opcode Fuzzy Hash: c75f64866136bbdbfabf0291ef9d0c90e19acde15cf75f404c8b0631334f82cb
                                                                • Instruction Fuzzy Hash: 4111BE72500200AFEB21CF55DC45F6BBBA8EF44720F0485AAFE459A651D770A814CB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014CA58A
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 2c815fd43438c96e9656ba6e8bc557c60f839bb004a8e14533e9f8482346daae
                                                                • Instruction ID: d4408e993e9b02a3bc04aea4844ed3c769acb1ecc888f76d42971eb090e4dcdb
                                                                • Opcode Fuzzy Hash: 2c815fd43438c96e9656ba6e8bc557c60f839bb004a8e14533e9f8482346daae
                                                                • Instruction Fuzzy Hash: 6911A271409384AFDB228F54DC44A62FFF4EF4A610F08C5DEED858B662D335A418DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,?,?,?), ref: 014CB841
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: b3799b071c85b8f2a68aeb3d9dff5cf55a52c642726243500b77d988a5072ed3
                                                                • Instruction ID: de47fbf57b494d328ffe263970b82e09c57913d0f908b02c0e243bc572b5aa84
                                                                • Opcode Fuzzy Hash: b3799b071c85b8f2a68aeb3d9dff5cf55a52c642726243500b77d988a5072ed3
                                                                • Instruction Fuzzy Hash: 542190754097C09FDB138B25DC55AA2BFB0EF07210F0D84DAEDC44F263D265A958DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053409F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 05340A51
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: 18b4410eaf61f37d02a329052dec6d6352664657b02133f239fc5250439ff539
                                                                • Instruction ID: a6dfd0f7bd465dec4ba97773299072fa9f6edd65bab662f7f114a46456e62854
                                                                • Opcode Fuzzy Hash: 18b4410eaf61f37d02a329052dec6d6352664657b02133f239fc5250439ff539
                                                                • Instruction Fuzzy Hash: 33119071500200AFEB21CF55DD44F6AFBA8EF44710F04896AEA498A551C374A404CBB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340AD6, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileA.KERNELBASE(?,00000E2C), ref: 05340B3F
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: e55f7696034cc4d2567f273752ef1c1ebe03533774f30a0fa01d3a96dbac351a
                                                                • Instruction ID: 56ae22467361eb89ccbbcb2b84d9e1c7fa4f802b121039d576b030eed7d0c3e5
                                                                • Opcode Fuzzy Hash: e55f7696034cc4d2567f273752ef1c1ebe03533774f30a0fa01d3a96dbac351a
                                                                • Instruction Fuzzy Hash: 8C11E371600300AFF720DB15DD85B76FBA8EF44B20F14849AEE458F681D7B4E944CA65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053402DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05340353
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: b3e3b6601fa1ae624b01cc357528467581b73bde1d556c6da240720f0d7d2ed8
                                                                • Instruction ID: a9bf7889e94b70677c43066c1fe8168508e66f9caf98525aa318aa70d56a3962
                                                                • Opcode Fuzzy Hash: b3e3b6601fa1ae624b01cc357528467581b73bde1d556c6da240720f0d7d2ed8
                                                                • Instruction Fuzzy Hash: B711DD71600700AFEB21DF11CC85F6AFBA8EF44B10F14859AEE454A691C3B1A408CBB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,?,?,?), ref: 014CBBB9
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: 3695dd9ad6e17e16f5beaa24b3fb26ee12c238f9ca3c2386ac7827def6a231e8
                                                                • Instruction ID: 8e11d6894a8d645d75c8f5f83b013fb7486f61a0f2c18ffcba4683b471d45545
                                                                • Opcode Fuzzy Hash: 3695dd9ad6e17e16f5beaa24b3fb26ee12c238f9ca3c2386ac7827def6a231e8
                                                                • Instruction Fuzzy Hash: 2111BE755093C0AFDB228F25CC45A52FFB4EF06220F0885DEED858B663D275A458DB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DispatchMessageW.USER32(?), ref: 014CBE70
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: DispatchMessage
                                                                • String ID:
                                                                • API String ID: 2061451462-0
                                                                • Opcode ID: 7d3b1bffc56ee08bc942d55a9acc59224d02d770ffd3d29e89b488e849d4fe51
                                                                • Instruction ID: 2da36cd77f2bc9c7f63b263779a180c2ae1e95354dfa766ffeee3a7158506b4d
                                                                • Opcode Fuzzy Hash: 7d3b1bffc56ee08bc942d55a9acc59224d02d770ffd3d29e89b488e849d4fe51
                                                                • Instruction Fuzzy Hash: 76116A758093C0AFD7138B259C44B62BFB4DF47624F0984DAED858F263D2756808CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateIconFromResourceEx.USER32 ref: 014CB78A
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateFromIconResource
                                                                • String ID:
                                                                • API String ID: 3668623891-0
                                                                • Opcode ID: 180d6f0daa4fa44c7780b7b51fc52c08d2463c2aa26f8288d1c3db8a0f7ccad5
                                                                • Instruction ID: ed875fd51ca14a79b7f510ce52653b3bdd28301b511829f11eabd899179c6fe8
                                                                • Opcode Fuzzy Hash: 180d6f0daa4fa44c7780b7b51fc52c08d2463c2aa26f8288d1c3db8a0f7ccad5
                                                                • Instruction Fuzzy Hash: 28119D76409380AFDB228F54DC44A52FFF4EF49220F08899EEE858B662C375A418DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340B83, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemInfo.KERNELBASE(?), ref: 05340BE8
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: InfoSystem
                                                                • String ID:
                                                                • API String ID: 31276548-0
                                                                • Opcode ID: 31a9be3add183e38e77012680ce2ac3c320f0f851f4b9b526c144aaa73f4c258
                                                                • Instruction ID: b6fea8d2523215dd91768d1bf74e929983bd04918490ea6280d5ba42685afd40
                                                                • Opcode Fuzzy Hash: 31a9be3add183e38e77012680ce2ac3c320f0f851f4b9b526c144aaa73f4c258
                                                                • Instruction Fuzzy Hash: CE115B714093C49FD7128B25DC44B56BFB4EF46224F0984EBED898F163D279A849CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CBEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetCurrentDirectoryW.KERNELBASE(?), ref: 014CBF0C
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID:
                                                                • API String ID: 1611563598-0
                                                                • Opcode ID: 82096a64a71bb6fced4503e964860ca527056e15139868d56470822c88e28061
                                                                • Instruction ID: 822c896c491a343cd917b2def3aa8166ed47865b2bc6bd085e06e1fe8e25e5f3
                                                                • Opcode Fuzzy Hash: 82096a64a71bb6fced4503e964860ca527056e15139868d56470822c88e28061
                                                                • Instruction Fuzzy Hash: EC118F755053809FD712CF29DC85B56BFA8DF46620F0884AAED45CF262D275E848CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340D0E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05340D56
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 88bdacecb82a31140ca0a5ab52161dc2195cfd5c373052cc879db7ab59381875
                                                                • Instruction ID: 1eefee2eca6dc7bd0e1e73db08808c778ce1569e1ba557637ca59c403c4ccdb9
                                                                • Opcode Fuzzy Hash: 88bdacecb82a31140ca0a5ab52161dc2195cfd5c373052cc879db7ab59381875
                                                                • Instruction Fuzzy Hash: AA1182756002409FDB54DF29D848B66FBE8EF05610F08C4AADE49CF652D274F808CE61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileType.KERNELBASE(?,00000E2C,7966162B,00000000,00000000,00000000,00000000), ref: 05340985
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FileType
                                                                • String ID:
                                                                • API String ID: 3081899298-0
                                                                • Opcode ID: 6a5a3ec7dbb292ca9f5e2212a952da634144b2e9096d9e385b33fb918a5292c8
                                                                • Instruction ID: f3e7a24b95f9c4856ce2a0c0232f6513893d8e8d8cb9b6336cdea91edda97613
                                                                • Opcode Fuzzy Hash: 6a5a3ec7dbb292ca9f5e2212a952da634144b2e9096d9e385b33fb918a5292c8
                                                                • Instruction Fuzzy Hash: 9201C071600704AFF711DB15DD89F7AFBA8EF44B20F14809AEE459F251D3B4A444CAB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(?,?), ref: 0534079F
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateDirectory
                                                                • String ID:
                                                                • API String ID: 4241100979-0
                                                                • Opcode ID: 4cf80f62333273cbf1eb34d49bcf7f28d281c08d91bb5edafc316be8568f83ca
                                                                • Instruction ID: 6e610d6556e65d2e3b52c4bc84b6751deedc6c9b5dbc2ccc0a322c3e385d9b95
                                                                • Opcode Fuzzy Hash: 4cf80f62333273cbf1eb34d49bcf7f28d281c08d91bb5edafc316be8568f83ca
                                                                • Instruction Fuzzy Hash: 591130756042449FD754CF19D888B66BFE8EF04610F08C4AADE49CF651D274E9048F62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID:
                                                                • API String ID: 2538663250-0
                                                                • Opcode ID: bf8d24a2483bd0c4032fe3e63aa1fbc224a941e49a93f8cfc55532b128317e94
                                                                • Instruction ID: 3f1c65d5efa81d98c06bac08e54bd78302f58b3f0c7f7eb04219e515c21f3e35
                                                                • Opcode Fuzzy Hash: bf8d24a2483bd0c4032fe3e63aa1fbc224a941e49a93f8cfc55532b128317e94
                                                                • Instruction Fuzzy Hash: 4511CE75409384AFD712CF14DC84B52BFB4EF46220F0884DBED498F253D275A808CBA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 053410A6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • K32EnumProcesses.KERNEL32(?,?,?,7966162B,00000000,?,?,?,?,?,?,?,?,72FE3C38), ref: 053410E6
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: EnumProcesses
                                                                • String ID:
                                                                • API String ID: 84517404-0
                                                                • Opcode ID: d7b7f69753c25317a31b0ee7b6f845b602427515b4e7716ba6bf822d6cc517d0
                                                                • Instruction ID: fc55a03e2bd354cb5fedbeeb771c3fb9e571f07640242c3a8e520bb0c3e7d854
                                                                • Opcode Fuzzy Hash: d7b7f69753c25317a31b0ee7b6f845b602427515b4e7716ba6bf822d6cc517d0
                                                                • Instruction Fuzzy Hash: FB119275A006449FDB20CF6AD884B66FBE8EF04720F08C4AADD49CB655D375E844CF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,?,?), ref: 014CA926
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: LongWindow
                                                                • String ID:
                                                                • API String ID: 1378638983-0
                                                                • Opcode ID: 81dc3a8e9b0ec2c316627b3c79a8de76da0a64cb32b1b017d868496c70f5d3d6
                                                                • Instruction ID: e725930aefca988b9190fb57cc4321e139608a40e780a4b3fa3da09829d2ea8b
                                                                • Opcode Fuzzy Hash: 81dc3a8e9b0ec2c316627b3c79a8de76da0a64cb32b1b017d868496c70f5d3d6
                                                                • Instruction Fuzzy Hash: 4111CE354097849FC7228F15DC85A52FFB4EF06620F09C5DAED854B263D375A808CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0534277A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 053427CA
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: FormatMessage
                                                                • String ID:
                                                                • API String ID: 1306739567-0
                                                                • Opcode ID: 72eb0349f0eaf3749d5b1cfea7b1fef616e8875b028d1eb9f6861e286ef23024
                                                                • Instruction ID: a9d531592d50e8e8db391df38f9abdcac32c6818d8176d0dd6e05834c4949ed3
                                                                • Opcode Fuzzy Hash: 72eb0349f0eaf3749d5b1cfea7b1fef616e8875b028d1eb9f6861e286ef23024
                                                                • Instruction Fuzzy Hash: 3B017172500200ABD710DF16DD85B26FBA8FB88A20F14C56AED099B645E331B916CBE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 014CA1C2
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Startup
                                                                • String ID:
                                                                • API String ID: 724789610-0
                                                                • Opcode ID: 5af6324920d138f87ba6490f081fc7054753a3e38238cc10e59cbdadd448d31e
                                                                • Instruction ID: 16ffae53de1a30019a5a1cd893b38933bba98870d44510c2b593fb8a3c251aa4
                                                                • Opcode Fuzzy Hash: 5af6324920d138f87ba6490f081fc7054753a3e38238cc10e59cbdadd448d31e
                                                                • Instruction Fuzzy Hash: D0017171500200ABD710DF16DD85B26FBA8FB88A20F14856AED089B645E335B916CBA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CBED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetCurrentDirectoryW.KERNELBASE(?), ref: 014CBF0C
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID:
                                                                • API String ID: 1611563598-0
