Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report PURCHASE ORDER.exe

Overview

General Information

Sample Name:PURCHASE ORDER.exe
Analysis ID:412574
MD5:3dbed8889c9e0709d9d5b9df08d5eabf
SHA1:55e331a1169b7f8773c0a2332e85c73322477831
SHA256:a10213876dda124a602a41a9b947e66ed8ad7e330b76596bdb0ab00b435aaded
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • PURCHASE ORDER.exe (PID: 5388 cmdline: 'C:\Users\user\Desktop\PURCHASE ORDER.exe' MD5: 3DBED8889C9E0709D9D5B9DF08D5EABF)
    • schtasks.exe (PID: 396 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\GNBVBDzQwHiY' /XML 'C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 3880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • PURCHASE ORDER.exe (PID: 6156 cmdline: C:\Users\user\Desktop\PURCHASE ORDER.exe MD5: 3DBED8889C9E0709D9D5B9DF08D5EABF)
    • PURCHASE ORDER.exe (PID: 6172 cmdline: C:\Users\user\Desktop\PURCHASE ORDER.exe MD5: 3DBED8889C9E0709D9D5B9DF08D5EABF)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "ghulam.sarwar@dadabhoy.edu.pkDadabhoy.456mail.dadabhoy.edu.pkmarsspace454@yandex.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.PURCHASE ORDER.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              4.2.PURCHASE ORDER.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                0.2.PURCHASE ORDER.exe.428e9e8.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.PURCHASE ORDER.exe.428e9e8.2.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    0.2.PURCHASE ORDER.exe.428e9e8.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "ghulam.sarwar@dadabhoy.edu.pkDadabhoy.456mail.dadabhoy.edu.pkmarsspace454@yandex.com"}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exeReversingLabs: Detection: 27%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: PURCHASE ORDER.exeVirustotal: Detection: 21%Perma Link
                      Source: PURCHASE ORDER.exeReversingLabs: Detection: 27%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exeJoe Sandbox ML: detected
                      Machine Learning detection for sampleShow sources
                      Source: PURCHASE ORDER.exeJoe Sandbox ML: detected
                      Source: 4.2.PURCHASE ORDER.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: PURCHASE ORDER.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: PURCHASE ORDER.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: mscorrc.pdb source: PURCHASE ORDER.exe, 00000000.00000002.239873716.00000000053A0000.00000002.00000001.sdmp, PURCHASE ORDER.exe, 00000004.00000002.505195502.0000000005F10000.00000002.00000001.sdmp
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_062D1E00
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_062D1DF0
                      Source: global trafficTCP traffic: 192.168.2.5:49724 -> 72.18.132.146:587
                      Source: Joe Sandbox ViewIP Address: 72.18.132.146 72.18.132.146
                      Source: Joe Sandbox ViewASN Name: WEHOSTWEBSITES-COMUS WEHOSTWEBSITES-COMUS
                      Source: global trafficTCP traffic: 192.168.2.5:49724 -> 72.18.132.146:587
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_013FA09A recv,4_2_013FA09A
                      Source: unknownDNS traffic detected: queries for: mail.dadabhoy.edu.pk
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpString found in binary or memory: http://UZkOts.com
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, PURCHASE ORDER.exe, 00000004.00000002.503328534.0000000003589000.00000004.00000001.sdmpString found in binary or memory: https://kMicsa3HazLTjD.net
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                      Source: PURCHASE ORDER.exe, 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, PURCHASE ORDER.exe, 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Installs a global keyboard hookShow sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\PURCHASE ORDER.exeJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary:

                      barindex
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: PURCHASE ORDER.exe
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_051713D6 NtQuerySystemInformation,0_2_051713D6
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_051713A9 NtQuerySystemInformation,0_2_051713A9
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_013FB0BA NtQuerySystemInformation,4_2_013FB0BA
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_013FB089 NtQuerySystemInformation,4_2_013FB089
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053220130_2_05322013
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532DCC80_2_0532DCC8
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05322B180_2_05322B18
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053217B00_2_053217B0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532E3A80_2_0532E3A8
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05321BE80_2_05321BE8
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532DFD80_2_0532DFD8
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532EA080_2_0532EA08
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05324AA00_2_05324AA0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053232FB0_2_053232FB
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053212E30_2_053212E3
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05320AC30_2_05320AC3
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05326D700_2_05326D70
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053269BD0_2_053269BD
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053249A10_2_053249A1
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053215E00_2_053215E0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053215D00_2_053215D0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532ADD80_2_0532ADD8
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053258100_2_05325810
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053258030_2_05325803
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532A8080_2_0532A808
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05322B0B0_2_05322B0B
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532C3480_2_0532C348
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05326BB00_2_05326BB0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05326BA30_2_05326BA3
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053217AB0_2_053217AB
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532A7910_2_0532A791
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053267F00_2_053267F0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05321BE30_2_05321BE3
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053267EB0_2_053267EB
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532B6100_2_0532B610
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053262780_2_05326278
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05320E610_2_05320E61
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532626B0_2_0532626B
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532CAA00_2_0532CAA0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05324A9B0_2_05324A9B
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0532BA880_2_0532BA88
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053236E00_2_053236E0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_062D00060_2_062D0006
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_062D00700_2_062D0070
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_062D1AF60_2_062D1AF6
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_0300D3574_2_0300D357
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_0300D7B84_2_0300D7B8
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_0300BBBA4_2_0300BBBA
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_03009A904_2_03009A90
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064800704_2_06480070
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064E53404_2_064E5340
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064E00704_2_064E0070
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064EABD04_2_064EABD0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064E8AE04_2_064E8AE0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064ED6F04_2_064ED6F0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064EA1A04_2_064EA1A0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064EE2B14_2_064EE2B1
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064E00064_2_064E0006
                      Source: PURCHASE ORDER.exe, 00000000.00000002.239511278.000000000434A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMqlBKgQGWGuIUcraWbDAeFtcNvdPyLI.exe4 vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.242160824.0000000005FF0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.239873716.00000000053A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.242274006.00000000060F0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.242274006.00000000060F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238019794.0000000000B5C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDefaultInterfaceAttribute.exeP vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238942135.0000000003171000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll( vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000003.00000002.236766536.000000000043C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDefaultInterfaceAttribute.exeP vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000002.505299124.0000000006010000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000002.504596475.0000000005800000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500345558.0000000001597000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000000.237489374.0000000000E2C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDefaultInterfaceAttribute.exeP vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000002.505195502.0000000005F10000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000002.505049092.0000000005D80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exe, 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameMqlBKgQGWGuIUcraWbDAeFtcNvdPyLI.exe4 vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exeBinary or memory string: OriginalFilenameDefaultInterfaceAttribute.exeP vs PURCHASE ORDER.exe
                      Source: PURCHASE ORDER.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: PURCHASE ORDER.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: GNBVBDzQwHiY.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/4@1/1
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05170FC2 AdjustTokenPrivileges,0_2_05170FC2
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05170F8B AdjustTokenPrivileges,0_2_05170F8B
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_013FAF3E AdjustTokenPrivileges,4_2_013FAF3E
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_013FAF07 AdjustTokenPrivileges,4_2_013FAF07
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile created: C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exeJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeMutant created: \Sessions\1\BaseNamedObjects\pbnDaLYqXNxfqdRvBIIEjhXzsGp
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3880:120:WilError_01
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA9B9.tmpJump to behavior
                      Source: PURCHASE ORDER.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
                      Source: PURCHASE ORDER.exeVirustotal: Detection: 21%
                      Source: PURCHASE ORDER.exeReversingLabs: Detection: 27%
                      Source: PURCHASE ORDER.exeString found in binary or memory: ^(Male|Female)$-Add Student Details :-
                      Source: PURCHASE ORDER.exeString found in binary or memory: Teacher Name-Add Teacher Details :-
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile read: C:\Users\user\Desktop\PURCHASE ORDER.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe 'C:\Users\user\Desktop\PURCHASE ORDER.exe'
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\GNBVBDzQwHiY' /XML 'C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp'
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe C:\Users\user\Desktop\PURCHASE ORDER.exe
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe C:\Users\user\Desktop\PURCHASE ORDER.exe
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\GNBVBDzQwHiY' /XML 'C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp'Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe C:\Users\user\Desktop\PURCHASE ORDER.exeJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe C:\Users\user\Desktop\PURCHASE ORDER.exeJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: PURCHASE ORDER.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: PURCHASE ORDER.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: mscorrc.pdb source: PURCHASE ORDER.exe, 00000000.00000002.239873716.00000000053A0000.00000002.00000001.sdmp, PURCHASE ORDER.exe, 00000004.00000002.505195502.0000000005F10000.00000002.00000001.sdmp
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_01252B74 push cs; ret 0_2_01252BBA
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_01252F56 push ss; ret 0_2_01252F6A
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_01267D03 pushfd ; ret 0_2_012680D5
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_01267C21 push ecx; iretd 0_2_01267C2E
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_01267C43 push ebp; iretd 0_2_01267C56
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053201DB push ds; iretd 0_2_053201E2
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05320C6F push dword ptr [ebp+eax-18h]; ret 0_2_05320C73
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_053200F8 push ds; iretd 0_2_053200FA
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_05321BD8 push eax; iretd 0_2_05321BDA
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_013F2954 push cs; ret 4_2_013F298E
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_0300B4C2 push esp; retf 4_2_0300B5B1
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_064EA0C9 push es; ret 4_2_064EA180
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.6332778418
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.6332778418
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile created: C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\GNBVBDzQwHiY' /XML 'C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp'
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PURCHASE ORDER.exe PID: 5388, type: MEMORY
                      Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFunction Chain: systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,systemQueried,threadDelayed,systemQueried,threadDelayed,systemQueried,threadDelayed,threadDelayed,systemQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,processSet,processSet,memAlloc,memAlloc
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWindow / User API: threadDelayed 651Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 3220Thread sleep time: -104638s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 6112Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 6428Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 6428Thread sleep count: 651 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 6428Thread sleep time: -19530000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 6428Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exe TID: 6428Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 104638Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 30000Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 30000Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeThread delayed: delay time: 30000Jump to behavior
                      Source: PURCHASE ORDER.exe, 00000004.00000002.504596475.0000000005800000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: VMWARE
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500468169.000000000160C000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW13F2-6063-4D7F-8700-992855A4
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500513631.0000000001639000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: PURCHASE ORDER.exe, 00000004.00000002.504596475.0000000005800000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: PURCHASE ORDER.exe, 00000004.00000002.504596475.0000000005800000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: PURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                      Source: PURCHASE ORDER.exe, 00000004.00000002.504596475.0000000005800000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 4_2_0300A7D0 LdrInitializeThunk,4_2_0300A7D0
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeMemory written: C:\Users\user\Desktop\PURCHASE ORDER.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\GNBVBDzQwHiY' /XML 'C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp'Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe C:\Users\user\Desktop\PURCHASE ORDER.exeJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeProcess created: C:\Users\user\Desktop\PURCHASE ORDER.exe C:\Users\user\Desktop\PURCHASE ORDER.exeJump to behavior
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500645046.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500645046.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500645046.0000000001B90000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500645046.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
                      Source: PURCHASE ORDER.exe, 00000004.00000002.500645046.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeCode function: 0_2_0125B0BE GetUserNameW,0_2_0125B0BE
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 4.2.PURCHASE ORDER.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PURCHASE ORDER.exe PID: 5388, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PURCHASE ORDER.exe PID: 6172, type: MEMORY
                      Source: Yara matchFile source: 4.2.PURCHASE ORDER.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\PURCHASE ORDER.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PURCHASE ORDER.exe PID: 6172, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 4.2.PURCHASE ORDER.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PURCHASE ORDER.exe PID: 5388, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PURCHASE ORDER.exe PID: 6172, type: MEMORY
                      Source: Yara matchFile source: 4.2.PURCHASE ORDER.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PURCHASE ORDER.exe.428e9e8.2.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools11OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection112Obfuscated Files or Information3Input Capture11File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Scheduled Task/Job1Software Packing3Credentials in Registry1System Information Discovery114SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsScheduled Task/Job1Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSQuery Registry1Distributed Component Object ModelInput Capture11Scheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion141LSA SecretsSecurity Software Discovery321SSHClipboard Data1Data Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncVirtualization/Sandbox Evasion141Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      PURCHASE ORDER.exe22%VirustotalBrowse
                      PURCHASE ORDER.exe28%ReversingLabsWin32.Trojan.Wacatac
                      PURCHASE ORDER.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exe28%ReversingLabsWin32.Trojan.Wacatac