                                                                • Opcode ID: 788049bc3a37008c9d1dc3a603aff9a6bc933ddf6217db6b27317469d88247ce
                                                                • Instruction ID: ab9192a8d9cbbd2e962f1b23f6dc7287ae58bfc3522f782564621da1017b2544
                                                                • Opcode Fuzzy Hash: 788049bc3a37008c9d1dc3a603aff9a6bc933ddf6217db6b27317469d88247ce
                                                                • Instruction Fuzzy Hash: D8019E75A006019FDB51DF2AD885766FBA8DF00A20F08C0ABDE49CB762D275E804CF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateIconFromResourceEx.USER32 ref: 014CB78A
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: CreateFromIconResource
                                                                • String ID:
                                                                • API String ID: 3668623891-0
                                                                • Opcode ID: 51dc4ca8740ed042e1b8196250c5d89dd89f17fc92930d5c406927202c429aea
                                                                • Instruction ID: c965e53031bd617bc4f532f7726f406b178ff3b586b842a8d23a20bc613e225a
                                                                • Opcode Fuzzy Hash: 51dc4ca8740ed042e1b8196250c5d89dd89f17fc92930d5c406927202c429aea
                                                                • Instruction Fuzzy Hash: A2016D75400600DFDB628F55D845B66FFE0EF08720F08C9AEDE8A4B622D376A419DF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014CA58A
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: d9ad6857b69c59e4fa97741a6d683be1fbfc95f990ec6ba6cb706bac3387a5e5
                                                                • Instruction ID: 1c6014ae0204ae38c9126f63f7765a77f445e2c25bbc0a6db8b17915626fddef
                                                                • Opcode Fuzzy Hash: d9ad6857b69c59e4fa97741a6d683be1fbfc95f990ec6ba6cb706bac3387a5e5
                                                                • Instruction Fuzzy Hash: 2C01AD35800604DFDB218F55D844B66FFE0EF08720F18C9AEDE498B622D335A418DF62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE ref: 05340264
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: ChangeCloseFindNotification
                                                                • String ID:
                                                                • API String ID: 2591292051-0
                                                                • Opcode ID: d54ea28ff6c5285fb35d5061152264e999eeff180089185eb4076393828f1328
                                                                • Instruction ID: d233c1f5923ccffc8e13ef034d184f5e21b87df5dfeac9f3e0d3c3770f79e746
                                                                • Opcode Fuzzy Hash: d54ea28ff6c5285fb35d5061152264e999eeff180089185eb4076393828f1328
                                                                • Instruction Fuzzy Hash: 6101DF75A002009FDB54CF29D888766FBE4EF44220F08C4AADE498FA92D275B804CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05341356, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 053413A6
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: Query_
                                                                • String ID:
                                                                • API String ID: 428220571-0
                                                                • Opcode ID: c1cf3775b272b12da5faa2442916636e50213460e8c5a3e63317915902ee9b18
                                                                • Instruction ID: c560ccedc1c5d72f5cc548b2de613cf1fd366c7f5cae3593768b325965c9c272
                                                                • Opcode Fuzzy Hash: c1cf3775b272b12da5faa2442916636e50213460e8c5a3e63317915902ee9b18
                                                                • Instruction Fuzzy Hash: 0A01A272500200ABD210DF16DC82B26FBB8FB88B20F14C11AED084B741E371F516CBE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05340FFA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0534102C
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477549401.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
                                                                Similarity
                                                                • API ID: ChangeCloseFindNotification
                                                                • String ID:
                                                                • API String ID: 2591292051-0
                                                                • Opcode ID: 80b2d24e706f04c686fdd8191284fbaefcf491f2a534376627c45a1bf4a5be78
                                                                • Instruction ID: 03bbf2539bda91cc6323cc6c87297ad7ad33abee1ea3843936c7bbe62567576c
                                                                • Opcode Fuzzy Hash: 80b2d24e706f04c686fdd8191284fbaefcf491f2a534376627c45a1bf4a5be78
                                                                • Instruction Fuzzy Hash: 59018F75A006808FDB10DF59D984B66FBE4EF44620F08C4AADD4A8FA52D275A848CF72
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 014CAFEA
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 77614b01d1974c8c181dcafa53fa48ad93156d45141262d25bf7cc6d9601e7df
                                                                • Instruction ID: 429d583cc50273e31e9fe76fa9a58f5c1036dce7ba69106675cc43457c5125f6
                                                                • Opcode Fuzzy Hash: 77614b01d1974c8c181dcafa53fa48ad93156d45141262d25bf7cc6d9601e7df
                                                                • Instruction Fuzzy Hash: 9F01A271500200ABD210DF16DC82B26FBB8FB88A20F14815AED084B741E331F516CBE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,?,?,?), ref: 014CBBB9
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: 2ca0ffeec208abb4a8a2f45d06739b47363a17cd881c26d9bfd918ce9b07bb22
                                                                • Instruction ID: 29e683d8ccca2a726e1980459554848aac206c604d6f80eac595d1981155b18d
                                                                • Opcode Fuzzy Hash: 2ca0ffeec208abb4a8a2f45d06739b47363a17cd881c26d9bfd918ce9b07bb22
                                                                • Instruction Fuzzy Hash: 3801B139500640CFDB618F1ADC45B66FBA0EF04720F08C09EDD468BA66D271A418CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID:
                                                                • API String ID: 2538663250-0
                                                                • Opcode ID: 6de2f716d3ff0cf8f08486dfc246681a3b818b5e8dc440e0d1d63bf63e31d473
                                                                • Instruction ID: c5505b49b3e3e4e892354df7d0eaf4dbc1fac9a77b50675cef11d6a3f63575b2
                                                                • Opcode Fuzzy Hash: 6de2f716d3ff0cf8f08486dfc246681a3b818b5e8dc440e0d1d63bf63e31d473
                                                                • Instruction Fuzzy Hash: DB01A2788012449FDB51DF19D884766FFA4EF44620F18C4ABDD4A8F612E275E404CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,?,?,?), ref: 014CB841
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 1cb4e6548df4df9340c3627c1e818e51db9b33ebfa46c829be0cfdaa3a3c562b
                                                                • Instruction ID: c968f421ca1ea8786d36c274626b9c716d70cdde89b9104c68e452b584f24bb2
                                                                • Opcode Fuzzy Hash: 1cb4e6548df4df9340c3627c1e818e51db9b33ebfa46c829be0cfdaa3a3c562b
                                                                • Instruction Fuzzy Hash: B9018F35800644DFDB218F56D885B66FFA0EF08B20F08C59EDE494B622D375A418CB72
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,?,?), ref: 014CA926
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: LongWindow
                                                                • String ID:
                                                                • API String ID: 1378638983-0
                                                                • Opcode ID: 21c4ef8ad8b2b5169fba47033beb066b23d8ce1e3b7622f45905ac2403f0fe98
                                                                • Instruction ID: 51a6c9ba0ecaaf49caf380fb440a3005ecf75e4bd180bf5c5d60947bb7ec452a
                                                                • Opcode Fuzzy Hash: 21c4ef8ad8b2b5169fba47033beb066b23d8ce1e3b7622f45905ac2403f0fe98
                                                                • Instruction Fuzzy Hash: 2101A239800604CFDB618F05D885762FFA0EF05B20F18C59ADE464B662D375A409CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CA372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNELBASE(?), ref: 014CA3A4
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 21a0779e5d8597b0da3b4546b3fad8337530c5236862a4aaf66ec99c12f99f40
                                                                • Instruction ID: 8722d81fa59f2468b0883c8ee5caefb0e7637ed2141335a00a58cf0e2e1da310
                                                                • Opcode Fuzzy Hash: 21a0779e5d8597b0da3b4546b3fad8337530c5236862a4aaf66ec99c12f99f40
                                                                • Instruction Fuzzy Hash: 34F08138900644DFD751CF19D984766FFA0DF04A24F28C19ADD494B762E2B5A408CA62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014CBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DispatchMessageW.USER32(?), ref: 014CBE70
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471947051.00000000014CA000.00000040.00000001.sdmp, Offset: 014CA000, based on PE: false
                                                                Similarity
                                                                • API ID: DispatchMessage
                                                                • String ID:
                                                                • API String ID: 2061451462-0
                                                                • Opcode ID: 21a0779e5d8597b0da3b4546b3fad8337530c5236862a4aaf66ec99c12f99f40
                                                                • Instruction ID: 61095647ff82e775741a9e9098cb4aae78067fd22720ad06cce117fc1858c64a
                                                                • Opcode Fuzzy Hash: 21a0779e5d8597b0da3b4546b3fad8337530c5236862a4aaf66ec99c12f99f40
                                                                • Instruction Fuzzy Hash: D6F08C39904644CFDB619F0AD885762FBA0EF04B20F08C4AADE494B762D275A408CEA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05210682, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ZNp^
                                                                • API String ID: 0-3396557310
                                                                • Opcode ID: 803bff3b99fa252479a163feb3a342ab344e822342eaa80fd9df77174ad7bb20
                                                                • Instruction ID: 6fcd5427ff94b30265f6a3fb317f2b1523f16ceaaf6439929cb300011c8536c1
                                                                • Opcode Fuzzy Hash: 803bff3b99fa252479a163feb3a342ab344e822342eaa80fd9df77174ad7bb20
                                                                • Instruction Fuzzy Hash: E5418734A502018BD7847FB9EC1C56EBBA6BFD0701B1449AAF603D7260DF788C568B95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05211458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $gUr
                                                                • API String ID: 0-978027473
                                                                • Opcode ID: 3d2fecb142a6e6b110fb761e26cd8f50512b30215532b22a0c2485030ffd6bb5
                                                                • Instruction ID: 643cae741b18b049607fed06e33ec824b477dca0a6ea1ec4c0c53cc5d09af12f
                                                                • Opcode Fuzzy Hash: 3d2fecb142a6e6b110fb761e26cd8f50512b30215532b22a0c2485030ffd6bb5
                                                                • Instruction Fuzzy Hash: EC511578A04218CFDB54DF64C894B9DBBF2BF98340F1040AAD90AAB361DB789D85CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521CE10, Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: =Np^
                                                                • API String ID: 0-3536309496
                                                                • Opcode ID: f8851cf4e5e1567e06e8a88b61e4aa42c76bd4c04970797e6cee1247c5349e2b
                                                                • Instruction ID: 6a7273407e2ab69ef5d946c159e6e0ac67a037425417dc2ec0f5f4d0319f6e82
                                                                • Opcode Fuzzy Hash: f8851cf4e5e1567e06e8a88b61e4aa42c76bd4c04970797e6cee1247c5349e2b
                                                                • Instruction Fuzzy Hash: FE41A3B56442408FCB8A9F38841454A7FA1EF9530835544EEE606EF356DBB69C0BCB84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05211290, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $gUr
                                                                • API String ID: 0-978027473
                                                                • Opcode ID: 413e97e1a3af1fb0537d1d08bf42e17a56a097acf6b0ad9d905809ede24489d4
                                                                • Instruction ID: 9e27fcf18b8a8de94643b3ffeb9f34a4f7ca8ac22e5f0eb0354d7d510ced65f7
                                                                • Opcode Fuzzy Hash: 413e97e1a3af1fb0537d1d08bf42e17a56a097acf6b0ad9d905809ede24489d4
                                                                • Instruction Fuzzy Hash: 57410374A14219DFCB54DF68C884B9ABBF2BF49340F0040AAD90AAB354DB749D84CF65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052121F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: r*+
                                                                • API String ID: 0-3221063712
                                                                • Opcode ID: ba5a272834d5aef2a0a219b50c0c6514746f18de21747174c204f527291c351c
                                                                • Instruction ID: b6f9a6fe405c97dbb9af13367d3346d53564a480e4b7406c0c85418e5be2f481
                                                                • Opcode Fuzzy Hash: ba5a272834d5aef2a0a219b50c0c6514746f18de21747174c204f527291c351c
                                                                • Instruction Fuzzy Hash: 22412034E18209CFCB44DFA6C5456AFBBF2FF64300F10806AE906AB660D7758A45CF56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052182C0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: r*+
                                                                • API String ID: 0-3221063712
                                                                • Opcode ID: c0f097a239735e0b49cb354ed48c6ab32bcf9b604c53550fd0c8711083462303
                                                                • Instruction ID: 36561b8b2786be6d0e380d90f3d1fb34973d0e9ca69b650f6855631072c5e83d
                                                                • Opcode Fuzzy Hash: c0f097a239735e0b49cb354ed48c6ab32bcf9b604c53550fd0c8711083462303