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      4.2.PURCHASE ORDER.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://api.ipify.org%0%URL Reputationsafe
                      https://api.ipify.org%0%URL Reputationsafe
                      https://api.ipify.org%0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      http://UZkOts.com0%Avira URL Cloudsafe
                      https://kMicsa3HazLTjD.net0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      mail.dadabhoy.edu.pk
                      		72.18.132.146
                      		truetrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.1PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://api.ipify.org%GETMozilla/5.0PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        http://DynDns.comDynDNSPURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haPURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://api.ipify.org%PURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipPURCHASE ORDER.exe, 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, PURCHASE ORDER.exe, 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssPURCHASE ORDER.exe, 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmpfalse
                          		high
                          http://UZkOts.comPURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://kMicsa3HazLTjD.netPURCHASE ORDER.exe, 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, PURCHASE ORDER.exe, 00000004.00000002.503328534.0000000003589000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          72.18.132.146
                          		mail.dadabhoy.edu.pkUnited States
                          		30475WEHOSTWEBSITES-COMUStrue

                          General Information

                          Joe Sandbox Version:32.0.0 Black Diamond
                          Analysis ID:412574
                          Start date:12.05.2021
                          Start time:19:32:50
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 9m 29s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:PURCHASE ORDER.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:29
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@8/4@1/1
                          EGA Information:Failed
                          HDC Information:
                          • Successful, ratio: 0.1% (good quality ratio 0.1%)
                          • Quality average: 46%
                          • Quality standard deviation: 0%
                          HCA Information:
                          • Successful, ratio: 96%
                          • Number of executed functions: 360
                          • Number of non-executed functions: 24
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          Warnings:
                          Show All
                          • Excluded IPs from analysis (whitelisted): 93.184.220.29, 13.88.21.125, 20.82.210.154, 204.79.197.200, 13.107.21.200, 104.43.139.144, 92.122.145.220, 184.30.24.56, 92.122.213.194, 92.122.213.247, 20.54.26.129
                          • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          19:33:42API Interceptor967x Sleep call for process: PURCHASE ORDER.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          72.18.132.146PURCHASE ORDER.exeGet hashmaliciousBrowse
                            Proforma Invoice.exeGet hashmaliciousBrowse
                              INVOICE34 56730015.exeGet hashmaliciousBrowse
                                PAYMENT COPY.exeGet hashmaliciousBrowse
                                  AD1-2001028L.exeGet hashmaliciousBrowse
                                    PURCHASE ORDER.exeGet hashmaliciousBrowse
                                      Balance Payment.exeGet hashmaliciousBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        mail.dadabhoy.edu.pkPURCHASE ORDER.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        Proforma Invoice.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        INVOICE34 56730015.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        PAYMENT COPY.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        AD1-2001028L.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        PURCHASE ORDER.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        Balance Payment.exeGet hashmaliciousBrowse
                                        • 72.18.132.146

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        WEHOSTWEBSITES-COMUSPURCHASE ORDER.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        Proforma Invoice.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        INVOICE34 56730015.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        PAYMENT COPY.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        AD1-2001028L.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        PURCHASE ORDER.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        Balance Payment.exeGet hashmaliciousBrowse
                                        • 72.18.132.146
                                        64.exeGet hashmaliciousBrowse
                                        • 23.239.203.21
                                        Inquiry Ref DW200929-ED1.xlsGet hashmaliciousBrowse
                                        • 72.18.132.34
                                        VZs73znCvb.exeGet hashmaliciousBrowse
                                        • 72.18.130.163

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\PURCHASE ORDER.exe.log
                                        Process:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):664
                                        Entropy (8bit):5.288448637977022
                                        Encrypted:false
                                        SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                        MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                        SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                        SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                        SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                        Malicious:true
                                        Reputation:moderate, very likely benign file
                                        Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                                        C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp
                                        Process:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1649
                                        Entropy (8bit):5.189172014947723
                                        Encrypted:false
                                        SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBtKtn:cbhC7ZlNQF/rydbz9I3YODOLNdq3Q
                                        MD5:94359E9274617C25D530B2DDB63D4F90
                                        SHA1:6789225F844A5ECE7DDB2919F6012B4581A2448F
                                        SHA-256:699084A187BA33274C7CA9B84FDBABACD5BB4C3E2DDF7EB5CA2C2DC58BA12AF6
                                        SHA-512:B1581F1C911A6D041C5F339B5B61883637C5455846C227BCDFF2817561A9DD3FAF088E25AC8F6F8256B3F26E7704C6098A75C62FAC26FC3599617C47501E493D
                                        Malicious:true
                                        Reputation:low
                                        Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                                        C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exe
                                        Process:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):710656
                                        Entropy (8bit):7.595096185086584
                                        Encrypted:false
                                        SSDEEP:12288:H6FPcIlQykx1zO9U/CyVbC4dhmYLk5wFMt01Aqb8MvOfA42MmGVH:H6FPSx1iSXFnOz+8MGN2MVH
                                        MD5:3DBED8889C9E0709D9D5B9DF08D5EABF
                                        SHA1:55E331A1169B7F8773C0A2332E85C73322477831
                                        SHA-256:A10213876DDA124A602A41A9B947E66ED8AD7E330B76596BDB0AB00B435AADED
                                        SHA-512:BFFE152DE01F9E3F73CF78AE3D38D9E6BE7FD4E924D7A629E921BF6D5466C4DF4605317E86A958669C33D67958D10366D37B1E91BE681BBE9E10A64C5CC5146F
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 28%
                                        Reputation:low
                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.`..............P......T......v.... ........@.. .......................@............@.................................$...O.......0Q................... ....................................................... ............... ..H............text...|.... ...................... ..`.rsrc...0Q.......R..................@..@.reloc....... ......................@..B................X.......H...........................P............................................0............(....( .........(.....o!....*.....................("......(#......($......(%......(&....*N..(....oS...('....*&..((....*.s)........s*........s+........s,........s-........*....0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*.0...........~....o1....+..*.0...........~....o2....+..*.0..<........~.....(3.....,!r...p.....(4...o5...s6............~.....+..*.0......
                                        C:\Users\user\AppData\Roaming\GNBVBDzQwHiY.exe:Zone.Identifier
                                        Process:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview: [ZoneTransfer]....ZoneId=0

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.595096185086584
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:PURCHASE ORDER.exe
                                        File size:710656
                                        MD5:3dbed8889c9e0709d9d5b9df08d5eabf
                                        SHA1:55e331a1169b7f8773c0a2332e85c73322477831
                                        SHA256:a10213876dda124a602a41a9b947e66ed8ad7e330b76596bdb0ab00b435aaded
                                        SHA512:bffe152de01f9e3f73cf78ae3d38d9e6be7fd4e924d7a629e921bf6d5466c4df4605317e86a958669c33d67958d10366d37b1e91be681bbe9e10a64c5cc5146f
                                        SSDEEP:12288:H6FPcIlQykx1zO9U/CyVbC4dhmYLk5wFMt01Aqb8MvOfA42MmGVH:H6FPSx1iSXFnOz+8MGN2MVH
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X..`..............P......T......v.... ........@.. .......................@............@................................

                                        File Icon

                                        Icon Hash:60d088f59092cc31

                                        Static PE Info

                                        General

                                        Entrypoint:0x4aa176
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                        Time Stamp:0x609BD458 [Wed May 12 13:12:56 2021 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:v2.0.50727
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xaa1240x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xac0000x5130.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xa817c0xa8200False0.797387604554data7.6332778418IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                        .rsrc0xac0000x51300x5200False0.512623856707data5.60122084223IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xb20000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0xac1300x4228dBase III DBT, version number 0, next free block index 40
                                        RT_GROUP_ICON0xb03580x14data
                                        RT_VERSION0xb036c0x394data
                                        RT_MANIFEST0xb07000xa2eXML 1.0 document, UTF-8 Unicode (with BOM) text

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Version Infos

                                        DescriptionData
                                        Translation0x0000 0x04b0
                                        LegalCopyrightCopyright 2020
                                        Assembly Version1.0.0.0
                                        InternalNameDefaultInterfaceAttribute.exe
                                        FileVersion1.0.0.0
                                        CompanyName
                                        LegalTrademarks
                                        Comments
                                        ProductNameLibraryManagementSystem
                                        ProductVersion1.0.0.0
                                        FileDescriptionLibraryManagementSystem
                                        OriginalFilenameDefaultInterfaceAttribute.exe

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 12, 2021 19:35:15.835755110 CEST49724587192.168.2.572.18.132.146
                                        May 12, 2021 19:35:16.014936924 CEST5874972472.18.132.146192.168.2.5
                                        May 12, 2021 19:35:16.015052080 CEST49724587192.168.2.572.18.132.146
                                        May 12, 2021 19:35:16.172660112 CEST49724587192.168.2.572.18.132.146
                                        May 12, 2021 19:35:16.349592924 CEST5874972472.18.132.146192.168.2.5
                                        May 12, 2021 19:35:16.523308992 CEST5874972472.18.132.146192.168.2.5
                                        May 12, 2021 19:35:16.523338079 CEST5874972472.18.132.146192.168.2.5
                                        May 12, 2021 19:35:16.523467064 CEST5874972472.18.132.146192.168.2.5
                                        May 12, 2021 19:35:16.523495913 CEST49724587192.168.2.572.18.132.146
                                        May 12, 2021 19:35:16.523531914 CEST49724587192.168.2.572.18.132.146
                                        May 12, 2021 19:35:16.523607016 CEST49724587192.168.2.572.18.132.146

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 12, 2021 19:33:34.903877974 CEST5430253192.168.2.58.8.8.8
                                        May 12, 2021 19:33:34.925451994 CEST5378453192.168.2.58.8.8.8
                                        May 12, 2021 19:33:34.955418110 CEST53543028.8.8.8192.168.2.5
                                        May 12, 2021 19:33:34.975557089 CEST53537848.8.8.8192.168.2.5
                                        May 12, 2021 19:33:35.719926119 CEST6530753192.168.2.58.8.8.8
                                        May 12, 2021 19:33:35.785490036 CEST53653078.8.8.8192.168.2.5
                                        May 12, 2021 19:33:36.048047066 CEST6434453192.168.2.58.8.8.8
                                        May 12, 2021 19:33:36.109672070 CEST53643448.8.8.8192.168.2.5
                                        May 12, 2021 19:33:36.127527952 CEST6206053192.168.2.58.8.8.8
                                        May 12, 2021 19:33:36.184672117 CEST53620608.8.8.8192.168.2.5
                                        May 12, 2021 19:33:37.381658077 CEST6180553192.168.2.58.8.8.8
                                        May 12, 2021 19:33:37.430454016 CEST53618058.8.8.8192.168.2.5
                                        May 12, 2021 19:33:38.515108109 CEST5479553192.168.2.58.8.8.8
                                        May 12, 2021 19:33:38.564013958 CEST53547958.8.8.8192.168.2.5
                                        May 12, 2021 19:33:39.410775900 CEST4955753192.168.2.58.8.8.8
                                        May 12, 2021 19:33:39.459733963 CEST53495578.8.8.8192.168.2.5
                                        May 12, 2021 19:33:39.747169018 CEST6173353192.168.2.58.8.8.8
                                        May 12, 2021 19:33:39.808377028 CEST53617338.8.8.8192.168.2.5
                                        May 12, 2021 19:33:40.701724052 CEST6544753192.168.2.58.8.8.8
                                        May 12, 2021 19:33:40.751944065 CEST53654478.8.8.8192.168.2.5
                                        May 12, 2021 19:33:41.648571968 CEST5244153192.168.2.58.8.8.8
                                        May 12, 2021 19:33:41.705708027 CEST53524418.8.8.8192.168.2.5
                                        May 12, 2021 19:33:42.796734095 CEST6217653192.168.2.58.8.8.8
                                        May 12, 2021 19:33:42.846669912 CEST53621768.8.8.8192.168.2.5
                                        May 12, 2021 19:33:45.245131969 CEST5959653192.168.2.58.8.8.8
                                        May 12, 2021 19:33:45.295453072 CEST53595968.8.8.8192.168.2.5
                                        May 12, 2021 19:33:46.190026999 CEST6529653192.168.2.58.8.8.8
                                        May 12, 2021 19:33:46.241955996 CEST53652968.8.8.8192.168.2.5
                                        May 12, 2021 19:33:47.349349976 CEST6318353192.168.2.58.8.8.8
                                        May 12, 2021 19:33:47.398499012 CEST53631838.8.8.8192.168.2.5
                                        May 12, 2021 19:33:48.449527025 CEST6015153192.168.2.58.8.8.8
                                        May 12, 2021 19:33:48.501425028 CEST53601518.8.8.8192.168.2.5
                                        May 12, 2021 19:33:58.780842066 CEST5696953192.168.2.58.8.8.8
                                        May 12, 2021 19:33:58.856266975 CEST53569698.8.8.8192.168.2.5
                                        May 12, 2021 19:34:11.457942963 CEST5516153192.168.2.58.8.8.8
                                        May 12, 2021 19:34:11.517812014 CEST53551618.8.8.8192.168.2.5
                                        May 12, 2021 19:34:18.638611078 CEST5475753192.168.2.58.8.8.8
                                        May 12, 2021 19:34:18.699443102 CEST53547578.8.8.8192.168.2.5
                                        May 12, 2021 19:34:46.341012001 CEST4999253192.168.2.58.8.8.8
                                        May 12, 2021 19:34:46.409173965 CEST53499928.8.8.8192.168.2.5
                                        May 12, 2021 19:34:54.637468100 CEST6007553192.168.2.58.8.8.8
                                        May 12, 2021 19:34:54.699223042 CEST53600758.8.8.8192.168.2.5
                                        May 12, 2021 19:35:09.309345961 CEST5501653192.168.2.58.8.8.8
                                        May 12, 2021 19:35:09.367100954 CEST53550168.8.8.8192.168.2.5
                                        May 12, 2021 19:35:15.743837118 CEST6434553192.168.2.58.8.8.8
                                        May 12, 2021 19:35:15.807564020 CEST53643458.8.8.8192.168.2.5
                                        May 12, 2021 19:35:20.972039938 CEST5712853192.168.2.58.8.8.8
                                        May 12, 2021 19:35:21.039608955 CEST53571288.8.8.8192.168.2.5
                                        May 12, 2021 19:35:25.249305010 CEST5479153192.168.2.58.8.8.8
                                        May 12, 2021 19:35:25.321475983 CEST53547918.8.8.8192.168.2.5