                                                                • Instruction Fuzzy Hash: F1415D74E24209DFDB48DFA5C4856AFBBF2FF55300F14816AD906AB260DB748A01CF5A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218100, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ]DNp^
                                                                • API String ID: 0-1118221977
                                                                • Opcode ID: 57d3f97fa421cb7b6de72e0f604bb5518f3f1db0745135a5c9a5fdb3c8654807
                                                                • Instruction ID: 63113f6d503beee25f59a74ea0d35906ca50eef3395d2a14a5b83b3226330b15
                                                                • Opcode Fuzzy Hash: 57d3f97fa421cb7b6de72e0f604bb5518f3f1db0745135a5c9a5fdb3c8654807
                                                                • Instruction Fuzzy Hash: 3E31AB75A20200CFC749EF78E49856E3BE7EFD5300750886AEA02DB361EFB98D008B55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218110, Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ]DNp^
                                                                • API String ID: 0-1118221977
                                                                • Opcode ID: 5980eb803099792c4bd38024be007c3edb1586e06a00654ca212d6a01a69595b
                                                                • Instruction ID: 34f842c1beb6b95f4a7f7a498e6b1aa1dfb5d283fddcbbe7d76c34d7f59082f5
                                                                • Opcode Fuzzy Hash: 5980eb803099792c4bd38024be007c3edb1586e06a00654ca212d6a01a69595b
                                                                • Instruction Fuzzy Hash: EF21AC75A20204CBCB48EF78E48846E3BE7EFD5310700896AEA06DB350EFB98C008B55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521D947, Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: lVr
                                                                • API String ID: 0-3188582337
                                                                • Opcode ID: d0c432dff871a5b98b86a1a46ddab1539faf58f6220ee32990f2b84f136b9afc
                                                                • Instruction ID: 007b8f0db0b3604a0524f076ac24071b19a1298ab905a19110623692f351afcb
                                                                • Opcode Fuzzy Hash: d0c432dff871a5b98b86a1a46ddab1539faf58f6220ee32990f2b84f136b9afc
                                                                • Instruction Fuzzy Hash: F621E035A38214CBCB05DAA884407BFB7F7EF98710F14406AD94BEB340DAB59C41CB99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C071, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ]?Np^
                                                                • API String ID: 0-4271411460
                                                                • Opcode ID: a335038368a935357309ef9427943d70b997b0b2817a3dc5d5b193b99a23e8c8
                                                                • Instruction ID: 0c89756015ab92954bc164f6362bbe83fac150bbf7b2ecd72e6bdacedfb7d6d7
                                                                • Opcode Fuzzy Hash: a335038368a935357309ef9427943d70b997b0b2817a3dc5d5b193b99a23e8c8
                                                                • Instruction Fuzzy Hash: 822138BD7102104FD341AB38844472F3BA7EBE6611F450DA9E946EB396EE7D8C40C758
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521ED38, Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: lVr
                                                                • API String ID: 0-3188582337
                                                                • Opcode ID: 5e24fc47d18c16dfd2b6cd08312ef93b3f9b5a58200113b5412fe272abd13826
                                                                • Instruction ID: 1e1485add06bebe1dda8a6dc5c5f0083a3ad04280c8a7e353b6d4c49a22c412f
                                                                • Opcode Fuzzy Hash: 5e24fc47d18c16dfd2b6cd08312ef93b3f9b5a58200113b5412fe272abd13826
                                                                • Instruction Fuzzy Hash: FB017B3AB052240BD744AABC9C0057F3B9BDFE161030544AFEA46DB392DE778C0687C2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219CEF, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HuVr
                                                                • API String ID: 0-2134175671
                                                                • Opcode ID: 360c8896d895f17a9748ff2e274d684dde0fd70900124167315ef0845a7f7879
                                                                • Instruction ID: 8b37f16eba18b07e50ccc4e706aa3781468f18ca5086d9810d0995c8b8aed529
                                                                • Opcode Fuzzy Hash: 360c8896d895f17a9748ff2e274d684dde0fd70900124167315ef0845a7f7879
                                                                • Instruction Fuzzy Hash: C2F07D317181508BC3456AAD48A0ABD2BD7AFD1920364036ED606DF3D4CD908C018356
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217040, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HuVr
                                                                • API String ID: 0-2134175671
                                                                • Opcode ID: b0428b9cdcfe522043b7a269678a07de6ec51d4d10759e0b23abeb7d484d7c1c
                                                                • Instruction ID: ef47ee4d71b20b2a36b9ba6cb55612bc5b086f202309632cb37dc877974d3f8e
                                                                • Opcode Fuzzy Hash: b0428b9cdcfe522043b7a269678a07de6ec51d4d10759e0b23abeb7d484d7c1c
                                                                • Instruction Fuzzy Hash: 68F0287571831087CB45AE7C9890A7E2B87AFD5A20769025FD61ADB2D5CDA44C01436A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05214710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X1Xr
                                                                • API String ID: 0-3325931706
                                                                • Opcode ID: b07ae78e584e3abc2e73da891e096e1ae963f70980a0addf387b0a72b7e78b4b
                                                                • Instruction ID: 67779bdb45ef6eba37160691e33ff44933ed8853f6a7d236280b62a12ca10321
                                                                • Opcode Fuzzy Hash: b07ae78e584e3abc2e73da891e096e1ae963f70980a0addf387b0a72b7e78b4b
                                                                • Instruction Fuzzy Hash: 42F0F63A3202508BCA24A7BA94103BF32CB9FD5764F54003EE90DD7780D8B588424394
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215EF8, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: =RNp^
                                                                • API String ID: 0-2934360471
                                                                • Opcode ID: 9d8e34a42117a5ebbe781207219da37b8a01cbf10db36399a2253de713680d85
                                                                • Instruction ID: 9a5897d5baf65e750956e710cb505a795b50294fdd095f02741e259012e1a9cb
                                                                • Opcode Fuzzy Hash: 9d8e34a42117a5ebbe781207219da37b8a01cbf10db36399a2253de713680d85
                                                                • Instruction Fuzzy Hash: 19F0F6357681144FD740AAF898016FA77979FE661030404EBFE8AC7351CE9A8C028BD2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219D00, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HuVr
                                                                • API String ID: 0-2134175671
                                                                • Opcode ID: 4ed2e2adbe6e47f61e3ccb448ab35a7cbe533d1f1ea0e1785b32a284b7377835
                                                                • Instruction ID: b9b1a42741d071bbff7e7541154e481b6120eadbad8be34aa32834a824902f15
                                                                • Opcode Fuzzy Hash: 4ed2e2adbe6e47f61e3ccb448ab35a7cbe533d1f1ea0e1785b32a284b7377835
                                                                • Instruction Fuzzy Hash: A7F0E93171422093D6847A6D9C90ABE66CBAFD5E70760432EAB1ADF3D4DDE04C4143AA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217050, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HuVr
                                                                • API String ID: 0-2134175671
                                                                • Opcode ID: 65b52e0d5381e49ba3619ba9e10132c9d05c232e227b84bd26a16f9faae1afe6
                                                                • Instruction ID: adf19af3f79ad5ff769cb5d70e29a677577a5a3a00d20fcaf2cf3c10b6750161
                                                                • Opcode Fuzzy Hash: 65b52e0d5381e49ba3619ba9e10132c9d05c232e227b84bd26a16f9faae1afe6
                                                                • Instruction Fuzzy Hash: F0F0E93172832053C594B97E5C40A7F66CBEFD1E70764432EA61A9B3D4DDE14D0143AB
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521791E, Relevance: .4, Instructions: 435COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15a09122af55ab12be38e572608c6ae86d2da077344cdd62446286a6931dfa42
                                                                • Instruction ID: 09c85bfa1a86f0c32a210d25a6ad9a7ae15e71b8913b92c5336402fb8500bd1c
                                                                • Opcode Fuzzy Hash: 15a09122af55ab12be38e572608c6ae86d2da077344cdd62446286a6931dfa42
                                                                • Instruction Fuzzy Hash: 87022334A10205CFCB15DF69C584AAABBF2FF88300F2886A9D95ADB750DB30ED41CB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521A7A0, Relevance: .3, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c54832a1730044c85fa6caa9dd478558b51a60c7ac399defb9edee3df756b3c9
                                                                • Instruction ID: 68bd72acc7e0f9c8e87ccd789af56dfe32521c2d6cf4c8b1b74768123f9982d7
                                                                • Opcode Fuzzy Hash: c54832a1730044c85fa6caa9dd478558b51a60c7ac399defb9edee3df756b3c9
                                                                • Instruction Fuzzy Hash: FB91E134B006168BD708EB69C895A6E7BB7FFD4700F60852ED2069B6A4DFB09D05C7D2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215B50, Relevance: .2, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17dc639aff82ab7127b42f436ffb3c79a3f858152ea8f883452ff54ba8a09698
                                                                • Instruction ID: 7761d8c7f0a780bd8de3ebc4412b2de88621b2adf502c7bc5787121c2c5b7a8a
                                                                • Opcode Fuzzy Hash: 17dc639aff82ab7127b42f436ffb3c79a3f858152ea8f883452ff54ba8a09698
                                                                • Instruction Fuzzy Hash: 65816C31A10619CFDF15CF14C880AEAB7F2AF85300F1585E5DD0AAF215DBB5AA86CF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E528, Relevance: .2, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bb7e9259616a52a295b0cafd6428ec6200db16e265ad76a94185262643dfae2
                                                                • Instruction ID: aeebd1002da4a903576a89029eefb6ff710718ce0a384363470e48bb261d231e
                                                                • Opcode Fuzzy Hash: 2bb7e9259616a52a295b0cafd6428ec6200db16e265ad76a94185262643dfae2
                                                                • Instruction Fuzzy Hash: C6712A34A24205DFEB14CF64C884AAABFFABF58310F558459DC16A7660CB71E882CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DDC0, Relevance: .2, Instructions: 164COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83c743c82a0520106f4122c39999b86450461a10ec1c0ca1334e51806ae7631c
                                                                • Instruction ID: 9cb61233f9209188b191df22502ad598ae65976a26cdf4ba3b040156d5306060
                                                                • Opcode Fuzzy Hash: 83c743c82a0520106f4122c39999b86450461a10ec1c0ca1334e51806ae7631c
                                                                • Instruction Fuzzy Hash: 1F519035A20119DBCF04DF94C8409AFB7F7FF98310B058469EA0AAB251DB74AD45CB99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052171B8, Relevance: .2, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97e3a29ac97eac58291486ccb247b07fe1d3f2a43fd1fc833eb56b7be579c90c
                                                                • Instruction ID: cad2f7588c6fba623cb88ea6691d4e4379746b198429922e24404322a2f94039
                                                                • Opcode Fuzzy Hash: 97e3a29ac97eac58291486ccb247b07fe1d3f2a43fd1fc833eb56b7be579c90c
                                                                • Instruction Fuzzy Hash: D6310531A2065ACBDF15CF54C8546DABBB2FF95304F158498DA09BF204DBB06A8ACFC1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216D20, Relevance: .2, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 173085f201250a4ad23e49e09b08bece170f1bc20d94bcbb8cce3c7f2a0e1041
                                                                • Instruction ID: b1e7b7208e4029d637071a818d962d46e6bfd5d00e4fd397d679bd589783f2e3
                                                                • Opcode Fuzzy Hash: 173085f201250a4ad23e49e09b08bece170f1bc20d94bcbb8cce3c7f2a0e1041
                                                                • Instruction Fuzzy Hash: 06517B31B102188BCB08DFB9C454AAFB7F3AFD4700B648569C80AAB755DE74AD428B94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052176A0, Relevance: .1, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cabf949d7f52e17d2698ab7c23fe63ff94dc978821945ebc9f68befb84906165
                                                                • Instruction ID: adcc1f147468a695e597591374fdf9b5bc96d69b64b02abf081ca0d5867d0f18
                                                                • Opcode Fuzzy Hash: cabf949d7f52e17d2698ab7c23fe63ff94dc978821945ebc9f68befb84906165
                                                                • Instruction Fuzzy Hash: D3512675D10208CFCB15CFA8C98459DBBF2FF98300F24856AD85AA7294EB316D46CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05210BC0, Relevance: .1, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6ce96d30954e5e0826551c89439b2b1aee3159e3b810fff94396e57d01cc26c
                                                                • Instruction ID: 13c85461467eeb72ae84b825363f4e4e2ca586adee6f2cba28572cc93f7929bb
                                                                • Opcode Fuzzy Hash: a6ce96d30954e5e0826551c89439b2b1aee3159e3b810fff94396e57d01cc26c
                                                                • Instruction Fuzzy Hash: 5E419432B15104CFC7159F28C458AAF7BE7AFD5710F15806AE906AF3A1CEB29C468B91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052168A2, Relevance: .1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40ac5e738854b29e89aad6c302df30461e8dc1c2b54d7d538ac654b858287399
                                                                • Instruction ID: 47d738e7a39edab29f696d8c2530f40ee7b46870fa2360b688411cfdafb6f414
                                                                • Opcode Fuzzy Hash: 40ac5e738854b29e89aad6c302df30461e8dc1c2b54d7d538ac654b858287399