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                        May 12, 2021 19:35:15.743837118 CEST192.168.2.58.8.8.80x96acStandard query (0)mail.dadabhoy.edu.pkA (IP address)IN (0x0001)

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                        May 12, 2021 19:35:15.807564020 CEST8.8.8.8192.168.2.50x96acNo error (0)mail.dadabhoy.edu.pk72.18.132.146A (IP address)IN (0x0001)

                                        SMTP Packets

                                        TimestampSource PortDest PortSource IPDest IPCommands
                                        May 12, 2021 19:35:16.523308992 CEST5874972472.18.132.146192.168.2.5220-vps.dadabhoy.edu.pk ESMTP Exim 4.94.2 #2 Thu, 13 May 2021 01:35:16 +0800
                                        220-We do not authorize the use of this system to transport unsolicited,
                                        220 and/or bulk e-mail.
                                        May 12, 2021 19:35:16.523338079 CEST5874972472.18.132.146192.168.2.5421 vps.dadabhoy.edu.pk lost input connection

                                        Code Manipulations

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        Analysis Process: PURCHASE ORDER.exe PID: 5388 Parent PID: 5580

                                        General

                                        Start time:19:33:42
                                        Start date:12/05/2021
                                        Path:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\Desktop\PURCHASE ORDER.exe'
                                        Imagebase:0xab0000
                                        File size:710656 bytes
                                        MD5 hash:3DBED8889C9E0709D9D5B9DF08D5EABF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Yara matches:
                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.238977520.000000000319B000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.239232235.0000000004171000.00000004.00000001.sdmp, Author: Joe Security
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: schtasks.exe PID: 396 Parent PID: 5388

                                        General

                                        Start time:19:33:44
                                        Start date:12/05/2021
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\GNBVBDzQwHiY' /XML 'C:\Users\user\AppData\Local\Temp\tmpA9B9.tmp'
                                        Imagebase:0x10c0000
                                        File size:185856 bytes
                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 3880 Parent PID: 396

                                        General

                                        Start time:19:33:44
                                        Start date:12/05/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7ecfc0000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: PURCHASE ORDER.exe PID: 6156 Parent PID: 5388

                                        General

                                        Start time:19:33:45
                                        Start date:12/05/2021
                                        Path:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        Imagebase:0x390000
                                        File size:710656 bytes
                                        MD5 hash:3DBED8889C9E0709D9D5B9DF08D5EABF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: PURCHASE ORDER.exe PID: 6172 Parent PID: 5388

                                        General

                                        Start time:19:33:45
                                        Start date:12/05/2021
                                        Path:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\PURCHASE ORDER.exe
                                        Imagebase:0xd80000
                                        File size:710656 bytes
                                        MD5 hash:3DBED8889C9E0709D9D5B9DF08D5EABF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.503023451.0000000003541000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000004.00000002.498714437.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                        Reputation:low

                                        Chronological Activities

                                        Disassembly

                                        Code Analysis

                                        Reset < >

                                          Analysis Process: PURCHASE ORDER.exe PID: 5388 Parent PID: 5580 PURCHASE ORDER.exeCOMMON