                                                                • Instruction Fuzzy Hash: A841D178B01210CF87459F69D16816ABBF3FF9C601354007DE90AAB782DF399C42DBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521AB20, Relevance: .1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 461834f06ce6e48e1b3c91d8fcf4dfe6c691f14c6a9ec29272e1c2820e7d7c02
                                                                • Instruction ID: ad5ab988acf3aa4227858fef35b6b8107781a71318ae49eda3fe213591f1a586
                                                                • Opcode Fuzzy Hash: 461834f06ce6e48e1b3c91d8fcf4dfe6c691f14c6a9ec29272e1c2820e7d7c02
                                                                • Instruction Fuzzy Hash: E6311572B106648BC704DA69C8946AEBBF6FF98310B14442DE44AE7740D774ED41C7D9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052168B0, Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2a5051b31a6eeaa3f8fab4349993838c4757f6ee314c822ae895541b031d4a7
                                                                • Instruction ID: 2a097f90568a07656236792510855caac42a5ec23c026c3b9f320c58fa50a735
                                                                • Opcode Fuzzy Hash: a2a5051b31a6eeaa3f8fab4349993838c4757f6ee314c822ae895541b031d4a7
                                                                • Instruction Fuzzy Hash: 3641B278B00210CF87459F6AD16816EB7E7FBDC641754007DEA0AAB742DF399C42DBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DDB1, Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cae79e62b4dee46f3d50fb6365bcf5b7929314bfbc4a6b3d7aac9d598eb9a869
                                                                • Instruction ID: bd0efa34d73be78565304c35b904032b54f46ffa644c0c65c0a1fec9b42ac55f
                                                                • Opcode Fuzzy Hash: cae79e62b4dee46f3d50fb6365bcf5b7929314bfbc4a6b3d7aac9d598eb9a869
                                                                • Instruction Fuzzy Hash: 8F31D276A24209DFCF05DF94C8409EFBBB7BFA4300F01046AEA06AB251DA709D05CB59
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052102DA, Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 53b1e9719ed73f9793eba66136ee794926e3485b34f6fbc333098811246e86ce
                                                                • Instruction ID: 9647d57875cf8b10638a4f105cc5ca584dc93f60716759009d483834d97c0606
                                                                • Opcode Fuzzy Hash: 53b1e9719ed73f9793eba66136ee794926e3485b34f6fbc333098811246e86ce
                                                                • Instruction Fuzzy Hash: B7418930A21205CFDB18DB64C198BAF7BF2FF99710F244469D916AB7A0CB729C81CB55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217F98, Relevance: .1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8b42db9b59c4fc994ed92f738c2007099b7ffbdc756de298ff4e4f576779c20f
                                                                • Instruction ID: ee259efb5c80ceaedf9b28abc844e3fe0d7655846246caaf841371625497ba4c
                                                                • Opcode Fuzzy Hash: 8b42db9b59c4fc994ed92f738c2007099b7ffbdc756de298ff4e4f576779c20f
                                                                • Instruction Fuzzy Hash: 1641AD75A1410ACFC710CBB8C584AAFF7F1FF94324F148266D91A9B251C731E856CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05210170, Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d7a77b594b387aeb68118e67be050ff87e435c712975951044bf3a5e3de7026a
                                                                • Instruction ID: 0a49110eb106f595357f17d46d0ec607960940db3d2b6336eb9b258e9042d7f5
                                                                • Opcode Fuzzy Hash: d7a77b594b387aeb68118e67be050ff87e435c712975951044bf3a5e3de7026a
                                                                • Instruction Fuzzy Hash: 3A31AF70B053059FEB148B68C894F2A37EAFFC6A44F140469E9459F380DA79AC018B64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E808, Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8b813a15178098feb464025e96e753b3fd9b9d78c17e662b26fb6c44a53d9794
                                                                • Instruction ID: 84114b1a8652c11df49e38e453ae454f2ca56df4b92a41bf8ac1696a84e55464
                                                                • Opcode Fuzzy Hash: 8b813a15178098feb464025e96e753b3fd9b9d78c17e662b26fb6c44a53d9794
                                                                • Instruction Fuzzy Hash: 33414B30925B41CFD779CB2AC940367BFE6BFA5305F16886EC89B86A60DB75A441CB04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DC99, Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e1772abef090219065b3fb1f40730e98aed0a1aa1266310f28ebc6386497afd
                                                                • Instruction ID: 0fafd9445e220a8d8011dee17289ab29b58d4dd1acd0f76871b2fe7772251242
                                                                • Opcode Fuzzy Hash: 4e1772abef090219065b3fb1f40730e98aed0a1aa1266310f28ebc6386497afd
                                                                • Instruction Fuzzy Hash: 953191B6A20205DFCB54DF68C4446AFBBF2FF98250F248569D80AE7201DB71DC41CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216F60, Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c9b08d66594a8100189674b6dcdd4fb5c3c029343f7286f5f2fdbedd997991e0
                                                                • Instruction ID: 861f29f118ae84f501e734bf64f575c333354fdba58a324ae522c4020ebd7c95
                                                                • Opcode Fuzzy Hash: c9b08d66594a8100189674b6dcdd4fb5c3c029343f7286f5f2fdbedd997991e0
                                                                • Instruction Fuzzy Hash: FE31F135B201158BCB08EBBAC454ABFB7E3AFE4204B50417AD807DB651DEB19C0287A4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052120D0, Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5589926e5874b72c337bc66a627f3c51e57fefc83d0b9380f4729bfc5d5cc7c9
                                                                • Instruction ID: 41ed116b4ff235c787f99a90fdbec148ad593fe9862f5a0b11805144567ccaa8
                                                                • Opcode Fuzzy Hash: 5589926e5874b72c337bc66a627f3c51e57fefc83d0b9380f4729bfc5d5cc7c9
                                                                • Instruction Fuzzy Hash: 6531C534A24255CFCB04DF69C880A7FBBF6FF95300B118066EA56DB242DB74AC42C7A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521A78F, Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dcebf6626f2f25211060b49454479a01435602c09a020213c82afca41c85b4a5
                                                                • Instruction ID: 2a07abca22c321467e1879b18f06eac6bd4f987cb59fbbded0323d4dc8eef06c
                                                                • Opcode Fuzzy Hash: dcebf6626f2f25211060b49454479a01435602c09a020213c82afca41c85b4a5
                                                                • Instruction Fuzzy Hash: D7313D31B101158BEB08DBA9C859B7EBBF6AFC9700F11407DE506EB2A1CF714D058B91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052145C8, Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c77cc9247f89378eb091b353141f063c1dbf88d2eb18dea204721d6db1c2ed3
                                                                • Instruction ID: 9ba8590844446e243345f0771649982ae5fca8f44e90ce9817c2cc6caff9caac
                                                                • Opcode Fuzzy Hash: 2c77cc9247f89378eb091b353141f063c1dbf88d2eb18dea204721d6db1c2ed3
                                                                • Instruction Fuzzy Hash: 7621B475B2015A9BDF40EAA5D940AFFB3FBEFD4318F104036DA1DE7140EAB0590587A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E208, Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9b64bee336c5941345267d608d2d7ea66899e48e3333ee70fd6de0c44ae09fe
                                                                • Instruction ID: dd366098253a8bd0b2393a644157a0ba217fbde305130c05141a7845a9591b1c
                                                                • Opcode Fuzzy Hash: d9b64bee336c5941345267d608d2d7ea66899e48e3333ee70fd6de0c44ae09fe
                                                                • Instruction Fuzzy Hash: D0317E74B10305CFCB59DFA9C885AAFBBFAAF98700F50442DDA06AB740DA71D841CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052150E0, Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9afa4bc73b62dfa4c845b5a1884b6850358e55a33b2f43462c52c5865c2d0168
                                                                • Instruction ID: 1126750eae116c00591c5069092e797ca4317632dc66a09ac663763096f6d2cc
                                                                • Opcode Fuzzy Hash: 9afa4bc73b62dfa4c845b5a1884b6850358e55a33b2f43462c52c5865c2d0168
                                                                • Instruction Fuzzy Hash: 23215C35E103099BDB05DFA9C4146AFFBF7AFD9300F104429D90AAB355EBB49946CB80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216D17, Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6b85330260a98bbb55672d8640198b8bfaca665f983b6721191c755aadb56bc
                                                                • Instruction ID: 54622df5ee42fc2208d29ce4b15dba06e1add90c4ff86d4832564f49666e5313
                                                                • Opcode Fuzzy Hash: c6b85330260a98bbb55672d8640198b8bfaca665f983b6721191c755aadb56bc
                                                                • Instruction Fuzzy Hash: 8A316B35F102198FCB04DFB9C4549AEBBF3AFD8310B10856AC80AAB755DA35AD06CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DAA8, Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 03796def591ef2df3f04bce51147152ada3fc9dfac8a0674393c17db9a2534d7
                                                                • Instruction ID: f328f0afc2813e51303dc736e6bb29e3c4b46e1c822852c8994b195f47da5e97
                                                                • Opcode Fuzzy Hash: 03796def591ef2df3f04bce51147152ada3fc9dfac8a0674393c17db9a2534d7
                                                                • Instruction Fuzzy Hash: 39318F30B00601CFC79AA779C45056E7BA3BFC4B14364896CD2475F794DFB6A9438B91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218290, Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2603faa074cb04d4fa8ac1b4681180b6465ee1af4b2212b7b5032be5d7c935fb
                                                                • Instruction ID: df5bf5b073b62a48c8515d2d4ced1b46078a70cd697f6ec9d1e7bb0c642176f9
                                                                • Opcode Fuzzy Hash: 2603faa074cb04d4fa8ac1b4681180b6465ee1af4b2212b7b5032be5d7c935fb
                                                                • Instruction Fuzzy Hash: 32316C74D28245DFCB19CF64C0D56AFBBF2FF62300F1944AAD8029B251D6B58A42CF56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052143D0, Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9db8ac70686215b7af2b632ea0bd7287449c6cc5efdc7cb60549a397b9fc4273
                                                                • Instruction ID: 0dadf2ea765af6ef49e38b93c0ff0a3f729958fdf801f5371dc97cd5bea25289
                                                                • Opcode Fuzzy Hash: 9db8ac70686215b7af2b632ea0bd7287449c6cc5efdc7cb60549a397b9fc4273
                                                                • Instruction Fuzzy Hash: 7231E739910105CFCF01EFA8D94889EBBF2FF8430471445A8E5066B265EB39AC56DBD1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052146A9, Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4d0817ede39cc23bf996344517b3cca7db00a1f439e1c1bf88f08ff7f04a1af1
                                                                • Instruction ID: 8b2c8215c35c12437b571e27ade684e46dbe115dc56e60121018a12fc28c6bcd
                                                                • Opcode Fuzzy Hash: 4d0817ede39cc23bf996344517b3cca7db00a1f439e1c1bf88f08ff7f04a1af1
                                                                • Instruction Fuzzy Hash: F62137367641905FCF11FAB8A810AFF77E7AFE2328B040067D90ED7201D9658C038794
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219F50, Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b0fb382aa8e40c78767ce4f98541995ecb34ee800b6b3d75cf781c6cdd25dd3b
                                                                • Instruction ID: 4ea867b11d62124a7f05d8952de9d98a5a75aeff883724f0a3d3d5047ecf5c13
                                                                • Opcode Fuzzy Hash: b0fb382aa8e40c78767ce4f98541995ecb34ee800b6b3d75cf781c6cdd25dd3b
                                                                • Instruction Fuzzy Hash: 79216030B24205DBCB55DF74D950AAFB7F7FF98740B10896DE606AB240EBB1A8408BD4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052166DA, Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1dc66787ec8874d660ffb55e14ccd752fda0f01448610d6d98439b22eb92fea4
                                                                • Instruction ID: 090218ce2ad5461a3b7b81524ad0afaa6f753d73d691d4591444f66ad8f63a9a
                                                                • Opcode Fuzzy Hash: 1dc66787ec8874d660ffb55e14ccd752fda0f01448610d6d98439b22eb92fea4
                                                                • Instruction Fuzzy Hash: E0318C78600205CBC745AF75D06855D3BA3EBC1604750896EE30B9F394EFBA8C4BCB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05214511, Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb086aad300e3f98185293554d060d9d243a945bb050133a42838f6e59e3ed76
                                                                • Instruction ID: 9c30a21fa67447e0d50e40903acddfbb8e32c2d7ff5f6f2047ecf77a3a6282f1
                                                                • Opcode Fuzzy Hash: cb086aad300e3f98185293554d060d9d243a945bb050133a42838f6e59e3ed76
                                                                • Instruction Fuzzy Hash: 96110336E141059BCF15EE69E4001FFBBB79FE6321F04007AED0AD7240DAA589068BE0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052150D0, Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0e9fdcf8fe7d273e0acbfa4235a55562f61c937dcb7d378cf614f00f7ba66a9e
                                                                • Instruction ID: 6e0c472ac6d96ad39cfa03456eae4b5a0016a13fca23b11acf4a8883c83ceb69
                                                                • Opcode Fuzzy Hash: 0e9fdcf8fe7d273e0acbfa4235a55562f61c937dcb7d378cf614f00f7ba66a9e
                                                                • Instruction Fuzzy Hash: 6C215831E203499EDF01CFA4C8546EEBBF2AFD9300F1044A5C909AB211E7B0594ACF80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05214F10, Relevance: .1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6dbd0a549acce7fcc65462f9e90365e9a413da0ee8b61f661240f8cbb10a4052
                                                                • Instruction ID: 15f21e19d92aae35ba193602250a88c17a59b578f4a2e0b89cf5287e529f0c26
                                                                • Opcode Fuzzy Hash: 6dbd0a549acce7fcc65462f9e90365e9a413da0ee8b61f661240f8cbb10a4052
                                                                • Instruction Fuzzy Hash: 7321B379239204CBCB00EE64E99497B3797FFE4311310852AD94B8B745EAB86C4287E6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052121E8, Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12ce1343ad3dd029a35520e826084d18375e84b2c5e1eb1284706117a30f3ecb
                                                                • Instruction ID: 7d71af1a53c587ff02a6cac613c9e1da0df1e89e6bcb9c6f10cc1214b897a59e
                                                                • Opcode Fuzzy Hash: 12ce1343ad3dd029a35520e826084d18375e84b2c5e1eb1284706117a30f3ecb
                                                                • Instruction Fuzzy Hash: 5A318438D28249DFCB84DFA6C1446BEBBF2FF65300F10445AE942AB260D7758941CB56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052125DE, Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 820b3f5405ee95579a765b52cb648e3dd479adb7e04900a339fd2c9086c6c3be
                                                                • Instruction ID: 23b438885b7437dcb4d4c79eace28b4af9b867e304c903c334192cf8f2079a40
                                                                • Opcode Fuzzy Hash: 820b3f5405ee95579a765b52cb648e3dd479adb7e04900a339fd2c9086c6c3be
                                                                • Instruction Fuzzy Hash: 8731CC38E10286CFCBA0DF66D44465AFBF2BF94304F20C56DD509AB254DBB8888ACF45
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052186A6, Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6b06fb4a93af81e56fe181f3b0fdb22527f6d836acdd88158cf966e4bfdba85
                                                                • Instruction ID: c1b1d291aae3def04f59d2603afa0587199d88e5cfe7488e5db579ccc7d46cae
                                                                • Opcode Fuzzy Hash: c6b06fb4a93af81e56fe181f3b0fdb22527f6d836acdd88158cf966e4bfdba85
                                                                • Instruction Fuzzy Hash: D7318BB8E20246CFEB60CF65C58475BBBE2BF85304F118669E505AF250DBB49885CF85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217692, Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 469011b4c98412300d6e97ae6088126aac3a27ee6e6d57f0587f3c93015ca629
                                                                • Instruction ID: af6f1ea7bc55392bb07335bc7438e7626a417207026c89587219add30ce8b424
                                                                • Opcode Fuzzy Hash: 469011b4c98412300d6e97ae6088126aac3a27ee6e6d57f0587f3c93015ca629
                                                                • Instruction Fuzzy Hash: D621B371914145DFCB11CFA8C8446EEBBF2EFA9300F2844A9D916AB251CB755D06CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521D860, Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f48a28b1238f17fcc01f76ce1ea7261f16b6b0071d8c68b561741e6ac3a0834
                                                                • Instruction ID: 839b43693120b48205dc04ad5278c01539c8c04d7fbb046254ca8947a8943adf
                                                                • Opcode Fuzzy Hash: 7f48a28b1238f17fcc01f76ce1ea7261f16b6b0071d8c68b561741e6ac3a0834
                                                                • Instruction Fuzzy Hash: A511A271E34105DBCB189FB8D4496AF7BE6EF99311F51047AD902A7280DE7988438B98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216F70, Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dfdc9d3c49bb096673e463b833d1300ba4f7927f2b0a6e301ad09bf8d45f140c
                                                                • Instruction ID: 9fd520cb189b83946641ce7835bf9eadc54533ea629a19633e15fa1b6fbf3dc2
                                                                • Opcode Fuzzy Hash: dfdc9d3c49bb096673e463b833d1300ba4f7927f2b0a6e301ad09bf8d45f140c
                                                                • Instruction Fuzzy Hash: FD11E639B201119BCB08EABA885497FB6E7AFE9240790453E9807DF395DDF59C0047A4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E0B0, Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc781962662115d3f4188a0617976f4c12c7182ed1e7bddcd5d001945a12c0a5
                                                                • Instruction ID: a983d5c46e4a45eadafaaa83e17e73ba1fce81b3ac06475485ee0419c9e529f5
                                                                • Opcode Fuzzy Hash: bc781962662115d3f4188a0617976f4c12c7182ed1e7bddcd5d001945a12c0a5
                                                                • Instruction Fuzzy Hash: 5B215335A20105DFCB54DF69CD409BFBBFAAF98610B21806AEC06EB600D771AD01CB96
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052148C3, Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43185653d6912631f17a33aaf3f95bee6a90f7abc03314a703cbd4c5e7272f43
                                                                • Instruction ID: ce56b3fabde729763d0e19235a73fb34c059bf2ba215dd490d8db291d9727a66
                                                                • Opcode Fuzzy Hash: 43185653d6912631f17a33aaf3f95bee6a90f7abc03314a703cbd4c5e7272f43
                                                                • Instruction Fuzzy Hash: D811BF32B24119AACF05EAB8D8909FFBBB7AFD4314B084029D90BB7241DD601E0687E5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215000, Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1dfb7a0d8b04ee4ad914cc416f228811c604124153852904c9fb002eb159f36a
                                                                • Instruction ID: a6d937a6c6206576ee2504ea6647468ca68cff80ad7c7371f75d66930b04757c
                                                                • Opcode Fuzzy Hash: 1dfb7a0d8b04ee4ad914cc416f228811c604124153852904c9fb002eb159f36a
                                                                • Instruction Fuzzy Hash: E6119075B20115CFCB44EFF9845076F77E2AFD8600B5441B9C90AEB280EE749D428BE9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219F40, Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0ac79e694df9fc68315237993ecd563c38de7bc1a4abe9261136a70aac328bc
                                                                • Instruction ID: b61054dcf38f2a01a803d3ddc2665fafba2d2d490e27d41ad6a9d3b54502af1e
                                                                • Opcode Fuzzy Hash: e0ac79e694df9fc68315237993ecd563c38de7bc1a4abe9261136a70aac328bc
                                                                • Instruction Fuzzy Hash: B911A231B242059BCB15DE74D9516AF77E3FF98740F10452AEA02AB280EBB098408794
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E0A1, Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c9dfb0fe93dd8b9f91673a081ce0acc4f1afc2ff67804e281c6c38612cf9a07
                                                                • Instruction ID: 4f5e6ec1e6430d4c155ad9e4c0a5550c809ef866866f478b942e0475491519a2
                                                                • Opcode Fuzzy Hash: 9c9dfb0fe93dd8b9f91673a081ce0acc4f1afc2ff67804e281c6c38612cf9a07
                                                                • Instruction Fuzzy Hash: DF214F35924105DFCB54DF58CD459ABBFFAFF68210B22806AED0AA7200D371AD41CB9A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C368, Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 352fb7b4fedb3dfa62af5b6116da505b89a520e5ae19ba0e2d5e5bee5fc6502a
                                                                • Instruction ID: d616afb1239bb12d7f72730b3569f3d0d82189c0653556475c0d02eb3fc064de
                                                                • Opcode Fuzzy Hash: 352fb7b4fedb3dfa62af5b6116da505b89a520e5ae19ba0e2d5e5bee5fc6502a
                                                                • Instruction Fuzzy Hash: 1A118F387141109BC748EF6AC854E7EB7E7AFD87107148069E80AEB350CF76AC028795
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05214FF0, Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c20aacd5cc489c825a13a6af11d3ec3da735a5ea3dc2cb1e52d77c9d95674b7e
                                                                • Instruction ID: 45c50779ab003e90030d0ce144546a4bd04c23e887a8790589265d839af177b0
                                                                • Opcode Fuzzy Hash: c20aacd5cc489c825a13a6af11d3ec3da735a5ea3dc2cb1e52d77c9d95674b7e
                                                                • Instruction Fuzzy Hash: 03119179B241198BCB40DFB9D8406AF7BE6EFD8610B1040BAC919E7240EB7409468FE9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215FB1, Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 88ea7b3a85604cf1c8e13ff10280255601f91b71bd4f971c7679421e2dcee436
                                                                • Instruction ID: 19e3193a7485bfce7d1f410eb6e1abc4697637ef73262622dc2a9c3ccdf00ed4
                                                                • Opcode Fuzzy Hash: 88ea7b3a85604cf1c8e13ff10280255601f91b71bd4f971c7679421e2dcee436
                                                                • Instruction Fuzzy Hash: 15012B31B384059BD71096B858006FF77E69FD2350F400076DE0AD3640DEA55D028AE9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215788, Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9dfc2272f6dade5c3beb9df4d6ea25afb1605869d3c238e4c116eb79fbb393af
                                                                • Instruction ID: 76dee7e765071cda8770467b1ccb0cb49ec37e518b53733e7ba36ffe97bf2cd7
                                                                • Opcode Fuzzy Hash: 9dfc2272f6dade5c3beb9df4d6ea25afb1605869d3c238e4c116eb79fbb393af
                                                                • Instruction Fuzzy Hash: 180145617292A08FC7A6A7BE50661FB6BD74FE292035504EFD496CB383D8804C038BA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02BF087C, Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.472865641.0000000002BF0000.00000040.00000040.sdmp, Offset: 02BF0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 697316c2bed69de906e79e3bce9246af6c3fbf41520d68378ac2acdfa85deb51
                                                                • Instruction ID: b41182dce4692e50e0c4d27a737f96d91d2e9acded2c0dbdeb6d4f65a7f74456
                                                                • Opcode Fuzzy Hash: 697316c2bed69de906e79e3bce9246af6c3fbf41520d68378ac2acdfa85deb51
                                                                • Instruction Fuzzy Hash: 1411E434204344DFE355EB28C844B26BBA1EB88708F24C9DCEA490B667C777D817CA91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521D7B9, Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 57e350cd8a9f2c45e8d291d60f8d3a80d79de83e6b719a76baa25d156ae35720
                                                                • Instruction ID: 8ecaa75a3134a4a6993d336b9d2512475b299eb0e1cc89c177fbec6ed3b44a86
                                                                • Opcode Fuzzy Hash: 57e350cd8a9f2c45e8d291d60f8d3a80d79de83e6b719a76baa25d156ae35720
                                                                • Instruction Fuzzy Hash: AD01D275F202109FCB042BB5980866FBBEBEFD9611B50493EE90AD7341DD798C0387A8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216570, Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6530fbea1eadaad8f826ea39ff81732f53532130ccb4ff4b309b54ec2ca1c30c
                                                                • Instruction ID: 61e70f58b0015f6361c22d8af8af79597febf88df98e5e9edf9334a205135508
                                                                • Opcode Fuzzy Hash: 6530fbea1eadaad8f826ea39ff81732f53532130ccb4ff4b309b54ec2ca1c30c
                                                                • Instruction Fuzzy Hash: 6B11CAB5E001489FCB10DB78D4856EEBBF1EF90210F50006AC848E7681E7355842CBA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052111DF, Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9a662b7542ef01c73bc1f52584ca764336e00e784cf586822020862ef07a48d
                                                                • Instruction ID: 3633a08d751e749cb051b8468878dd3b76d8ea202750e1f9bc02792dadbff27d
                                                                • Opcode Fuzzy Hash: d9a662b7542ef01c73bc1f52584ca764336e00e784cf586822020862ef07a48d
                                                                • Instruction Fuzzy Hash: DC11C4343282A0CFC706DB28C45896A7FE6AFE660071540EFD642CF275CAB58C09C796
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02AFAD64, Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.472359853.0000000002AF2000.00000040.00000001.sdmp, Offset: 02AF2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 311b4d29883b1d4d6941ff32d2aa8637e55d5b81cb0cc99d038b7e812c628e98
                                                                • Instruction ID: 0ed6767d8154e2a9682001f19c35289b629fa4edaa6188979467e01023de13b0
                                                                • Opcode Fuzzy Hash: 311b4d29883b1d4d6941ff32d2aa8637e55d5b81cb0cc99d038b7e812c628e98
                                                                • Instruction Fuzzy Hash: BF11ACB5A08301AFD350CF19DC41A57FBE8EB88660F14895EFD9997311D271E9048BA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05214789, Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 012e89335c80116be5896e792b7ca94f1dd3df71969f0c35b6d48676a9408492
                                                                • Instruction ID: f2073038d8211340db26bbea2f5cbaa1de41adcbc40252fd19ef28369ea492f9
                                                                • Opcode Fuzzy Hash: 012e89335c80116be5896e792b7ca94f1dd3df71969f0c35b6d48676a9408492
                                                                • Instruction Fuzzy Hash: F6012D71E001484FCB65EF7CD8552EF7FE2ABC9354F20447EC549E7241EA354A068BA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521D7C8, Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0e4159f308992c3ce9ee7b2e680d4bfad3ec7e50dfa670d8cb7fe40886786bd6
                                                                • Instruction ID: 7e0b8ca1cb15132de199710886b6640523948845b2ee2324722376b44147b0b6
                                                                • Opcode Fuzzy Hash: 0e4159f308992c3ce9ee7b2e680d4bfad3ec7e50dfa670d8cb7fe40886786bd6
                                                                • Instruction Fuzzy Hash: B8018475B102119FCB082BB6980852F7ADBAFD9624750483EE506D7340DD798C0287A4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217608, Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e080d486ea1558b7e3b8fa5849816fcf13cf4dff0db8577e606049dcf0d1c7d
                                                                • Instruction ID: 79f687a3a2b049748a1bc5c00c5192fa8367f735b777d35e3db44d5cac558cc3
                                                                • Opcode Fuzzy Hash: 6e080d486ea1558b7e3b8fa5849816fcf13cf4dff0db8577e606049dcf0d1c7d
                                                                • Instruction Fuzzy Hash: 8A019E31A281458BCB15DA5CC851ABFBBF3EFE4254F18406EC91BA7240CBB16D068BD5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219E90, Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6c2730222579f47845d39407ac968a643fc6c9d478eff6fd1ccc4eed9b21653
                                                                • Instruction ID: e2d972d6d372d264044c616a13da4b0de380f260a120571d5a32b8031e4a9fc3
                                                                • Opcode Fuzzy Hash: b6c2730222579f47845d39407ac968a643fc6c9d478eff6fd1ccc4eed9b21653