                                          Executed Functions

                                          Function 05320E61, Relevance: 2.6, Strings: 2, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: X$(r$X$(r
                                          • API String ID: 0-250461778
                                          • Opcode ID: 45a9dd0963b3df99dbc064a626051c25cf26fdd4b430b686540bebfbd0c3dd06
                                          • Instruction ID: d8b2b49b1bd3d486d54fe3cf56cd1d680d58e0eedd3e841bf0001585abb3e9e0
                                          • Opcode Fuzzy Hash: 45a9dd0963b3df99dbc064a626051c25cf26fdd4b430b686540bebfbd0c3dd06
                                          • Instruction Fuzzy Hash: 0951B074D04258DFDB58CFE9D484AAEBBF2FF88300F14806AE814AB264D7749945CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053249A1, Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: "g(
                                          • API String ID: 0-3334222725
                                          • Opcode ID: d5e6ad7f473e4430fb36b1a9c1d552dbabffafa577edf1ae7ee1cd5294af5f7c
                                          • Instruction ID: 723be6ed6419b51ddb38569148f9ea06b41c987c266d0eeea8d3da41e9f93f15
                                          • Opcode Fuzzy Hash: d5e6ad7f473e4430fb36b1a9c1d552dbabffafa577edf1ae7ee1cd5294af5f7c
                                          • Instruction Fuzzy Hash: D7E1B130919A1ADFCF14CFA4D1814AEFFB6FF49300B25A599D081BB605CB349A42CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170F8B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0517100B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: AdjustPrivilegesToken
                                          • String ID:
                                          • API String ID: 2874748243-0
                                          • Opcode ID: 81d5f0dadb84f6daf1d58add1e906203c1465922f769916354d40c622f10ccd3
                                          • Instruction ID: 2060645d56471c24fa3c5d5f6253bfbdad8849d484c0f0d5f3416748d71020ef
                                          • Opcode Fuzzy Hash: 81d5f0dadb84f6daf1d58add1e906203c1465922f769916354d40c622f10ccd3
                                          • Instruction Fuzzy Hash: EA21A175509784AFDB238F25DC44B52BFB4EF16210F0884EAE9858F163D375A908CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051713A9, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05171411
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: InformationQuerySystem
                                          • String ID:
                                          • API String ID: 3562636166-0
                                          • Opcode ID: cb8336aca8de4e8f8b91c523ddf4cb9a00f64f4b145040c844725ff14f8b3d91
                                          • Instruction ID: 5b4dc5c8db053ba7df371eac49fbe03f1df6624974201e917f365ddbcb073c76
                                          • Opcode Fuzzy Hash: cb8336aca8de4e8f8b91c523ddf4cb9a00f64f4b145040c844725ff14f8b3d91
                                          • Instruction Fuzzy Hash: C811BC71409784AFDB228F25DC44A62FFB4FF06320F0884DAED854B263D375A959CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170FC2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0517100B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: AdjustPrivilegesToken
                                          • String ID:
                                          • API String ID: 2874748243-0
                                          • Opcode ID: 6939ac58bc6899459c50ea3d014de3cc35bb402d3e2b74cc73209d4823f5deea
                                          • Instruction ID: 450dec7da9a6d2cd79ee46e3c3e5dfe86f3af1dea94e1573afc1504284a0e58d
                                          • Opcode Fuzzy Hash: 6939ac58bc6899459c50ea3d014de3cc35bb402d3e2b74cc73209d4823f5deea
                                          • Instruction Fuzzy Hash: 3E115A755002489FDB21CF69D884B66FFF8EF48220F08C4AAED5A8B652D375E418CF61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125B0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0125B10E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: NameUser
                                          • String ID:
                                          • API String ID: 2645101109-0
                                          • Opcode ID: 54738c8d8d5c457af31cf1b232bc35c8d8493726939ed07d5c064c4b89ef8ae9
                                          • Instruction ID: 4949867e71403f5d7120710c4d2016f9f63a8bb6519ff1e1723fb4b82331f271
                                          • Opcode Fuzzy Hash: 54738c8d8d5c457af31cf1b232bc35c8d8493726939ed07d5c064c4b89ef8ae9
                                          • Instruction Fuzzy Hash: EC01AD72500200ABD710DF2ADC86B26FBE8FB88B20F14815AED084B745E635F915CBE6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051713D6, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05171411
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: InformationQuerySystem
                                          • String ID:
                                          • API String ID: 3562636166-0
                                          • Opcode ID: b0176be3a363fe7c528c6f0376bcfb7c7e3de55ae8d693107b522b7a0c7e7b5a
                                          • Instruction ID: 314587860ab660cf6cb60f434bed6a2989caa916f0e7f8abfbd6291cd6262af7
                                          • Opcode Fuzzy Hash: b0176be3a363fe7c528c6f0376bcfb7c7e3de55ae8d693107b522b7a0c7e7b5a
                                          • Instruction Fuzzy Hash: A3018B35400248AFDB20CF19D884B65FFB0FF48720F08C49ADD8A0B252D375A858CFA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05324AA0, Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: "g(
                                          • API String ID: 0-3334222725
                                          • Opcode ID: e7feec4fc0eba8dc254866804d76fd7717e98f24b6a45c26635fd083530aa446
                                          • Instruction ID: f4fc79e97e131d76b789623ae357cb79d198bec20c859b8d29ee6d4b095b23ba
                                          • Opcode Fuzzy Hash: e7feec4fc0eba8dc254866804d76fd7717e98f24b6a45c26635fd083530aa446
                                          • Instruction Fuzzy Hash: 11C15A7090961ADFCF04CFA4D2848AEFBB2FF48301B21A959D452BB654C735EA41CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05324A9B, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: "g(
                                          • API String ID: 0-3334222725
                                          • Opcode ID: e1e1db7305e50ccb44437c8fd84b57cd48a9e8bd5ac70af06c8a10cc8e3f1fb1
                                          • Instruction ID: 3525d3e81dfd8f49a8a1871ca2800696e3f52b5e8564f2a535459c115910444c
                                          • Opcode Fuzzy Hash: e1e1db7305e50ccb44437c8fd84b57cd48a9e8bd5ac70af06c8a10cc8e3f1fb1
                                          • Instruction Fuzzy Hash: AAC1687090961ADFCF04CFA4D2848AEFBB2FF48311B21A959D442BB654C735EA41CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532E3A8, Relevance: .3, Instructions: 319COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2afdbf7add672fc28bf0200b4f08bd93c45649a4fe018fa824643f50fe357a3e
                                          • Instruction ID: 07728c19caceaf2a46a5a37f587c9b61bda5d8321de923fbb90b09b98a2c5eea
                                          • Opcode Fuzzy Hash: 2afdbf7add672fc28bf0200b4f08bd93c45649a4fe018fa824643f50fe357a3e
                                          • Instruction Fuzzy Hash: 43D13870E16218DFDB54CFA4D586BEDFBB6EB89310F209469E406BB294DB706940CF24
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053217B0, Relevance: .3, Instructions: 271COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d33a5e55fee02663b1bb7b2a572877a7fe22981eafd9c69a09d67e9c9ddb7764
                                          • Instruction ID: 94be4ca179e30db7b43d02d1c666e2e7496c9039e772f4f4be8b96d1cb250ab0
                                          • Opcode Fuzzy Hash: d33a5e55fee02663b1bb7b2a572877a7fe22981eafd9c69a09d67e9c9ddb7764
                                          • Instruction Fuzzy Hash: F2B16670D05629CBCB19CFEACA809AEFBB2FF85310F54852AE415BB654E7315902CF24
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053217AB, Relevance: .3, Instructions: 267COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5aba5d6b5efc952b05d6c89385a05f9f1e00af281d42a51e08154eede3eb66d4
                                          • Instruction ID: 8c9f6e583897a90581cc3888bcf8d735e623edbabab44f6d6acc514acb115d14
                                          • Opcode Fuzzy Hash: 5aba5d6b5efc952b05d6c89385a05f9f1e00af281d42a51e08154eede3eb66d4
                                          • Instruction Fuzzy Hash: 6EB16770D05629CBCB19CFE6CA809AEFBB2FF85310F54852AE415BB654E7315A02CF24
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05321BE8, Relevance: .3, Instructions: 261COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a550c109a5af5a663940f7a94ca737e150220234e54ae5d2a0391f0e96a9f6fe
                                          • Instruction ID: e73d47ce5c2bbf4a3151711c0608e8e1b1c3c791a16e5a10905140f7de79aa1c
                                          • Opcode Fuzzy Hash: a550c109a5af5a663940f7a94ca737e150220234e54ae5d2a0391f0e96a9f6fe
                                          • Instruction Fuzzy Hash: 5CB134B4D05629DBCB04CFA9C6809EDFBF2FF89310F60966AD414BB258D7359901CB68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05321BE3, Relevance: .3, Instructions: 258COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bf32abc4358ac11ccd97b98cfac5effd0bf6e9dee778f4021e3712eed610a83
                                          • Instruction ID: 2626860dcb1646a7aec14e374083fdb0569b9c1ffc8e6f1dc5297442fd260efc
                                          • Opcode Fuzzy Hash: 7bf32abc4358ac11ccd97b98cfac5effd0bf6e9dee778f4021e3712eed610a83
                                          • Instruction Fuzzy Hash: 8CB145B4D05629DBCB44CFA9C6809EDFBF2FF89310F60866AD414BB258D7359901CB68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053212E3, Relevance: .2, Instructions: 195COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e429519a0deb748e5560caad2c3c21739dd2bc54fecdd89302309d39cc2dafe
                                          • Instruction ID: 7a3c8c7682688238813e2efbfa629ed59c37d5a4d27f356aa5831d8ff30a8284
                                          • Opcode Fuzzy Hash: 4e429519a0deb748e5560caad2c3c21739dd2bc54fecdd89302309d39cc2dafe
                                          • Instruction Fuzzy Hash: 1091E174D05218DFCB48DFE9D6949ADBBB2FF89304F20816AD406AB364DB349A41CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05322B18, Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2106e6e57a445bf0deea007a74941158803dc76853d36bd28eb7fbecc5703126
                                          • Instruction ID: 5ee4fd3cb7e00bc63fae70a22bc82d0608edaa2252a7083ec3cece635b637340
                                          • Opcode Fuzzy Hash: 2106e6e57a445bf0deea007a74941158803dc76853d36bd28eb7fbecc5703126
                                          • Instruction Fuzzy Hash: 9871E2B4D11219DFDB48CFA9D944AAEBBB2FF89300F20806AE415BB354DB345A45CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05322B0B, Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da2203660c44246693d76b2ddb55f302e1a85bfa10b58f9fac5ae4912e68e210
                                          • Instruction ID: 3bdbac368c66295f9359752669bca97ff825125c70342e0a21348bdae9c0d2f4
                                          • Opcode Fuzzy Hash: da2203660c44246693d76b2ddb55f302e1a85bfa10b58f9fac5ae4912e68e210
                                          • Instruction Fuzzy Hash: E671E274D15219DFDB48CFA9D984AAEBBB2FF89300F20816AE405BB264DB345A45CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532EA08, Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0faeecf6ceb8c530b3160e770ff16253306bd37472aa65c150e351e6d6c8ece7
                                          • Instruction ID: 94f81305764553d971b766ca252731811be9cc0e3d9396db29f8157cbe23ba24
                                          • Opcode Fuzzy Hash: 0faeecf6ceb8c530b3160e770ff16253306bd37472aa65c150e351e6d6c8ece7
                                          • Instruction Fuzzy Hash: FD619FB4E112189FCB08DFA4D5959EDBBB6FF89310F20902AE806BB358DB705941CB20
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532DFD8, Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82908bcc1fa87548506d34f454b018787aef3b5b9bc44ea0c8bf34543e94f63f
                                          • Instruction ID: 23a65cf0a86b755106881b16f0b9feb972ce42769c1a5471441271647cfe3c9b
                                          • Opcode Fuzzy Hash: 82908bcc1fa87548506d34f454b018787aef3b5b9bc44ea0c8bf34543e94f63f
                                          • Instruction Fuzzy Hash: 95414A70E16619DFCB44CFE6D5855EEFBFAEB8E311F10A42AD006BA254DB3199018F24
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053232FB, Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4380990510dc5e2d7c5e4d4e2ab971b953551959b5672e56d2dd74deb878936
                                          • Instruction ID: 4abb96e06a5c322354af488aa13e27df1b88c4376adafab3cf1b07e69b66dfe7
                                          • Opcode Fuzzy Hash: a4380990510dc5e2d7c5e4d4e2ab971b953551959b5672e56d2dd74deb878936
                                          • Instruction Fuzzy Hash: 794111B0E05619CFDB08CFAAC4445AEFBF2FB88301F14C46AD559B7250DB388A41CB68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D1AF6, Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98da5b183e1e1e5168c5f83474cf0bdc3b5f2924b28ef87e1b46fb893cbf3e23
                                          • Instruction ID: 1dc6551e4c5f82922c9446ad8b8caa89a749a5caeacbaf2b822ee39769be9c3f
                                          • Opcode Fuzzy Hash: 98da5b183e1e1e5168c5f83474cf0bdc3b5f2924b28ef87e1b46fb893cbf3e23
                                          • Instruction Fuzzy Hash: 7C417970D28219CFDB98CFA5D4496ADFFB2FB4A300F00992AD416BB684E7748812CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05322013, Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1abf7a12948aaabf1a8c7ae7c1649c43b573e49fccc275e3ce8c1f2a498ceadc
                                          • Instruction ID: 44acfeeea2418b84e317bb602eff63f1578e1c26682e409d1156523500ee873c
                                          • Opcode Fuzzy Hash: 1abf7a12948aaabf1a8c7ae7c1649c43b573e49fccc275e3ce8c1f2a498ceadc
                                          • Instruction Fuzzy Hash: 8541F975E016188FEB68DF6AC84479EBBF3AFC9200F14C0AAD448AB255DB705945CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532DCC8, Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44218d24712c71d8dbcee9ef2a4b92ce953a60e120b317a777c2ac15bf788e15
                                          • Instruction ID: ec867698ee5b80598d9575628aa1fdb92a2bfaccff8078cf7bf3840eace6ab10
                                          • Opcode Fuzzy Hash: 44218d24712c71d8dbcee9ef2a4b92ce953a60e120b317a777c2ac15bf788e15