                                                                • Instruction Fuzzy Hash: F901B531A241089BCB25DA58C861ABFBBF69F94314F14446FC907A7640DFB26D41C7D9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052105B9, Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a75f552c9d68a002503f8f41dcb697eab95137b911d9bf6c98b71680ef4a816
                                                                • Instruction ID: 18e07116468e2660057ab304ea772f2b8b45db2abab658527b7c8d7ba23cfeaa
                                                                • Opcode Fuzzy Hash: 0a75f552c9d68a002503f8f41dcb697eab95137b911d9bf6c98b71680ef4a816
                                                                • Instruction Fuzzy Hash: 1001F430B1452507C689767E64117FF668BEFD9914B18442FE206DB384CDB88C4703DA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05212393, Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 90d1fba4581de864c3002c21da8548f58c53e2820b84576d5ee8c97c1b0d0299
                                                                • Instruction ID: 5cc35997ab3b34968a96e990ddc7700732809fead68a0f9252508dd6d2ac4f42
                                                                • Opcode Fuzzy Hash: 90d1fba4581de864c3002c21da8548f58c53e2820b84576d5ee8c97c1b0d0299
                                                                • Instruction Fuzzy Hash: 10114874D28259CFCB29DF66D9916AEBFF2FF94300F104069E902A6241DBB50842CF59
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219E80, Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80fdc36b8c5eff8d9b414cdf24a453c0b7fa0354bb000e68714bae9cbac52fa2
                                                                • Instruction ID: a03a79674799cc15ce2c3fb147491bfa46a3c990d358725610494eeca6014bc8
                                                                • Opcode Fuzzy Hash: 80fdc36b8c5eff8d9b414cdf24a453c0b7fa0354bb000e68714bae9cbac52fa2
                                                                • Instruction Fuzzy Hash: 9E01B930A241459BD725DA18C46177F7BF35F94304F14445EC807AB740CAB29C81C799
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521A530, Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40ead0ec64e1c8cf0d308081c1802798330b0f521bc9a2e2db186cb811486c13
                                                                • Instruction ID: b413270206363067a120f99b078ded5aef785e675178f8ef7986bcaee0f78f03
                                                                • Opcode Fuzzy Hash: 40ead0ec64e1c8cf0d308081c1802798330b0f521bc9a2e2db186cb811486c13
                                                                • Instruction Fuzzy Hash: 1E01BCB8A102069FDB50EF78D9053AFBBE5EB98200F20452AC944D7240FB394941CBE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521A540, Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 043ea27be0f315505793d13da5720eb3d8d3ce1dbb4feddbe251e59a2937c2f4
                                                                • Instruction ID: c577b0a7dbf2074f2494bf3ffe0816e8e83ed6ed3761679b401d6e02639764d3
                                                                • Opcode Fuzzy Hash: 043ea27be0f315505793d13da5720eb3d8d3ce1dbb4feddbe251e59a2937c2f4
                                                                • Instruction Fuzzy Hash: AD0171B5E142099FDB50DF78A8057AFBBF4EB84210F10457ADA08D3140FB3559008BE5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052175F9, Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59aa4ca40d098b653f9b79877b5e846086a2750f1886fdb337743d6dd8606e12
                                                                • Instruction ID: a49c49a3206e566c722f864406c48fe679cd78665a2f76f6f8b0bbb2bf77b2ba
                                                                • Opcode Fuzzy Hash: 59aa4ca40d098b653f9b79877b5e846086a2750f1886fdb337743d6dd8606e12
                                                                • Instruction Fuzzy Hash: B401CC30A241859BC718DB5CC854A7FBBF3EFE4344F1C406DC90BAB281DAB1AD018785
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216580, Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 02c3b24f9bfc0670138ecb748146ee3733ea2170fead4ad2eae147bb5bdec63b
                                                                • Instruction ID: 0ea8e2836a2900fd69a2ba9ec7ef2be068e9d4f0f9f79b1b86173d05d7e84492
                                                                • Opcode Fuzzy Hash: 02c3b24f9bfc0670138ecb748146ee3733ea2170fead4ad2eae147bb5bdec63b
                                                                • Instruction Fuzzy Hash: 93018FB5E101099FDB50DF79E8407AFBBF4EB84210F50013AD909E7280EB3459818BE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052105C8, Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 589ff524f5f6e8ef2a7eee25138fbd6fdeb3105952c6bf20670caa02e26ef4e6
                                                                • Instruction ID: 810463de64b170a6a54aba28804b710922c8ee97dd90210401de564a0d7fec2e
                                                                • Opcode Fuzzy Hash: 589ff524f5f6e8ef2a7eee25138fbd6fdeb3105952c6bf20670caa02e26ef4e6
                                                                • Instruction Fuzzy Hash: 6CF0F031B1002507C589767E64116AF62CF9BD8A15714402FE206DB384CDB88C4703EA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521ED80, Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 25ceb8549d0f1e7c4b98155fa0c5c9f85f4816b72258c807961e490cd5149503
                                                                • Instruction ID: 891f32733a058b24e7db711fa6e84c7fb10ec508d8ba8b4d7be11ffe18178fde
                                                                • Opcode Fuzzy Hash: 25ceb8549d0f1e7c4b98155fa0c5c9f85f4816b72258c807961e490cd5149503
                                                                • Instruction Fuzzy Hash: 00F0786AB182990FDB8196F45C500BF3F9DCE6100030985DFDECAC7342DC624C028B96
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521A6B0, Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8626d0485e3c494a5c17c010b4e98db8375f8ceb2e68b27e64e6a5ff74b33857
                                                                • Instruction ID: 57225b39f483a42ff48ce53632965cf95f73ea4ea38f480011a2ead2c40aadba
                                                                • Opcode Fuzzy Hash: 8626d0485e3c494a5c17c010b4e98db8375f8ceb2e68b27e64e6a5ff74b33857
                                                                • Instruction Fuzzy Hash: 6201BC38211280CBCB05EB79E41945A3BE7EFD521071440BED64A9B252EFBA8D02879A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05211218, Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5311b983bfd4f0701f98b34ac148dbd82ff3a5acd1d271b5ede52dad0ef75c2
                                                                • Instruction ID: ed7647fb7b065411f0a7a99e430c88335b4a7627bd0caea22fdba68e0ac9d726
                                                                • Opcode Fuzzy Hash: a5311b983bfd4f0701f98b34ac148dbd82ff3a5acd1d271b5ede52dad0ef75c2
                                                                • Instruction Fuzzy Hash: 7A011D34324120CBC644DB2DD05896A77EBBFE960072440AAEA06CF674DFF59C09CB86
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E4B8, Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb06596d591c4c3783033775e1d342d5f519fceba6a72869679bdadf2367042d
                                                                • Instruction ID: 981b03902cbce0969311a94cdce64f6b65e4e931fb54f31c48b5333e07557070
                                                                • Opcode Fuzzy Hash: bb06596d591c4c3783033775e1d342d5f519fceba6a72869679bdadf2367042d
                                                                • Instruction Fuzzy Hash: 85F0506253C2615BE72541985C883EB5FCEAF75260F4740F7ED4FCB143E480480143B9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05212F99, Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a04155203852a30ef9118ecb8780ae7eb3e011e222584a03c25b1cab144602de
                                                                • Instruction ID: 1a5a0ca72e13335d09ca8229af705be5cc656c4342b62408b4a434168a53f47c
                                                                • Opcode Fuzzy Hash: a04155203852a30ef9118ecb8780ae7eb3e011e222584a03c25b1cab144602de
                                                                • Instruction Fuzzy Hash: 4CF0F634F10106EFDF54DAB9D455AEFBBF2DF81240F108875ED15E7210EA3088068B91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219FE1, Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 20a0d251464b55d660ac44e0e19ad221a9e36916a04c3dd594f5949f71491c0b
                                                                • Instruction ID: 498213c7d426a7b74e6c366ee1755bd300418f9761b32925faa34fc8ae97c080
                                                                • Opcode Fuzzy Hash: 20a0d251464b55d660ac44e0e19ad221a9e36916a04c3dd594f5949f71491c0b
                                                                • Instruction Fuzzy Hash: 57F08138B10219DBCB05EFB8D981AAE7762FFC8704F10856AE601AF245DFB49D0187E5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219C81, Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f096a1a5a34e99fc73e9702032e13a227b3b9a32d86140d6cb2bb91532331a12
                                                                • Instruction ID: fffdb6848b1d45c52e6601fb9bbcff604698bf65e3a21e502ee7bd20e7778aa1
                                                                • Opcode Fuzzy Hash: f096a1a5a34e99fc73e9702032e13a227b3b9a32d86140d6cb2bb91532331a12
                                                                • Instruction Fuzzy Hash: CBF0AF326142808FC7959769A4206E97FF3AEEA21431845AEE24BCB751DEB298078751
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215F60, Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32f7d837943fa6013f4d0ea68f65ee773cb1d95d3eecf527515013b262a1285f
                                                                • Instruction ID: 3d7035843604d764331f80b291db13d8f07f50fd373b115a61382e604ba449bd
                                                                • Opcode Fuzzy Hash: 32f7d837943fa6013f4d0ea68f65ee773cb1d95d3eecf527515013b262a1285f
                                                                • Instruction Fuzzy Hash: 0EF0503676C1514FD7409EF894506FD2F965FD231070444EBEA4ACB341CD998C028B95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215B40, Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e3f1ea653ab907cbfcbd9f62f2283aaf639bc6140acd03d9c0e24c67324ab3a
                                                                • Instruction ID: b72b82aa3cb10e531be4a2fbd147931973f4ce28a068ebd32550810a121d5ef6
                                                                • Opcode Fuzzy Hash: 7e3f1ea653ab907cbfcbd9f62f2283aaf639bc6140acd03d9c0e24c67324ab3a
                                                                • Instruction Fuzzy Hash: CAF0F030B241049BCB208A3898916FFBBE6EFD5764F0040BACD0AE3241E6640A028AD5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217F88, Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 453c30f95f27a73f46222821660519700be1484057ca611f95d3d2fc320f393c
                                                                • Instruction ID: 84768f864b0b474f3cc69b55aec25053d046176a6724c254a41208a5ebbd26d8
                                                                • Opcode Fuzzy Hash: 453c30f95f27a73f46222821660519700be1484057ca611f95d3d2fc320f393c
                                                                • Instruction Fuzzy Hash: 55F0B475A38246DF8711DB78D8818AFFFF2EFE52507184463D911C7261E3B099068BAA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215FC0, Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 650e3ceb443841f8bda8b7eb02587bd006ab242dc1ec89f7413e7e8416b63cd2
                                                                • Instruction ID: 2a61e6b2db34979e0a7c21137a8fff17598ae1155bb520754f8e505df83025fe
                                                                • Opcode Fuzzy Hash: 650e3ceb443841f8bda8b7eb02587bd006ab242dc1ec89f7413e7e8416b63cd2
                                                                • Instruction Fuzzy Hash: 95F0B431B381159B8B14D53958102BFB7E6AFD5694F400077CD0AD3B41EE647A0196EA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05219057, Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dce979fd917df8b78236ff6653db623e7ed479bd93396bbcbe90fda971a4b341
                                                                • Instruction ID: 6a7568494628ac4ba8c3cbbeb216e42f997b4df2ad34bfe8786bdfd8dacf09ff
                                                                • Opcode Fuzzy Hash: dce979fd917df8b78236ff6653db623e7ed479bd93396bbcbe90fda971a4b341
                                                                • Instruction Fuzzy Hash: 4CF02B35F10105ABDF10D7B4C0D4AAFB7F6EF81200F5588B6D909D7214EA319409C791
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521A5F0, Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b580178996c65f6e8806c907c5fc39322c49efa8e48ae3844a351248445e601
                                                                • Instruction ID: dfebe138837169f8a4b8dc6d9d3e929125eb66ed27a9194edb89253451f9adca
                                                                • Opcode Fuzzy Hash: 4b580178996c65f6e8806c907c5fc39322c49efa8e48ae3844a351248445e601
                                                                • Instruction Fuzzy Hash: 12F05C3531C3555FD7157B78941825F3FD65FE721171400B7D509C7382EE268C0283A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C359, Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b246e058a33f479065907513db73ec98a183393106173ca583948c9ddf8ad5ed
                                                                • Instruction ID: d2e450bd9ae622dbd726f8c10816d2322a65d662588e7d2d4bfe201e2504686a
                                                                • Opcode Fuzzy Hash: b246e058a33f479065907513db73ec98a183393106173ca583948c9ddf8ad5ed
                                                                • Instruction Fuzzy Hash: 2CF0553B71011117829C25AE8805B6F6ACB8BD4A70758423AF909FB380CD92AC1283ED
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05210918, Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5495c60295cff02a169325ec0cb1ce4accdd16e07b5bb521dd6ab973c54c58e2
                                                                • Instruction ID: 2aec0b1a7482d9581f1f0ee7087bf75eb6ba7984f0c7ffb4129cf44eca65ec18
                                                                • Opcode Fuzzy Hash: 5495c60295cff02a169325ec0cb1ce4accdd16e07b5bb521dd6ab973c54c58e2
                                                                • Instruction Fuzzy Hash: 26E0E532E362189BAB5099F899581AFFBEA9FD5A50F0044379E47E3200DAB0489146DA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052145B9, Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5f79a5c25b31d22700e498e53693a5a9c32753834ea91a05d6b2a853f4098f8
                                                                • Instruction ID: b29d5e35cd988d4cd3c2550344f2298f42939f9ad225277e59c9b3c2fd6ac504
                                                                • Opcode Fuzzy Hash: b5f79a5c25b31d22700e498e53693a5a9c32753834ea91a05d6b2a853f4098f8
                                                                • Instruction Fuzzy Hash: 5AF05930E043990FCB60CB795C45AEFBFF8EF85210F0000AAD55CD3142E2205D09CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E438, Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f765e0bf0b74362bce6ae04c9f30746df9c5ddc33f5df37a6e7e907b56537b0