                                          • Instruction Fuzzy Hash: 6B316BB0D25919DFCB44DFA9E6445EDFBFAEF8E310F10982AD005B6214D77099018F68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320AC3, Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5bd9ab5d399a62c43b15cdeaa06812202f098f678233b3d35db04e4ae1a22da6
                                          • Instruction ID: dce839d6fa9e2d01e928546104cf746ca30ca4bffd653a88eebad48d3fa44d60
                                          • Opcode Fuzzy Hash: 5bd9ab5d399a62c43b15cdeaa06812202f098f678233b3d35db04e4ae1a22da6
                                          • Instruction Fuzzy Hash: 0C31A5B1D016199BDB09CFAAC8446AEFBF7AFC9300F14C42AD814BB254DB751546CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320E70, Relevance: 3.9, Strings: 3, Instructions: 119COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: X$(r$X$(r$X$(r
                                          • API String ID: 0-2685387373
                                          • Opcode ID: fd77e96273bf2664d495a04290ecdb97a2b6518c044aeb46894c79ca526bcf01
                                          • Instruction ID: 6db4af5c09a4466cdfa94e0e010bd1a56a4613631fb7ebf5285966064af8f1e4
                                          • Opcode Fuzzy Hash: fd77e96273bf2664d495a04290ecdb97a2b6518c044aeb46894c79ca526bcf01
                                          • Instruction Fuzzy Hash: E551AF74E00248DFDB58DFA9D584AAEFBF2BF88300F148069E814AB354D7749945CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170716, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 051707F6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: FileNameTemp
                                          • String ID:
                                          • API String ID: 745986568-0
                                          • Opcode ID: 6b85d5ab4c9659c9628dacca6298de63d37f32e93be0d1b7cec24133fc399af8
                                          • Instruction ID: bf2e9552af518c70788ffe37f57e591c025ef33d21bf3f2c25aa974d34e9d511
                                          • Opcode Fuzzy Hash: 6b85d5ab4c9659c9628dacca6298de63d37f32e93be0d1b7cec24133fc399af8
                                          • Instruction Fuzzy Hash: 8D416B6240E3C05FD7139B358C65AA2BFB4AF87710F0A84DBD8C49F1A3D6246919C7B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170C33, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05170CE3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 091409877e0c1cbe6ec3167cd4b50afdc45d7d6e4ad43942182060acf44bd823
                                          • Instruction ID: 64d6099824b832bd47cf62cab3bf7dfc5a331623594e77a6ec589ae281248d3a
                                          • Opcode Fuzzy Hash: 091409877e0c1cbe6ec3167cd4b50afdc45d7d6e4ad43942182060acf44bd823
                                          • Instruction Fuzzy Hash: 0031C6755043846FEB228B65DC44FA7BFBCEF06310F0888AAF985CB152D764A909DB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0125ABD5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: bb88f16895643d7620e987690ffbd9f92979faec3e28f35987773c214e234f00
                                          • Instruction ID: 3f859f111de3533b43739a6c32344a5696c716a8462085b6be74151e31f3d481
                                          • Opcode Fuzzy Hash: bb88f16895643d7620e987690ffbd9f92979faec3e28f35987773c214e234f00
                                          • Instruction Fuzzy Hash: 3031B4B25043846FE7228B65CC85FA7BFFCEF05710F08899AEE819B152D264A549CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0517082C, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 051708CD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 7ecfd34c99d787b6ac79fb0e6aeb553163abf3ecec8c0e27c551e4d7fdf24da9
                                          • Instruction ID: 478d61b6e75b196a23cabcf1a313b8dd6b3aeaa5122a21dc75d0a2ef122c68a4
                                          • Opcode Fuzzy Hash: 7ecfd34c99d787b6ac79fb0e6aeb553163abf3ecec8c0e27c551e4d7fdf24da9
                                          • Instruction Fuzzy Hash: 34316D71504344AFE722CB69DC44F66BFE8EF09210F0884AEE9859B252D375E509CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125BF0A, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CopyFileW.KERNELBASE(?,?,?), ref: 0125BF96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: db700b6a50ca2bff1d32a66a76badd56e06b8bd1fc3d075e5e506e056acb3cd3
                                          • Instruction ID: c91a5e89d89a71f8aded1404e7f9dea723b5e34c3cc1079cf95e2db2cfd5718d
                                          • Opcode Fuzzy Hash: db700b6a50ca2bff1d32a66a76badd56e06b8bd1fc3d075e5e506e056acb3cd3
                                          • Instruction Fuzzy Hash: 42316D7150D3C55FD7538B249CA56A2BFB89F07210F1D84DBED84CF1A3E229A848CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 0125ACD8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 368a3ddd7fc45a9a1e671ccf9bf161e6266d9fc973d51e0506f5e13f53124568
                                          • Instruction ID: 533e3355274cdc4cf33974535ee06d87c94de3dd305e6ad6796693bb691d2901
                                          • Opcode Fuzzy Hash: 368a3ddd7fc45a9a1e671ccf9bf161e6266d9fc973d51e0506f5e13f53124568
                                          • Instruction Fuzzy Hash: 8A31B1715093846FEB22CB25CC85FA2BFBCEF06310F08859AEA85CB153D364E449CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125BB6E, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 0125BC15
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 86d79762c098bdce6be42ba66f78a1a1d03d19b8afc25b17b1d16d4685f90fe4
                                          • Instruction ID: 0bffb8a9dccc267ff0ecef94ea126a58bbbeebbda4a61471416affb47fce0b08
                                          • Opcode Fuzzy Hash: 86d79762c098bdce6be42ba66f78a1a1d03d19b8afc25b17b1d16d4685f90fe4
                                          • Instruction Fuzzy Hash: FD3181715097846FE722CB25DC85B56BFF8EF06210F08849AE984CF293D775A908C765
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051712BC, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                          • TerminateProcess.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 05171350
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: ProcessTerminate
                                          • String ID:
                                          • API String ID: 560597551-0
                                          • Opcode ID: 9656b5497cf915e1177d0e70736ed37786b8ce291b2ce1c9d6af8d19b4231a3e
                                          • Instruction ID: 0d22a4e29216ccdf0877cd8a0e7d417217bcf3fffd6901893a80a5daaa64db99
                                          • Opcode Fuzzy Hash: 9656b5497cf915e1177d0e70736ed37786b8ce291b2ce1c9d6af8d19b4231a3e
                                          • Instruction Fuzzy Hash: EC21F9B15093846FEB128B64DC45FA6BFB8EF42320F0884EBE984DF193D364A545C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051700DE, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                          • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0517017B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: OpenPolicy
                                          • String ID:
                                          • API String ID: 2030686058-0
                                          • Opcode ID: bd2062c7ef241c03a537a8dfa4485127588eaf91bec8e97fdbf8f49288175811
                                          • Instruction ID: e9f146151ccb32fa08a593773b83f001d32895ecbdbb5504727505d6e604ccd7
                                          • Opcode Fuzzy Hash: bd2062c7ef241c03a537a8dfa4485127588eaf91bec8e97fdbf8f49288175811
                                          • Instruction Fuzzy Hash: 7D218F72504344AFEB21CB64DC89F67BBB8EF05310F18889AED849B152D324E948CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170377, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTokenInformation.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 0517040C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: InformationToken
                                          • String ID:
                                          • API String ID: 4114910276-0
                                          • Opcode ID: cda7552227161f946f9b3cd55a4b274f27f676eb268f01d3ecab478e1995d250
                                          • Instruction ID: eab7f36260b0887b00fe046ad215062444f12a2e8b899ae90fee09fe890722b4
                                          • Opcode Fuzzy Hash: cda7552227161f946f9b3cd55a4b274f27f676eb268f01d3ecab478e1995d250
                                          • Instruction Fuzzy Hash: 5621A5715043846FEB22CF65DC84FA7BFBCEF05310F1884AEE9859B152D725A448DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125B074, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0125B10E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: NameUser
                                          • String ID:
                                          • API String ID: 2645101109-0
                                          • Opcode ID: a34bd5e758e48f6caf374c1ddb9da7060d79dc5b685ef4d302a1b16a66041834
                                          • Instruction ID: 6229397c4b1c0ddb0a4979923d0b177eec9a785ac81ce2142bb9e448367199c0
                                          • Opcode Fuzzy Hash: a34bd5e758e48f6caf374c1ddb9da7060d79dc5b685ef4d302a1b16a66041834
                                          • Instruction Fuzzy Hash: 8821717144D3C16FD7138B258C51B61BFB8EF87610F0A44DBE984CB5A3D224A919C7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170C66, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05170CE3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 91abc07e1b05b65b9472788106e45e39bcf60d33e82982c9e4e47b4ec8a4246a
                                          • Instruction ID: 79bfbbdc6b1fe798894c4dc0e8e3c2ce90651fc621aa8c455b78a2f96dd12e14
                                          • Opcode Fuzzy Hash: 91abc07e1b05b65b9472788106e45e39bcf60d33e82982c9e4e47b4ec8a4246a
                                          • Instruction Fuzzy Hash: 9221A1B2500308AFEB21DF69DC84F6AFBECEF08310F14886AED459B151D770A5488BB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170924, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 051709B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: a7e28fa8b2fc8db5a7b830fd2eb6335fb6829ffffdd499adfac7abee5c50ea7e
                                          • Instruction ID: 9e01181db94a62a1168bbfd55be714186df0a4a5864e2e52a8e49ce11849f1e9
                                          • Opcode Fuzzy Hash: a7e28fa8b2fc8db5a7b830fd2eb6335fb6829ffffdd499adfac7abee5c50ea7e
                                          • Instruction Fuzzy Hash: 4821F8B64087846FE7128B259C55FA7BFB8EF46720F1884DAE9848F153D324A909CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170D41, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNELBASE(?), ref: 05170DC8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: fc4bb032173d03e87a16afa8aaca4add704c6fd2cf0097a4ddf59510382e8b6b
                                          • Instruction ID: 918cad9b75f34efedb40f66e57f10941ae55bb9c1a1d4cf92e6f9bd95dd4c233
                                          • Opcode Fuzzy Hash: fc4bb032173d03e87a16afa8aaca4add704c6fd2cf0097a4ddf59510382e8b6b
                                          • Instruction Fuzzy Hash: A9218D765093C49FDB12CB35D854AA2BFB4AF07610F0984DADC858F263D225A948CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0517084E, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 051708CD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 4ead5802d1265386a531c9a45800e924b8c15c59b344f6ff4f9b3458f1cfcaed
                                          • Instruction ID: 992d298ae65b95d6a717e5fa002d7a28dbcddfaa50ff525a35f0f4524b5f632f
                                          • Opcode Fuzzy Hash: 4ead5802d1265386a531c9a45800e924b8c15c59b344f6ff4f9b3458f1cfcaed
                                          • Instruction Fuzzy Hash: EC219C71900704AFEB21DF69DC48B66FBE8EF08310F08846DE9898B252D371E408CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051709F4, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteFile.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 05170A85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: bbc95086b5db05bb4db2e92fed2182cb2bca6b07f44d99809c10b58d50c2ecf5
                                          • Instruction ID: 47b5bc342d650dceb3fbc212e8f5db241d8f1fbccfe04f4013792c30cef68d97
                                          • Opcode Fuzzy Hash: bbc95086b5db05bb4db2e92fed2182cb2bca6b07f44d99809c10b58d50c2ecf5
                                          • Instruction Fuzzy Hash: 2F21A4714093846FDB228F65DC44F56BFB8EF46310F09849BE9849F153C364A409CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0125ABD5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: d4eccf282d00396388da258f066fe3fbb642039066981a9dc4e5d7e6d38b3eac
                                          • Instruction ID: 02f9516f6666fcadbaed37aaf08a917e8abb581a0f7d626a18f2af2e12d6bf5c
                                          • Opcode Fuzzy Hash: d4eccf282d00396388da258f066fe3fbb642039066981a9dc4e5d7e6d38b3eac
                                          • Instruction Fuzzy Hash: 8F21F3B2500204AFEB21DF69CC85FABFBECEF04310F14895AEE419B241D670E5088BB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0517010A, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0517017B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: OpenPolicy
                                          • String ID:
                                          • API String ID: 2030686058-0
                                          • Opcode ID: 3a3b17a59b7eefd212e510bc67b7d2fd945154445359ff2c5b052d7b3cbdf09f
                                          • Instruction ID: bb8dfd828ed43cbb41266f787020c357e939682fc833e05b3fa97b8df3f920ab
                                          • Opcode Fuzzy Hash: 3a3b17a59b7eefd212e510bc67b7d2fd945154445359ff2c5b052d7b3cbdf09f
                                          • Instruction Fuzzy Hash: C9215171500304AFEB21DB69DC89F6AFBECEF48710F14886AED459A241D774E5048B75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125BBA2, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 0125BC15
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: e32d758bb61cf882ab58022e14064bce8d780fe7740a181d6ea9fd7780ee08fa
                                          • Instruction ID: 3c34686e60a6cdfab45b81862ac07ae4a7100587222ef591a9703779b2971891
                                          • Opcode Fuzzy Hash: e32d758bb61cf882ab58022e14064bce8d780fe7740a181d6ea9fd7780ee08fa
                                          • Instruction Fuzzy Hash: 0E21A1B1510244AFE721DF69DC85B6AFBE8EF04711F14846AEE49CB282D771E404CB75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051703A2, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTokenInformation.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 0517040C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: InformationToken
                                          • String ID:
                                          • API String ID: 4114910276-0
                                          • Opcode ID: 80a639333b7e3b84df47205a74e70e049db2f4146bab1833cb3da657eca98999
                                          • Instruction ID: cbc093dbc4e35993be21a3a7f951aa17f0030291dd95ab31c032e9d32c9c268b
                                          • Opcode Fuzzy Hash: 80a639333b7e3b84df47205a74e70e049db2f4146bab1833cb3da657eca98999
                                          • Instruction Fuzzy Hash: 4211A2B1500204AFEB21CF69DC84FAAFBACEF44320F14846AEE46DB251D774A404CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 0125ACD8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 23067aefdb0cf8bf44598cb79dce214c528d5ea88cb320baefbb0864d3732898
                                          • Instruction ID: a37702cff2fbc96cfd98a9c97cd46569695e80af0b89661ee9e5e75f1a23f399
                                          • Opcode Fuzzy Hash: 23067aefdb0cf8bf44598cb79dce214c528d5ea88cb320baefbb0864d3732898
                                          • Instruction Fuzzy Hash: 43218CB1610204AFEB61CF29DC86F66BBECEF04711F08856AEE459B252D770E408CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05171058, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 051710C4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: ffc144b88ec7c6331af240be2ea9f852e427c4a701577dc7d7f565a7de917add
                                          • Instruction ID: 5d42459126f3aa13321394177a779dd34f8f4df4bb250118ad47e4050e848ea4
                                          • Opcode Fuzzy Hash: ffc144b88ec7c6331af240be2ea9f852e427c4a701577dc7d7f565a7de917add
                                          • Instruction Fuzzy Hash: CF21C37250D3C45FDB138B25DC54B92BFB4AF07224F0D84DAEC858F263D264A908CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0517110D, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32EnumProcesses.KERNEL32(?,?,?,475BE300,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 0517117E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: EnumProcesses
                                          • String ID:
                                          • API String ID: 84517404-0
                                          • Opcode ID: 96aa82b6d377ba3cea640dc38e9225b6e2d2068b6459ec7244e65c3aca9c515b
                                          • Instruction ID: 70e9fb072c522a354216256d1a4ac0d27ef6078863eeb0512e913e849cba48ef
                                          • Opcode Fuzzy Hash: 96aa82b6d377ba3cea640dc38e9225b6e2d2068b6459ec7244e65c3aca9c515b
                                          • Instruction Fuzzy Hash: 81214C755093849FDB12CB65DC85B92BFF8EF06210F0984EAE9858F263D264A908CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125B3B9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0125B435
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoadShim
                                          • String ID:
                                          • API String ID: 1475914169-0
                                          • Opcode ID: 720f99aeddad781022091fa8d1364813451e57f8fe852797d9886c0887de19fd
                                          • Instruction ID: 2b2afb8bba34d2f957dfc780c06de34913cda5558817894214033cedfd6088e9
                                          • Opcode Fuzzy Hash: 720f99aeddad781022091fa8d1364813451e57f8fe852797d9886c0887de19fd
                                          • Instruction Fuzzy Hash: C121C0714083805FEB228F25DC84B62FFF8EF06210F08808AEE84CB253D275E808CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125B89D, Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0125B911
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 5a4c73cd67174361f498b67b174a3fe6032422d9c4dceefd868edff14f7747a0
                                          • Instruction ID: e0ad90b21a43fd4ea07cc2f2f6a0b4bd9082851908d06b2e64aa2828390a94cf
                                          • Opcode Fuzzy Hash: 5a4c73cd67174361f498b67b174a3fe6032422d9c4dceefd868edff14f7747a0
                                          • Instruction Fuzzy Hash: 2D218E765093809FEB228F25DC54BA2FFB4EF06210F0884DAEDC58B163D265A418DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051714E9, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,?,?,?), ref: 0517155D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: c3ba96941e179e4dcdfe3d3cc02bd29e623a38646de6523bbfc1a4030157cbe3
                                          • Instruction ID: d49fba2d64c59ef562e14fb9762c5d153186d2784a4f5a94a7ead18313dee186
                                          • Opcode Fuzzy Hash: c3ba96941e179e4dcdfe3d3cc02bd29e623a38646de6523bbfc1a4030157cbe3
                                          • Instruction Fuzzy Hash: 9E218C714093C4AFDB238B25CC44A62BFB4EF17210F0984DAED858F163D225A958DB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051712FA, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • TerminateProcess.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 05171350
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: ProcessTerminate
                                          • String ID:
                                          • API String ID: 560597551-0
                                          • Opcode ID: f1036fb16b42ecd8ffaf868827e116191b485c1fd2513611e2dd92d7bbfa0896
                                          • Instruction ID: fb1f31d55131c2e65d2cc6c6600995c7beda9a2a70dcd203b5643f6e3b907365
                                          • Opcode Fuzzy Hash: f1036fb16b42ecd8ffaf868827e116191b485c1fd2513611e2dd92d7bbfa0896
                                          • Instruction Fuzzy Hash: 1211A3B1904204AFEB21CF69DC85FAABBA8EF44720F1484AAED45DF241D774A404CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0125A61A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 4dbeb01bf58d46a95756b7607ee974b51898b03a80ba611da7b43fd467457b4e
                                          • Instruction ID: 24981c66c32e0f2e5da7dc36f3773eff421f76f151ad9a9e7023484f0c4b4418
                                          • Opcode Fuzzy Hash: 4dbeb01bf58d46a95756b7607ee974b51898b03a80ba611da7b43fd467457b4e
                                          • Instruction Fuzzy Hash: D9117271409380AFDB238F55DC44B62FFF4EF4A610F08859AEE858B153D275A418DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170A26, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteFile.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 05170A85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: a9a5720588c3128310c6e9063d58858c44446b50fc70553e478dd49767d1bd55
                                          • Instruction ID: 893df2fddff52edfdc8da423b5b7434ffb7248ce2a1fecdc0fb91753e800a562
                                          • Opcode Fuzzy Hash: a9a5720588c3128310c6e9063d58858c44446b50fc70553e478dd49767d1bd55
                                          • Instruction Fuzzy Hash: 82118271501704AFEB21CF59DC84F66FBA8EF48710F18886AEE459B251C774A5448B71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0517002D, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 0517008F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 0cdd0b0f7961b953f281b2d0e16638058e466b605345e5f138072fc01fa0effb
                                          • Instruction ID: e51247aad66d883bf13de78acb6013e5dceed513aece5a0c7f35e23d21e44407
                                          • Opcode Fuzzy Hash: 0cdd0b0f7961b953f281b2d0e16638058e466b605345e5f138072fc01fa0effb
                                          • Instruction Fuzzy Hash: F61193755093845FDB11CF29DC85B96BFE8EF06220F0884AAEC45CF253D375A549CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 0125A6CC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 7af865f46b6873b784343dc37fd00c6859de459a9d22de58b3dee6cf21ead4c8
                                          • Instruction ID: d6a1d5485e3e8f38d1638ca8591d19b3c2fe749802fedca1bed9a608950d2306
                                          • Opcode Fuzzy Hash: 7af865f46b6873b784343dc37fd00c6859de459a9d22de58b3dee6cf21ead4c8
                                          • Instruction Fuzzy Hash: 731147754093C49FDB138B25CC95A52BFB4DF47220F0A80DBD9858F1A3D269A948CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A2D6, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 0125A32C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 91a0d2f4d59270094f0d63f86a666b4676c10571e6c918a038a6e5faa69e7e1c
                                          • Instruction ID: f4807ba0cf942c218468e3ce7ad278c62395011681496d0aa3665444688bc336
                                          • Opcode Fuzzy Hash: 91a0d2f4d59270094f0d63f86a666b4676c10571e6c918a038a6e5faa69e7e1c
                                          • Instruction Fuzzy Hash: 42119471509384AFDB128F29DC95756BFB8DF46220F0884EBED858F653D274A408CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125BF4E, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CopyFileW.KERNELBASE(?,?,?), ref: 0125BF96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: 011f03787cbf06ae6ef21c8d6f2b195a8cd8c0e07a24f53ad3ac3e3221c52486
                                          • Instruction ID: f49d307dc2cb423f10e4afb3fed34df9d0d1723726ad5b464c9835d2420899f8
                                          • Opcode Fuzzy Hash: 011f03787cbf06ae6ef21c8d6f2b195a8cd8c0e07a24f53ad3ac3e3221c52486
                                          • Instruction Fuzzy Hash: C0118E716102458FEB60CF29D885766FBE8EF04220F1884AAED49CB242D271E444CE71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170966, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(?,00000E2C,475BE300,00000000,00000000,00000000,00000000), ref: 051709B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: d648afca5d77da3e6f79279fab7a96302c72d813085cfa919025b9a381ae1dfd
                                          • Instruction ID: d29a8ae62fdc4a5372acdd308be58a3eaf69d8e910b5a97ebad3c9e81d0110a5
                                          • Opcode Fuzzy Hash: d648afca5d77da3e6f79279fab7a96302c72d813085cfa919025b9a381ae1dfd
                                          • Instruction Fuzzy Hash: 9301C471504304AFF720CB19DD85F6AFBA8DF48720F18C456EE499B241D764A804CA75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0517113E, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32EnumProcesses.KERNEL32(?,?,?,475BE300,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 0517117E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: EnumProcesses
                                          • String ID:
                                          • API String ID: 84517404-0
                                          • Opcode ID: 75bf5f2bd4aa7c762754c6b18a0c4b2c6583c73e87a95738d1d8fa6655eff9b4
                                          • Instruction ID: ee46a800e98274ff6e3a72376e27012d8d5310b933bad586d356830b91c2a5e5
                                          • Opcode Fuzzy Hash: 75bf5f2bd4aa7c762754c6b18a0c4b2c6583c73e87a95738d1d8fa6655eff9b4
                                          • Instruction Fuzzy Hash: BA116D755002489FDB20CF69D885B66FBE8EF44620F08C4AAED498F652D375E448CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170052, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 0517008F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 985649683074a0d2106790b7fa3bbfc4edc2df8032b618879fb209b0d7769649
                                          • Instruction ID: bdea3b6c791e55598efd0e01dd0a83628e03e694b2ac47f6b26534ace868d4e3
                                          • Opcode Fuzzy Hash: 985649683074a0d2106790b7fa3bbfc4edc2df8032b618879fb209b0d7769649
                                          • Instruction Fuzzy Hash: 8F0180715013449FDB20DF29D888766FFA8EF48220F0884AADC49CB242E374E444CF61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: LongWindow
                                          • String ID:
                                          • API String ID: 1378638983-0
                                          • Opcode ID: 9772ae7c5324e81834833ba77ebe2bbd630239b6f3118f058fbb81998ba82720
                                          • Instruction ID: 5f1c30f5a206ee994a81e1c6ac3a0bdab948937406378c3cc0a13d0016a52566
                                          • Opcode Fuzzy Hash: 9772ae7c5324e81834833ba77ebe2bbd630239b6f3118f058fbb81998ba82720
                                          • Instruction Fuzzy Hash: 3511AC314083849FDB228F15DC85B52FFB4EF46220F08C59AED854B263D275A808CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05170D8E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNELBASE(?), ref: 05170DC8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: ffc74556d3017a7352f52cbddef9d80c22162e458291ff28769c96f282b74384
                                          • Instruction ID: b6b842f92de0c75811d76d9fd4b1cf629a964dc157fb1bc9f75808ca60dedcf2
                                          • Opcode Fuzzy Hash: ffc74556d3017a7352f52cbddef9d80c22162e458291ff28769c96f282b74384
                                          • Instruction Fuzzy Hash: DA015E75A043448FDB20DF29D88976AFBA8EF48620F18C4AADD49CF242D775E544CEA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 051707A6, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 051707F6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: FileNameTemp
                                          • String ID:
                                          • API String ID: 745986568-0
                                          • Opcode ID: 7d749f84d22bbcc9330d4d5db86bc56a8908e9c45e5a01195dd5378fa9a24a19
                                          • Instruction ID: e139287a773e2ca4fb75b51f3560f74215fbb24b0bfa7b447294744fad1658ba
                                          • Opcode Fuzzy Hash: 7d749f84d22bbcc9330d4d5db86bc56a8908e9c45e5a01195dd5378fa9a24a19
                                          • Instruction Fuzzy Hash: 9601B172900200ABD710DF2ADC85B26FBE8FB88B20F14852AED088B645E631F515CBE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125B3EA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0125B435
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoadShim
                                          • String ID:
                                          • API String ID: 1475914169-0
                                          • Opcode ID: 32280c1be9dbfffea8115f52c9d6ea44eee8852697757db21a6be74d7c7d6dad
                                          • Instruction ID: 67563bcf3916a60889f976b480e0f37ae763f580e20cf69551b66039125aa4ec
                                          • Opcode Fuzzy Hash: 32280c1be9dbfffea8115f52c9d6ea44eee8852697757db21a6be74d7c7d6dad
                                          • Instruction Fuzzy Hash: A10180719106049FDB70CF19D885B26FFE8EF44710F08C459DE498B252D274E408CA72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0125A61A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 9c7ef97f06e03701866b2040c0db7e7af81774e1898c7e37de5fabe70256f65c
                                          • Instruction ID: ac0472ed337784cd9d932d77c920575655247f2eac8591a347d8d96112da402e