                                                                • Instruction ID: 37146193bc17696eda8da9d46f1307384a801406aea6fca541703c1a14a13511
                                                                • Opcode Fuzzy Hash: 7f765e0bf0b74362bce6ae04c9f30746df9c5ddc33f5df37a6e7e907b56537b0
                                                                • Instruction Fuzzy Hash: 4BF027352202114BC610D6E8C411A2F7FEBCF86621B14847FCE1AC7300EA62CC028B81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05214700, Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0be7feffb76c735d762b804d9df0034e3c55dbab2f0d7cbb7e11455a7d60c16a
                                                                • Instruction ID: 56585d06e1360e35d19c44f2f1808c9dc78e246f6da7076046f8ea1f51ef27ee
                                                                • Opcode Fuzzy Hash: 0be7feffb76c735d762b804d9df0034e3c55dbab2f0d7cbb7e11455a7d60c16a
                                                                • Instruction Fuzzy Hash: A4E02B362252805FCB22A72568107FB2BE69FE7364F85007BD84EDB342D85548038394
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02BF0938, Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.472865641.0000000002BF0000.00000040.00000040.sdmp, Offset: 02BF0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 25fd2b16779b1854695fb5743cded0297375a8572f452f2d1e0822a2e9fa09c9
                                                                • Instruction ID: aa16b3c6e25eec9f1910591ef8a0723debfd6ec14fb99c97ca98934ff5ade5c1
                                                                • Opcode Fuzzy Hash: 25fd2b16779b1854695fb5743cded0297375a8572f452f2d1e0822a2e9fa09c9
                                                                • Instruction Fuzzy Hash: E2F01D35104644DFC315DF04D940B15FBA2EB89718F24CAADEA490B766C737E817DA81
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521090B, Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1ba564503116f78e068e99fa80eb043fe476de121e3dcedd2d6100507e38573
                                                                • Instruction ID: b2773d4494a874d3fab07250299c41c67e513f8388eab2bfdd1878410fa8c2b6
                                                                • Opcode Fuzzy Hash: d1ba564503116f78e068e99fa80eb043fe476de121e3dcedd2d6100507e38573
                                                                • Instruction Fuzzy Hash: 5FF05C309393548BD7509BF8486C16FFFF66F96B40F0504675D83A7201C9A458824389
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521AC70, Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4d4e62c749d08a86020e9ee008c03060e04bc219060ed252f0dc3ca527cf513
                                                                • Instruction ID: 59ea6f1541ca31e2eba6386342129878a610a61de393522689ab6dd6d70de05a
                                                                • Opcode Fuzzy Hash: b4d4e62c749d08a86020e9ee008c03060e04bc219060ed252f0dc3ca527cf513
                                                                • Instruction Fuzzy Hash: 97F0273A905B504BC3249F6BC800443BBF9FED1B2074D867F818A83512E7F199088BD4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521822A, Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 64426fb3012c65ac46f83103623c79c63c97c35be2da7ab929ef303624333d3b
                                                                • Instruction ID: ae77fef335f34f9c1270e444b7c178683921153fb3db2a98a67b545b79f4951e
                                                                • Opcode Fuzzy Hash: 64426fb3012c65ac46f83103623c79c63c97c35be2da7ab929ef303624333d3b
                                                                • Instruction Fuzzy Hash: 4CF0973AE041A14BCB930FB491582563FF2EB9A65030904A7E846DB300DE348C008BE0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C68E, Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a9b6719f9ef1ea635868066b5679836c7b3393468123f3dec463007ca3bb0ea
                                                                • Instruction ID: 870760a782e510bc1ebea67e9de42c34a08d5858d126cdbde24f98a910136452
                                                                • Opcode Fuzzy Hash: 3a9b6719f9ef1ea635868066b5679836c7b3393468123f3dec463007ca3bb0ea
                                                                • Instruction Fuzzy Hash: F6E0682E3BC2D44B8612522B40319BF37FB9EE582131810ABD946EB221CCD18C0283A7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DC08, Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 08a36be68c8e9e23e8974a9987eb13b75522788e191bef67a03569000807febe
                                                                • Instruction ID: d9eaecf6275f08bbf1912afa3813c1d14c7530875c8c83e27cea059a70266f56
                                                                • Opcode Fuzzy Hash: 08a36be68c8e9e23e8974a9987eb13b75522788e191bef67a03569000807febe
                                                                • Instruction Fuzzy Hash: 73E02B362106108BC711D698D17197F37E3DFC46113144C6FC65ECB600EEB6CD028B85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216EF7, Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3004e88db7ef08b01eacf4967bb1e7322e66d29f88d04842256e26ff0557fa0a
                                                                • Instruction ID: d8393cde4b6ee2887c578285585b4762e7e5b6d6939e0c660d8736c1454a5960
                                                                • Opcode Fuzzy Hash: 3004e88db7ef08b01eacf4967bb1e7322e66d29f88d04842256e26ff0557fa0a
                                                                • Instruction Fuzzy Hash: 11F0E539B100108FCB48B3FE94283AFB2D29FD0600F804178EA07CB780EE249C128786
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02BF05F6, Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.472865641.0000000002BF0000.00000040.00000040.sdmp, Offset: 02BF0000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2433ead566ca828e8279e4842ddded562d24776f7a662b42c5195243365456a9
                                                                • Instruction ID: faea8b1b5870061477bbeb2729541b0d087207b71219c44c4afefdac3176beff
                                                                • Opcode Fuzzy Hash: 2433ead566ca828e8279e4842ddded562d24776f7a662b42c5195243365456a9
                                                                • Instruction Fuzzy Hash: BCE092B66006008BD650DF0AEC81452FBE8EB88630B18C57FDC0D8B710D276B504CEA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02AFADB3, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.472359853.0000000002AF2000.00000040.00000001.sdmp, Offset: 02AF2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b455d17802bfd8379d307eff3f64003a894b58c4f393120f74153eff4890458
                                                                • Instruction ID: 315db1c50928c7be46fe444a5577fa084b58533b8e4d9fada36e38fc57a8d214
                                                                • Opcode Fuzzy Hash: 6b455d17802bfd8379d307eff3f64003a894b58c4f393120f74153eff4890458
                                                                • Instruction Fuzzy Hash: BDE0D8B2A4020467D2109F0B9C41B63FB58EB44A30F08C557EE095F701D172B5048AF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DC18, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 09dd024b9d5a5b07bf08d0dd6360141c14498c4b896ffdb8400693c7a3b6a4a1
                                                                • Instruction ID: 811eb1168c2371f447c4eb16bd14c3361677eb292bb3031c2dfd72b1eef874a8
                                                                • Opcode Fuzzy Hash: 09dd024b9d5a5b07bf08d0dd6360141c14498c4b896ffdb8400693c7a3b6a4a1
                                                                • Instruction Fuzzy Hash: 08E0DF323202119B8220E699C52092B77DBDFC1A203048C2EDA1E8B300EEE6DC028B99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E448, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93f476de65c9143d7eb6d8867d22b2df2eb597c2784dad6a2da0a72b54de764d
                                                                • Instruction ID: 4bd8d4327116d49a71f8589d8da0cc7c5f0e824bcec0e9d1d81232c5f93af8e1
                                                                • Opcode Fuzzy Hash: 93f476de65c9143d7eb6d8867d22b2df2eb597c2784dad6a2da0a72b54de764d
                                                                • Instruction Fuzzy Hash: F8E0D831220611474250D699C810C2F7BDFDFC5920301846EDE1A8B300EEA2DC018BD1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521B8D8, Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
                                                                • Instruction ID: 464b9860c437705d9f47392bbd487bf3ee1ce109a8ae4c17025be4fb15a5a9a1
                                                                • Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
                                                                • Instruction Fuzzy Hash: 1EF0A536614B049F8330DF5AD584C13F7FAEF996203118A6EE99A87A14C770F8058FA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521AC28, Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d23af7a278eb70fdfae6005a718cacd074c824b5677ba81da1c2e4452e9ec51
                                                                • Instruction ID: 4fefad68c593d1e5093a0b1a38a7cfd05cf4578118c09a8fc6b1b617760aae58
                                                                • Opcode Fuzzy Hash: 5d23af7a278eb70fdfae6005a718cacd074c824b5677ba81da1c2e4452e9ec51
                                                                • Instruction Fuzzy Hash: 03E0E531625644DFC354CA19D18065377EAFF65351B54582AE44BC7E10D7B1FCC08B88
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C6A0, Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2d1f57b4a6b7e736f7134c9fb8f954781247c8c5b7a4a5bd196d5d9dc82d5446
                                                                • Instruction ID: d2693f426d0f93d4fb9d4ea293fe327a1acb181747d92cb5ab6fe921bed936a8
                                                                • Opcode Fuzzy Hash: 2d1f57b4a6b7e736f7134c9fb8f954781247c8c5b7a4a5bd196d5d9dc82d5446
                                                                • Instruction Fuzzy Hash: 8FE0C23D3B80D9974514A21F40208BF72DF9FE8862314606F9907AB210DDD28C01839A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521ACB9, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 901897d63026bd55001fda77aa67bf6fb5d45c8f0661436933f9e50704b765e1
                                                                • Instruction ID: db98e865f656e41f331a3f7eec439a6bc8799a629185ee267f10b8d5842f2a73
                                                                • Opcode Fuzzy Hash: 901897d63026bd55001fda77aa67bf6fb5d45c8f0661436933f9e50704b765e1
                                                                • Instruction Fuzzy Hash: 6CE0863722220457D6205A48EA8698F3BA9FBD67A2B54043BE90487601C3369441C7E9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E489, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad4cdafe09c2d00c55853fb75d5d2428ec1a92f1df7705298f25b70025051eb3
                                                                • Instruction ID: c07ec89d98a5486e6fea62a20ffa9b7b7ba07027238dd24bbacba0d9c34b13e8
                                                                • Opcode Fuzzy Hash: ad4cdafe09c2d00c55853fb75d5d2428ec1a92f1df7705298f25b70025051eb3
                                                                • Instruction Fuzzy Hash: 20E04F3503D2518FC3278E6158400A77FAAEE6672535604EFDD878B652A6A558018BC9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052102A0, Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f634d5a98382cc0e9a23533662af9c7f73295736925c2a212aff749074952806
                                                                • Instruction ID: fa65e14afcb0a0fc45f10a232f4e6c4f1e60aabcbf8666411bd331b07cdea776
                                                                • Opcode Fuzzy Hash: f634d5a98382cc0e9a23533662af9c7f73295736925c2a212aff749074952806
                                                                • Instruction Fuzzy Hash: C1E0C235809F84CFC3A2CA60D996487BBF1BF92600300884ED8E28B542CA64AC068B11
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DC59, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5be983dc5e6a68c66178af678c3a5b9b5272891a9a05f2e25049e08be6ae43f0
                                                                • Instruction ID: 8e645dbcdad4a1e7db6a810e385fe20b316a8b801aeb795307ee88659d3cbbcf
                                                                • Opcode Fuzzy Hash: 5be983dc5e6a68c66178af678c3a5b9b5272891a9a05f2e25049e08be6ae43f0
                                                                • Instruction Fuzzy Hash: BEE08CB3139220CECB18CB60D15497777F7EF28212B104D6BE98ACB240CAE18841CB8A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215F70, Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa448180b2f412d11dd89ddd521a627ea50ba8ae2a2c9be6ca4b4110cf77d821
                                                                • Instruction ID: bf2580cb1f5dbecee9ae3b9bcc02e25c9a8ecf5778215a02554d76a9c4c0d267
                                                                • Opcode Fuzzy Hash: fa448180b2f412d11dd89ddd521a627ea50ba8ae2a2c9be6ca4b4110cf77d821
                                                                • Instruction Fuzzy Hash: 6ED0123177C5168BD64065D954047AA76CA9FD2351F5400B6FF0A86280DEDD9C504AEE
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05217178, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c0113b0b233d5a6df3d78f249d0fd1d70b66454a4d8c6c11adf19150eb84d648
                                                                • Instruction ID: c960bed7c0c4f7d904fc45c6c6aff751cd716a68e52f951f292529192cfffcc0
                                                                • Opcode Fuzzy Hash: c0113b0b233d5a6df3d78f249d0fd1d70b66454a4d8c6c11adf19150eb84d648
                                                                • Instruction Fuzzy Hash: 47D0C230038310EAC335CA65A8006637BEFEFE1314F0C096E88870554085E1A086839A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521ED48, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c09264dfae97892dcec02bacb2288ad6466e25e271524f1239a183abf448e0f6
                                                                • Instruction ID: 6b48056056de42d9353a3a62dd76c9009db1e0b9ca13bba1e712f67103026738
                                                                • Opcode Fuzzy Hash: c09264dfae97892dcec02bacb2288ad6466e25e271524f1239a183abf448e0f6
                                                                • Instruction Fuzzy Hash: D7D0A735340128176588F5EEC81093B738FDBD5950304885FFB4AD7351DDA2DC0287D1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521DC68, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d92519f75980ab2e54f42e8e3b7d8656bfdea2b128b9a6ab1719e01bda26859
                                                                • Instruction ID: 6419abb13acecb914144ad851ce438ae1f227dca97d2466b403f79c9888631b2
                                                                • Opcode Fuzzy Hash: 0d92519f75980ab2e54f42e8e3b7d8656bfdea2b128b9a6ab1719e01bda26859
                                                                • Instruction Fuzzy Hash: E8D05EB3138224DBC628D66490009B3B3EFAF28612B004D3BED4B8A200CAE2980187DD
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521064F, Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 29cb6c7dc4a4ef8251ede658c6fff0507e243d13c194a401316d92712547122f
                                                                • Instruction ID: e54dabbb23bb7c139fc904676222698e51772a0370737058a87ebe575cf57465
                                                                • Opcode Fuzzy Hash: 29cb6c7dc4a4ef8251ede658c6fff0507e243d13c194a401316d92712547122f
                                                                • Instruction Fuzzy Hash: A5D05EB28992C08FC3654AB1186E6EDBF72CEA3610B1488AACD824691285A26597DA05
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052180DB, Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 564df207b0c00cd9e8cdfc1829d7cafe98dde4402197f6a66e26ade5721965a4
                                                                • Instruction ID: 9ef5b818303aa917447c6e46a816c0c59c85adc23b0e6bf9911843efc672bdab
                                                                • Opcode Fuzzy Hash: 564df207b0c00cd9e8cdfc1829d7cafe98dde4402197f6a66e26ade5721965a4
                                                                • Instruction Fuzzy Hash: 2BE0863452014EC7CB01CF64E8D089E3BB6FF90354B10C51AEC018A119F7BA5D048BD6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218DA3, Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0850f7fd89c99a09d64c044120a59a072800e189c4a251fb3b10a4851029286f
                                                                • Instruction ID: 985c0979ae73cf8c315b829a34491d78b317e4b9fe4eb6704d84fe4874881c83
                                                                • Opcode Fuzzy Hash: 0850f7fd89c99a09d64c044120a59a072800e189c4a251fb3b10a4851029286f
                                                                • Instruction Fuzzy Hash: A1E08C70118284CFCB02DB34D4D14183FE1BE5220071508EAD182CB266D7B9AC409742
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052180B7, Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 07a0dd540bbc66a00e92e2494325fc63f036d8a3234eff1ae1a8660351ba14c6
                                                                • Instruction ID: 6fd4821988c550f23fbb9a02b8cc6791a3ad09abc05ecf83a9009cbb55118bc4
                                                                • Opcode Fuzzy Hash: 07a0dd540bbc66a00e92e2494325fc63f036d8a3234eff1ae1a8660351ba14c6
                                                                • Instruction Fuzzy Hash: A7E0E67553414EC7C701DF64E4D085A3BA6FF90304B10C516E9424A115F7BB5D059B96
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E818, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e7f8cdc54eac6eceac7fa3e0c29ad67a8d5d95c9b3f2469b5e874a7bb4d2893
                                                                • Instruction ID: 41c791b98d84ad4c5d109d279d900d24b1c59b073e9fcf36b7cc054fd8162292
                                                                • Opcode Fuzzy Hash: 5e7f8cdc54eac6eceac7fa3e0c29ad67a8d5d95c9b3f2469b5e874a7bb4d2893
                                                                • Instruction Fuzzy Hash: 2EC0C030A20314C30F2470F42C000EBBBDCCC01011B410079DC0C47200EB21D910C3C9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521E498, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e1c4b5a89a634c06548b2a65acdc6168243e7e75e88d296429734591963583e
                                                                • Instruction ID: 08178efd200df795429fdc1927edfcd1591959889ae14cefb2efa1719a635f6c
                                                                • Opcode Fuzzy Hash: 7e1c4b5a89a634c06548b2a65acdc6168243e7e75e88d296429734591963583e
                                                                • Instruction Fuzzy Hash: 47D0A930039200CB8228CA01E8004A3BBEFAE90332302086ADC0B076008BEAA8008BC8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215700, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48872584b0f1da2391bdc3a345bd45a7009979dd0decccc4708aaf1d8f9b2d89
                                                                • Instruction ID: c12136b04980f923dabb7f1d3246ab1a6c99ef24c966e88e9883598fa1918029
                                                                • Opcode Fuzzy Hash: 48872584b0f1da2391bdc3a345bd45a7009979dd0decccc4708aaf1d8f9b2d89
                                                                • Instruction Fuzzy Hash: 9EC0127662E3504F87122BE464A22977B6B2CA315030510D3C569CE113D99C89465BB7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216B40, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                                • Instruction ID: ff463564b5aebb9e7ab525177eb8286a7b716d224112a96290fd36e5afc78c5a
                                                                • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                                • Instruction Fuzzy Hash: 18D0423AA001048FC704CB88D6949DDF7F1EB98325F28C1A6D919A7251C732EE56CA50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014C23F4, Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471918465.00000000014C2000.00000040.00000001.sdmp, Offset: 014C2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c624586d15a6301a19294fb0f151ef4fcb5b06d8e64fb2b0d7e35d5c292a1cc
                                                                • Instruction ID: dba874d90ad0879b7776498a4aabfd7a74883458593901d237391138723a33fc
                                                                • Opcode Fuzzy Hash: 5c624586d15a6301a19294fb0f151ef4fcb5b06d8e64fb2b0d7e35d5c292a1cc
                                                                • Instruction Fuzzy Hash: F4D05E7D205A914FE3268A1CC1A8F967BA4AB91F04F4644FEE8008B773C3B9D581D200
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218DE2, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd9d96e9d5c778bb8c3828ee63f0f5801e41c5cdd30130f2bb4ab1cb57eef628
                                                                • Instruction ID: 21362cf036c91de9e8f2f9f5ff5d7d5b91f6a2c6b5cdc497f093fbfef29f98a3
                                                                • Opcode Fuzzy Hash: bd9d96e9d5c778bb8c3828ee63f0f5801e41c5cdd30130f2bb4ab1cb57eef628
                                                                • Instruction Fuzzy Hash: 1DD012661AD780EBD3138B905996B663F645B66301F530883F5C9DA491E2A645044B39
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 014C23BC, Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.471918465.00000000014C2000.00000040.00000001.sdmp, Offset: 014C2000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c2797c6c20778cf092a0b9335ffa32ba3c658d4849fc96660c686bb4f67a47dc
                                                                • Instruction ID: 485932f69007e7118e747d2b5f134eb9261e37c748ebf144379efbd301eac357
                                                                • Opcode Fuzzy Hash: c2797c6c20778cf092a0b9335ffa32ba3c658d4849fc96660c686bb4f67a47dc
                                                                • Instruction Fuzzy Hash: A9D05E383002818BD715DB1CC194F5A3BD4AB41B00F0644EDAD00CB3B2C3F4D881C600
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 052178EE, Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d0866d8854dc61bb43fbfabbe289e48f260366b2cd6f7ed07ee4dd74677f33bb
                                                                • Instruction ID: f219c9f9056db0046ca7050b1c061c07f1232657036a589888e5f1702698b627
                                                                • Opcode Fuzzy Hash: d0866d8854dc61bb43fbfabbe289e48f260366b2cd6f7ed07ee4dd74677f33bb
                                                                • Instruction Fuzzy Hash: 4DD05EB4960108DF8B41CF75DA5409E3BF1EF883203140725D802AB381E7385D528B10
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05210180, Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 111be859ab5560f4aff9d9d01ffdfb1d089adb44fd5bd110be166df6817f7a08
                                                                • Instruction ID: c73bda8b543aaf58ee38f853eb98a81d2ba7a6fdbebad8854f313833a182c524
                                                                • Opcode Fuzzy Hash: 111be859ab5560f4aff9d9d01ffdfb1d089adb44fd5bd110be166df6817f7a08
                                                                • Instruction Fuzzy Hash: CED01274640305CFCB482BB0E01C4183369AB84B093000C7CD9168B740DF3ED892CA00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218DF0, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c6081cfa46fa52a71af01fb118b5605c6d006b6e97aeacafa481d53621127fe
                                                                • Instruction ID: 9ede330575f2377769aaa9af38707da88b522950d0fc7c47b5bbbfcd48a77daf
                                                                • Opcode Fuzzy Hash: 4c6081cfa46fa52a71af01fb118b5605c6d006b6e97aeacafa481d53621127fe
                                                                • Instruction Fuzzy Hash: E5C092252BC308E3E41096A02CCAB77B6EE9F34B41F410803FE0F6908029E2241114AE
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521C469, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba4d7d270615e871e46cc1090b2af88796c5cb120652e5de983f9568de044307
                                                                • Instruction ID: 62868effcf138492445401a049b161056c4d21d84257942d84608ce6c10d42a2
                                                                • Opcode Fuzzy Hash: ba4d7d270615e871e46cc1090b2af88796c5cb120652e5de983f9568de044307
                                                                • Instruction Fuzzy Hash: A6C012AA4142C08BFB155B34C4553063F20DF23309F0808FF9841A9543D569E102C710
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215710, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2db1c629204fd5f054ea12e5258442f377e1126c465112a44dcbcac8791b2ba
                                                                • Instruction ID: 80dabffc37383278065fe8c44f47c4634bc80442592b7bb1e9839597bf9fdf6a
                                                                • Opcode Fuzzy Hash: a2db1c629204fd5f054ea12e5258442f377e1126c465112a44dcbcac8791b2ba
                                                                • Instruction Fuzzy Hash: 99C08C30BA0205CF8E8027F0648A52E778D6EA06803000894EA0A85100EF3CD4124965
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05218F80, Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6afe9ee3abe58077d31434b54b79e59351da5c2c499a1e584c70ca99d7b71035
                                                                • Instruction ID: d79d1e5d906dcc20d4ec165a0873bd98c42092a784b08b20875ded9a709992a1
                                                                • Opcode Fuzzy Hash: 6afe9ee3abe58077d31434b54b79e59351da5c2c499a1e584c70ca99d7b71035
                                                                • Instruction Fuzzy Hash: FBB092312746190AEB509AB67885B2637DD9B40718F840475BA0CC5901E98AE4902146
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05210660, Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4fbff03c86878ba5f53592dc6d655674b9d7499a4537f49aa300eeccc92b6810
                                                                • Instruction ID: 4950086300ec0e52d361f953444125aff21f0069d1435ff590668b870a0760da
                                                                • Opcode Fuzzy Hash: 4fbff03c86878ba5f53592dc6d655674b9d7499a4537f49aa300eeccc92b6810
                                                                • Instruction Fuzzy Hash: 14C09B714B5294CFC254DAF26D0E837B25E5EE1705750CC359D01001258EB6A4E7D95D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521ED90, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5eff3865e24b88bb03b518dad6f305f067373605821024f5cdf615992558b613
                                                                • Instruction ID: c7f6a88460e2b6832e6a0e4f164e21c975222df6ad14346bdf099980043c628c
                                                                • Opcode Fuzzy Hash: 5eff3865e24b88bb03b518dad6f305f067373605821024f5cdf615992558b613
                                                                • Instruction Fuzzy Hash: A7B01220A9070E8FEEC033F4700C11DB7CC0D40510BC048229D1D43201BE6CB82144A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05216B64, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                                • Instruction ID: 59f6f8c91551d864fef2be2ce68f63b1fb2d52e9711bc7aea5eca20d9d35fc92
                                                                • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                                • Instruction Fuzzy Hash: 31B092B7A14108C9DB00CA84B4413EEF760EBA0329F104023CB1062400C27212648695
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05215F41, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb1f6618d57f5455dcb37247599b6fd82dfc319d20c4f91287c950ab4df83417
                                                                • Instruction ID: 7681222cd87fab817b974e5679d8d12fc598164ab9a66479461811f56831fc22
                                                                • Opcode Fuzzy Hash: fb1f6618d57f5455dcb37247599b6fd82dfc319d20c4f91287c950ab4df83417
                                                                • Instruction Fuzzy Hash: E7C04C8690D3C44ED75346744C29645AF702A63004FCD40CAC4D199297D18D48098732
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0521CE40, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 28f9974382f1b1a7955ce6dcb73c400d69de76700562c158ac5ee12507aa1b22
                                                                • Instruction ID: 51d9b8361bb644db676bba68cf051bb852e7f67ea145c34827928cba81dda820
                                                                • Opcode Fuzzy Hash: 28f9974382f1b1a7955ce6dcb73c400d69de76700562c158ac5ee12507aa1b22
                                                                • Instruction Fuzzy Hash: AAB09B744E4348D78141D659DC4945A765DFD556017800515EA06550449BF85D4346EE
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 05212EC0, Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 665bc7ce319edc13c00b68907fe48d539b4b9f750b33d0399f6e8019f0018360
                                                                • Instruction ID: 404b146291c9176cbc4e3c4cd72cb494f00556a517210a61b81bcb17b5e58fcf
                                                                • Opcode Fuzzy Hash: 665bc7ce319edc13c00b68907fe48d539b4b9f750b33d0399f6e8019f0018360
                                                                • Instruction Fuzzy Hash: 40B0123025420E4B17C056F22808F2373CC99405053400470AD0CC0000F905E0A0214D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 05210D8C, Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.477329940.0000000005210000.00000040.00000001.sdmp, Offset: 05210000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,:Xr$0Wr$:@1r$X1Xr
                                                                • API String ID: 0-476874211
                                                                • Opcode ID: c0d359f0eb0c24ba042c9932ea84d877bc59884953848118c42fcbf54206b5a1
                                                                • Instruction ID: 50b1914445d77e216e09ba034034eb893ebf96dbc249c39646d786fb3a010914
                                                                • Opcode Fuzzy Hash: c0d359f0eb0c24ba042c9932ea84d877bc59884953848118c42fcbf54206b5a1
                                                                • Instruction Fuzzy Hash: A2B1B6B4A08344CFD364DF78C161B6ABBE2FBD8744F14892DE54A8B394DB759842CB12
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%