                                          • Opcode Fuzzy Hash: 9c7ef97f06e03701866b2040c0db7e7af81774e1898c7e37de5fabe70256f65c
                                          • Instruction Fuzzy Hash: 78016D718106009FDF618F55D885B56FFE4EF48720F08C9AAEE494B652C375A418CF71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05171092, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 051710C4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: e5851f9e4d39b61c67893766a6c51b6dc6e1d7994105089cbc6f03eb6752baa9
                                          • Instruction ID: 1c8b73a8a81bd763a8bbfeb60d52c1d3752472f3e46642d2339ea1c26b3354ad
                                          • Opcode Fuzzy Hash: e5851f9e4d39b61c67893766a6c51b6dc6e1d7994105089cbc6f03eb6752baa9
                                          • Instruction Fuzzy Hash: 5B01DF71A042449FDB20DF29E884766FFA4EF44220F08C0AADC498F242C374A448CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 0125A32C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: e1a165a68c490a21d93e16453cfcde2f9571f105b0d9e5ae2e9b9208518ed196
                                          • Instruction ID: 27aaad3cc6373157cc91889354f5d1c520d87e8e02a2766fdf7545cc08f33785
                                          • Opcode Fuzzy Hash: e1a165a68c490a21d93e16453cfcde2f9571f105b0d9e5ae2e9b9208518ed196
                                          • Instruction Fuzzy Hash: 1701DF719102409FDB508F29D886766FFA4EF40620F08C4BADD098F243D2B4A408CA61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125B8D6, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0125B911
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: a36d39330043ba9d50147915e9bc75b51b72c1ebeadb265029c9ae15d8f3f858
                                          • Instruction ID: bed8871e8db1ffda1fa4c55c51b2f36336be4a26084b2fbfbbfdfc0a4e4a1092
                                          • Opcode Fuzzy Hash: a36d39330043ba9d50147915e9bc75b51b72c1ebeadb265029c9ae15d8f3f858
                                          • Instruction Fuzzy Hash: 1C01D4715106048FDB618F19D885766FFB4EF44320F08C49ADD464B652C271E418CF62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05171522, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,?,?,?), ref: 0517155D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239678422.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 2db3646f1e7f6330c5e52eb19130b2327191a23145ed439dc2f448083e81ff4e
                                          • Instruction ID: 9c8c3ee3a563b0114df64cf839a18a8329405f8632d7294d75f7ba50a69acb5e
                                          • Opcode Fuzzy Hash: 2db3646f1e7f6330c5e52eb19130b2327191a23145ed439dc2f448083e81ff4e
                                          • Instruction Fuzzy Hash: 18018B75450208AFDB20CF19D884B25FFB5EF49720F18C49AED8A4B252C375A458CFA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: LongWindow
                                          • String ID:
                                          • API String ID: 1378638983-0
                                          • Opcode ID: a2285b11051c765efc62e967db4fc684e2c3e603421a2ba3256f5d7284c95fab
                                          • Instruction ID: 14f62af085b02b9b874c30452c5ffa14570bd1f2f42232af42c442c8a4706c4c
                                          • Opcode Fuzzy Hash: a2285b11051c765efc62e967db4fc684e2c3e603421a2ba3256f5d7284c95fab
                                          • Instruction Fuzzy Hash: 5E01D1314202048FDB618F19D986726FFB0EF44720F08C59ADE490F252D3B5A408CFB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0125A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 0125A6CC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238432738.000000000125A000.00000040.00000001.sdmp, Offset: 0125A000, based on PE: false
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: b8a760cdf0a8c860ea74e4bd1e603e26b1a70bf008f22678ddfe946ec3dabbab
                                          • Instruction ID: 7d93b9fba1869d11ae1fc49dbd3209e8deec4b380250c898c9d284be7fcb338f
                                          • Opcode Fuzzy Hash: b8a760cdf0a8c860ea74e4bd1e603e26b1a70bf008f22678ddfe946ec3dabbab
                                          • Instruction Fuzzy Hash: E1F0C2744202458FDF60DF19D886766FFA4EF84720F18C19ADD494F356D2B5A448CEB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053205A8, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: `5(r
                                          • API String ID: 0-3683955166
                                          • Opcode ID: 16d6544b3a25dc52e7848b2adea8326bc659c25d18f7e2e2c3a34e4da86779f6
                                          • Instruction ID: 50fed9c74aab3aee922c18027e1036d5ec777da73ef4434e5c7ee93c7b9e7df2
                                          • Opcode Fuzzy Hash: 16d6544b3a25dc52e7848b2adea8326bc659c25d18f7e2e2c3a34e4da86779f6
                                          • Instruction Fuzzy Hash: 8E91E474E01219CFDB18CFA9C898BADBBB2FF49310F108169D409AB3A0DB719985CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05325028, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: #6m\
                                          • API String ID: 0-28004059
                                          • Opcode ID: 71132ec9b1e4c039c9a46091136ba7fc46ea2dc2168ebb65c6d3f6c4471d9154
                                          • Instruction ID: 860d244372c801549bb8af995079cbc8bb23e02ca6976fe745d008323e18ba3c
                                          • Opcode Fuzzy Hash: 71132ec9b1e4c039c9a46091136ba7fc46ea2dc2168ebb65c6d3f6c4471d9154
                                          • Instruction Fuzzy Hash: 8E219D70D0A659DFCB04CFA5D9449AEBBB6FF49300F15C8AAC401AB220EB709B01CF81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053288AD, Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: <
                                          • API String ID: 0-4251816714
                                          • Opcode ID: f5a5c929ba30d7d5d0289fe3d5e803a4facf0ea66b3959a438c857f4e2f84e0b
                                          • Instruction ID: 91a861a4fc8175f73e1d9a0bf7be69b2e1b044973707a97a10724a6b5714aac2
                                          • Opcode Fuzzy Hash: f5a5c929ba30d7d5d0289fe3d5e803a4facf0ea66b3959a438c857f4e2f84e0b
                                          • Instruction Fuzzy Hash: 0A01CFB0E44328CFDB64DF20DD987D8BBB1AB88300F1241DAD80AB72A0CB305A80CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05328020, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: ntin
                                          • API String ID: 0-3077571345
                                          • Opcode ID: 17424e3ab04e3e718ae6eb16f35cd9246fbeef6ddac1acd50c9f5222c047f1e8
                                          • Instruction ID: 849002655ea9bdca8087d647059523c6885384587ee7423efa36d659429b1e0a
                                          • Opcode Fuzzy Hash: 17424e3ab04e3e718ae6eb16f35cd9246fbeef6ddac1acd50c9f5222c047f1e8
                                          • Instruction Fuzzy Hash: 81F09B74A04229DFCB14CFA4C981A9DBBB8BF19304F119095D808AB765D734AA40CF25
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05322D9B, Relevance: .2, Instructions: 233COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ed1537b4b970860eaafd909dee3122de6fa8fa9a7cdab970b5867d752691e27
                                          • Instruction ID: fc16698c3ce5ab5f8a90fec4afe848b2b6d8332e1104f676c9557ff25e7c0619
                                          • Opcode Fuzzy Hash: 8ed1537b4b970860eaafd909dee3122de6fa8fa9a7cdab970b5867d752691e27
                                          • Instruction Fuzzy Hash: E3A1A5B4E1021ADFCB44DFA8D990A9EFBB2FF88304F208519D515AB395DB34A941CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320598, Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93626268b663f27c4d2ba178ce9088c3a15873b1e00575a5ffe00010671755cd
                                          • Instruction ID: a5c96f8118b2f15e2d424c574464fa5ed835363f8eea7122b370c1f7e46902b8
                                          • Opcode Fuzzy Hash: 93626268b663f27c4d2ba178ce9088c3a15873b1e00575a5ffe00010671755cd
                                          • Instruction Fuzzy Hash: 3071E474E01619CFDB58CFA9C898BADBBF2BF49310F1481A9D406AB3A0DB715985CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320273, Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae63a9c609fe47f03255cc968f42f7c9f89a0d7f0bfae6dc41b792e8bf332fb3
                                          • Instruction ID: 8353bf66ee5b1f472870826aef83576f1481eb34c080095a99a14092df30569c
                                          • Opcode Fuzzy Hash: ae63a9c609fe47f03255cc968f42f7c9f89a0d7f0bfae6dc41b792e8bf332fb3
                                          • Instruction Fuzzy Hash: 0A519EB8A00618DFDB14CFA8C485AADBBF1FF0D310F145495EA02AB360D675A994DF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320280, Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8e2732e852b9cd44bace22a1942161b18201ff01794be0972264f084fbf854e
                                          • Instruction ID: e09e177a119ffe7ee22616897e80498b58bcd8e2f604b8d517503d6150dc208f
                                          • Opcode Fuzzy Hash: c8e2732e852b9cd44bace22a1942161b18201ff01794be0972264f084fbf854e
                                          • Instruction Fuzzy Hash: 694191B4A00618DFDB14DFA8C885BADBBF2FB0D310F145495E602AB360D675A994DF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05329EA8, Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c485967f7e3d45a06c728cababb7b40868019e0b331f654c7bc443e258e289f8
                                          • Instruction ID: 97e3cb67b6f4f8a202e3d76a0cfd34bd3a4301284aea7344ffdef8e701718b5a
                                          • Opcode Fuzzy Hash: c485967f7e3d45a06c728cababb7b40868019e0b331f654c7bc443e258e289f8
                                          • Instruction Fuzzy Hash: 64412974A11259CFCB08DFA8D9956EDBFB2FB85304F60811BE815AB358DB705D42CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A877, Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed492069b1e6ffce55ada1ebaa4d02b9487fc9396adf4de02e7e44cfb41e121c
                                          • Instruction ID: 4c24cfde47081fcca1c60cc2e1e9d8f83753b9b9f3471656cd4bbe7bb7c8ea51
                                          • Opcode Fuzzy Hash: ed492069b1e6ffce55ada1ebaa4d02b9487fc9396adf4de02e7e44cfb41e121c
                                          • Instruction Fuzzy Hash: 2A31A0B6508704AFD350CF19EC41E57FBE8EB89630F14C96EFD499B211D275A9048BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A74C, Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29b4d9ca4d42d23252ff35a72f3753aec2610e94c180a9ee0fda5bf829ac969e
                                          • Instruction ID: ebf8118fffe0f243158745d80dd5aa50dc866e63166d21d72fafd5e8009d7999
                                          • Opcode Fuzzy Hash: 29b4d9ca4d42d23252ff35a72f3753aec2610e94c180a9ee0fda5bf829ac969e
                                          • Instruction Fuzzy Hash: 7031AEB6508304AFD350CF19EC41E57FBE8EB89630F18C96EFD499B211D275E8048BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A9A5, Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfd482cf8f44967065a8d0817cee4589a43d7b4ab7dbf94e765166fcaeb43e4f
                                          • Instruction ID: 6544be781f8c8629ff3410d8a0544668a0a86acab1306105b13c93073093e932
                                          • Opcode Fuzzy Hash: dfd482cf8f44967065a8d0817cee4589a43d7b4ab7dbf94e765166fcaeb43e4f
                                          • Instruction Fuzzy Hash: FB318FB6508344AFD350CF19EC41A57FBE8EB89630F14C96EFD499B211D275E9088BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A40C, Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4673979fc4bc19a8bf10cadb1c946edb9a28101995889ae9dc54b3469f63bac3
                                          • Instruction ID: bfda44093f4ace8bbd17a2bc9775e5f79650f761f4a49ec523d7a8e53d96f408
                                          • Opcode Fuzzy Hash: 4673979fc4bc19a8bf10cadb1c946edb9a28101995889ae9dc54b3469f63bac3
                                          • Instruction Fuzzy Hash: E221F1B2504304BFD3108F06EC45E63FFA8EB84630F18C96AFD499B211D275B8048BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A620, Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ceca30f05c15da90927e39ed65995360c0df89639cd39fa184a8404b2144ddb8
                                          • Instruction ID: 7c6be2b8381ce1adc51153b5a41d50f6f864974022bd3634f6c5060cccc307ed
                                          • Opcode Fuzzy Hash: ceca30f05c15da90927e39ed65995360c0df89639cd39fa184a8404b2144ddb8
                                          • Instruction Fuzzy Hash: FE21C4B6504304BFD7108F06EC45E67FBA8EB84A70F18C96EFD495B211D275B9048BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126AB28, Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 995fc7b6092048abdfe02c5af00d6b8134e5dabfd65076e4a27a6bfce283a58e
                                          • Instruction ID: 03ce8c6af055c5fdf9b3aa7547aab2c4fb3c8b54d10498957a4af9438fd62803
                                          • Opcode Fuzzy Hash: 995fc7b6092048abdfe02c5af00d6b8134e5dabfd65076e4a27a6bfce283a58e
                                          • Instruction Fuzzy Hash: 79315EB550D3C15FD342CF29C850A56BFF4EF8A610F0989DEE8C8DB252D275A908CB66
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A1F1, Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48c57c9400deb71e90ff391a68e2fe844f7f9eee7a3e5daa2f30158003b55cbe
                                          • Instruction ID: c877691ca2399df5300b2186c2d6a484fc6c0594a9bdeb558130badcca38646e
                                          • Opcode Fuzzy Hash: 48c57c9400deb71e90ff391a68e2fe844f7f9eee7a3e5daa2f30158003b55cbe
                                          • Instruction Fuzzy Hash: 2D21C272504344BFD7118F199C45E63FFACEB85A30F08C96EFD095B212D275B8148BA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053209D8, Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9afa66129e467ea503cb2f3d52f8e72f0bec9e5805f0cd6fc194027c911c2679
                                          • Instruction ID: 816cbb8e2e278361ed8911c3721a6281df4a80ad1fe8e1e5050b379325afdaae
                                          • Opcode Fuzzy Hash: 9afa66129e467ea503cb2f3d52f8e72f0bec9e5805f0cd6fc194027c911c2679
                                          • Instruction Fuzzy Hash: 61212232D01209AFDB45DFB8C9459EEBBB2FF8D300F104569D604B72A0D631AE45CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A9CE, Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f837c0621e5a333e03417f530c5a342c9fe2c81db55efc5328bc3bc4210e75c1
                                          • Instruction ID: c2d87e48e38e314b38d787e116336da67e86b53ab40c760df8b2bc7cdc3a6e4b
                                          • Opcode Fuzzy Hash: f837c0621e5a333e03417f530c5a342c9fe2c81db55efc5328bc3bc4210e75c1
                                          • Instruction Fuzzy Hash: C2212FB6544304AFD650CF09EC41A57FBE8EB88A70F14C92EFD499B311D275B9148BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A8A2, Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5582d6bbe9affbf947c09d2a5514e06ade398d99796d8a63e94b21f8748c2be
                                          • Instruction ID: 70a1459ff9a3a7f9014c78920c0534684d1c3ed1c04c8d61f1cdbcfc647aa2fc
                                          • Opcode Fuzzy Hash: f5582d6bbe9affbf947c09d2a5514e06ade398d99796d8a63e94b21f8748c2be
                                          • Instruction Fuzzy Hash: 08212FB6544304AFD650CF09EC41A67FBE8EB88A70F14C92EFD499B311D275B9148BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A776, Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ced1f5121f8d6d72427c16edd510bd6452759517484ea25ecd046afbf160d5b
                                          • Instruction ID: fa27a8d950fd1540e02ed5ea50f35bcdd912eaf44c68940f492a49cb383a4f1d
                                          • Opcode Fuzzy Hash: 0ced1f5121f8d6d72427c16edd510bd6452759517484ea25ecd046afbf160d5b
                                          • Instruction Fuzzy Hash: 77214FB6504304AFD650CF09EC45A57FBE8EB88A70F18C92EFD499B311D275A9148BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053209E8, Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09f877da30d67f40d4365e812ab8b86a5fa348a5c8ae51e8b578337c3e515a5a
                                          • Instruction ID: c9b4cc3cea63c345186effd4a34f424a4e94832cb8ec67934e50de0b88f0fbf4
                                          • Opcode Fuzzy Hash: 09f877da30d67f40d4365e812ab8b86a5fa348a5c8ae51e8b578337c3e515a5a
                                          • Instruction Fuzzy Hash: 2B21F235901119AFDB44DFE8C9449EEBBB6FF8C300F104565D604B72A0D631AE54CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A432, Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c144c79c0ad6af94288b059c9ebe6faeb2b3fecabf9545f3c51feb37d9403c24
                                          • Instruction ID: 5a8c870c841770f9c53eb7519b12916561362aa4ad82d7706b5950aafe13ae50
                                          • Opcode Fuzzy Hash: c144c79c0ad6af94288b059c9ebe6faeb2b3fecabf9545f3c51feb37d9403c24
                                          • Instruction Fuzzy Hash: C811B676544304BFD6108F0AEC41E67FBE8EB84A70F18C96AFD0D5B311D276B5148BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A64A, Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38ddaab1e70f381c4fb44a492b2eb42d0214c892bb907695c4af9fbc2396d339
                                          • Instruction ID: 167aa8cce4ffb377d6f61c54fd502cd404246f70a4e5c097c02e0549b97c8b38
                                          • Opcode Fuzzy Hash: 38ddaab1e70f381c4fb44a492b2eb42d0214c892bb907695c4af9fbc2396d339
                                          • Instruction Fuzzy Hash: C311B6B6544204BFD610CF0AEC41E67FBE8EB84A70F18C96AFD095B311D276B5148BA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05323598, Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 773ec2661fc4bf556d6752ea78274f53d82232f20dc0842a3e2ad5f8ffab3c21
                                          • Instruction ID: 320ed62c17999f09bf536b571bf44825711319e0dd659c52dcdac66ed6f6d645
                                          • Opcode Fuzzy Hash: 773ec2661fc4bf556d6752ea78274f53d82232f20dc0842a3e2ad5f8ffab3c21
                                          • Instruction Fuzzy Hash: 01216B70E0461ADFCB04CFA9C5819AEBBF6FF89300F20C8AAD405AB315D7349A008F51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D1791, Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33d92887f7a1f9fb244d9c109bb0f8b54466f566eebd3cfcd522dbfcdddc8123
                                          • Instruction ID: 5bbc14278b630eaf96b6104189aa801a3e0ab81dfaa59f09a90f5a0826147146
                                          • Opcode Fuzzy Hash: 33d92887f7a1f9fb244d9c109bb0f8b54466f566eebd3cfcd522dbfcdddc8123
                                          • Instruction Fuzzy Hash: D52105B5C19249EFEB44CFA4D5855ADBFB1FF55200F24889AD406EB250C3348B40CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A6A0, Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa2e7587d5cebed304d397de41a6c965072a096179e161654d6123acdc94ed13
                                          • Instruction ID: 153c6bb4987bfcbe32c67e3cc7e34939b7c8cec3d08894d1316f667eba0ac24f
                                          • Opcode Fuzzy Hash: aa2e7587d5cebed304d397de41a6c965072a096179e161654d6123acdc94ed13
                                          • Instruction Fuzzy Hash: A5215EB550D3816FD702CF25DC51956BFF4EF86620F0989DAF8889B253D235A908CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A21A, Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a56ae268b063f740c74f61c0a12e6f6bacb4c04753e92e3d1e140d9538d85d2b
                                          • Instruction ID: 88ddbfdb2df2bc4c09195a14ead78cc446822395068c1c20a3df24d31cb762e8
                                          • Opcode Fuzzy Hash: a56ae268b063f740c74f61c0a12e6f6bacb4c04753e92e3d1e140d9538d85d2b
                                          • Instruction Fuzzy Hash: EB11C672644204BFD6108E0AEC45E62FB9CEB84A70F18C96AFD095B201D276B5148BB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532B388, Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4a27bafd5c590e026dd8d04000b414724f0be566146472dda30542810dceee3
                                          • Instruction ID: f91d483c1e5c8e1de7934a6d164dc1a71f12ddb89a9655f5eb2751e2da62e883
                                          • Opcode Fuzzy Hash: f4a27bafd5c590e026dd8d04000b414724f0be566146472dda30542810dceee3
                                          • Instruction Fuzzy Hash: 9F21F4B4D0561ADFCF04CFA5D5954AEFBF6FB98300F2091AAC906A7358DB305A41CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A8F8, Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70476a2aa23477f7910b9d11a74b180c64ed3cf41ab6e29d0263cfa187415cd4
                                          • Instruction ID: e7255f8d969f5ebd00bbb60780024b8e4e366b4e56659c4a19220844a9102896
                                          • Opcode Fuzzy Hash: 70476a2aa23477f7910b9d11a74b180c64ed3cf41ab6e29d0263cfa187415cd4
                                          • Instruction Fuzzy Hash: 601172B55083806FD302CF15DC51A56FFE4EF86720F09899EF9888B212D235A908CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053234B8, Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8e157b830ba1e5f2d641a516e8dcae1b68b54cfe3cae05cd5e449d399abaeb0
                                          • Instruction ID: d1b00de631da0af1ae6d4e7dc77a571cb517f0a364df7b443fff34fc55f88849
                                          • Opcode Fuzzy Hash: d8e157b830ba1e5f2d641a516e8dcae1b68b54cfe3cae05cd5e449d399abaeb0
                                          • Instruction Fuzzy Hash: 1021C5B4E00119DFCB44CF99D5809AEBBF6FF88301F10846AD819A7754D738AA41CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02D20726, Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238538790.0000000002D20000.00000040.00000040.sdmp, Offset: 02D20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05d37254e2bd197ea5616cde0924a1b4ef3ccaefe37414050ceca75d9c5267c2
                                          • Instruction ID: 0fa2a57a4b6d6013d47c3523da0b96901e65f2d196ee523a08de290106045107
                                          • Opcode Fuzzy Hash: 05d37254e2bd197ea5616cde0924a1b4ef3ccaefe37414050ceca75d9c5267c2
                                          • Instruction Fuzzy Hash: B4213D3510D3C08FD7138B25C890B55BFB1AF57318F1986DED8848B663D33A980ACB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053234B3, Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9502d587c987cc1359ba7e10c5a538394c580405473a164f764e156b223a20ae
                                          • Instruction ID: 45c06118605b430654cbd3958b2c6424decf11d236187d136c272578af283a7a
                                          • Opcode Fuzzy Hash: 9502d587c987cc1359ba7e10c5a538394c580405473a164f764e156b223a20ae
                                          • Instruction Fuzzy Hash: C121C0B4E00119DFDB44CFAAD5809AEBBF2FF88301F1084AAD819A7754D738AA41CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02D2075C, Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238538790.0000000002D20000.00000040.00000040.sdmp, Offset: 02D20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 710e8fc8b0f309c908047c30af44863b62c650ff07cd78275671cef85c345662
                                          • Instruction ID: dfd154c7f0aa4ad985ff5248311ec5c3bb517aaaa23982307fe155184d5c7944
                                          • Opcode Fuzzy Hash: 710e8fc8b0f309c908047c30af44863b62c650ff07cd78275671cef85c345662
                                          • Instruction Fuzzy Hash: 4211E134204244EFD705CB24C980B26FBA5EBA870DF24C9ACE9891B752C77BD807CE91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05323113, Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83c3f197dc12c5965167e6ae2d4696372d657297c6047f73fc731066d94e9b05
                                          • Instruction ID: ace5a60e0321fedaae15927d248fc913ea0832f2bc12ded04549fbb5734c79dd
                                          • Opcode Fuzzy Hash: 83c3f197dc12c5965167e6ae2d4696372d657297c6047f73fc731066d94e9b05
                                          • Instruction Fuzzy Hash: C8213AB4E0021A8FCB41DFA8C4856EEBFB1FF89300F11856AD504B7295D7346A45CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126AB69, Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3310c875565ad0b132862251242d4d429de8433e9c6a014a2749e448b2d49155
                                          • Instruction ID: a83d23f3a098fadfe73aee9cb48467f9199d2d0c22ce0b0b4ccba4e817eaf9f5
                                          • Opcode Fuzzy Hash: 3310c875565ad0b132862251242d4d429de8433e9c6a014a2749e448b2d49155
                                          • Instruction Fuzzy Hash: 3B11D4B5908301AFD350CF19D881A5BFBE8FB88660F048D2EF99997311D331E9048FA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05323120, Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9475e4030f2049e25459d3a8c59277f4bb81ce52fed68321dcca09189941f753
                                          • Instruction ID: a7b33eb4663895562fe650c85a21e43634958ff9403e61f23c379afb500ad0ff
                                          • Opcode Fuzzy Hash: 9475e4030f2049e25459d3a8c59277f4bb81ce52fed68321dcca09189941f753
                                          • Instruction Fuzzy Hash: 9611F8B5E0021ADFCB80DFA8C9456EEFBB1FF88300F208529D604B7294D7746A45CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D17A0, Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28e63c2e1cbc938797a3abaa6783abbdc8f8dbda8f5fffc5b2c5f1cd302902b1
                                          • Instruction ID: d1a332b0d58e86605a968f843125bbd2f440a96b6bad8de23e3521b7c9235774
                                          • Opcode Fuzzy Hash: 28e63c2e1cbc938797a3abaa6783abbdc8f8dbda8f5fffc5b2c5f1cd302902b1
                                          • Instruction Fuzzy Hash: 5C11CE70D25209EFEB84CFA8D5899ADBBF2FF45200F108499D406FB240C7749A00CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05325123, Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5e43ea6bcd60950d5fb20a43b20db278878aaf5eaae254e40bf1176598ef557
                                          • Instruction ID: 3d86586621edfdfc10fb4ce8f810390914006d1533424929d19af7e6796e5712
                                          • Opcode Fuzzy Hash: e5e43ea6bcd60950d5fb20a43b20db278878aaf5eaae254e40bf1176598ef557
                                          • Instruction Fuzzy Hash: 07110474E05119EFCB45CFA9C58499DBBF2EF89300F15C5EAD908AB365DB30AA10DB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05325130, Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 75a8a4047f502fa93cd05c414d6205851960a3a4c1688f9080f21df8e26e2f71
                                          • Instruction ID: 537f85fb2b0f4cb2e504e16dce11cc920c80b9d30da4f76a519823b9d6fb410f
                                          • Opcode Fuzzy Hash: 75a8a4047f502fa93cd05c414d6205851960a3a4c1688f9080f21df8e26e2f71
                                          • Instruction Fuzzy Hash: A311F874E05118EFDB44CFA9C5849ADFBF6EF88300F15C599D519AB365EB30AA00DB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320103, Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8aadd8a2ad9cc5368069c558e6b60a41dcfc310d25c74d9779c33ee4c05d218e
                                          • Instruction ID: 3366f64f9af8533a119494933bb25d66a23b19e7d87fe31d134ce3d14073bd80
                                          • Opcode Fuzzy Hash: 8aadd8a2ad9cc5368069c558e6b60a41dcfc310d25c74d9779c33ee4c05d218e
                                          • Instruction Fuzzy Hash: 0F112170A1115ADFCB48EFA8E9489ADBBB6FF85304F108169D80167394DF715E44CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A178, Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3381f0c8d8f308c42c48d23290f9102c5c0451e89e42134894e316968e1a685b
                                          • Instruction ID: db288c7cbe148ea245caed551407ca109099a0bb7afdec9f3bc7cb23da052818
                                          • Opcode Fuzzy Hash: 3381f0c8d8f308c42c48d23290f9102c5c0451e89e42134894e316968e1a685b
                                          • Instruction Fuzzy Hash: 1B0124B100E3C46FE31387259C55AA2BF78DF43620F0C84CBE9859F193D2166809C7B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320108, Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0f7dc170a65c82a103d60065ae008440e6f8acf1f1da6f803f5ec5730a71195
                                          • Instruction ID: 54c484208cce3bc7f1bae4aac8b19be88fadccddcaa5c1934887f7bccd284e26
                                          • Opcode Fuzzy Hash: f0f7dc170a65c82a103d60065ae008440e6f8acf1f1da6f803f5ec5730a71195
                                          • Instruction Fuzzy Hash: B6113D70A1111BEFCB48EFA8E9889ADBB76FF80304F108169D801A7394DF716E44CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02D205CF, Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238538790.0000000002D20000.00000040.00000040.sdmp, Offset: 02D20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b1e6f982fd8557c96a1b101c36377b646a2259dd3305a2ec01c0e88dee246a6
                                          • Instruction ID: e4f473684d8cc09f9f12ee453bbeee2262de971f24bbdfec6a02cc8edcd6065a
                                          • Opcode Fuzzy Hash: 0b1e6f982fd8557c96a1b101c36377b646a2259dd3305a2ec01c0e88dee246a6
                                          • Instruction Fuzzy Hash: ED01DBB65093845FD7128F16EC50862FFB8EF86620708C49BEC498B612D225B908CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320D0B, Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01d1f6fed6f265a4b8a4d4c133c02d88c8634a4055186841d801487418dd785f
                                          • Instruction ID: 36744623690fb421ce97b195e7967366fd7637823c808fa9507359bd67421542
                                          • Opcode Fuzzy Hash: 01d1f6fed6f265a4b8a4d4c133c02d88c8634a4055186841d801487418dd785f
                                          • Instruction Fuzzy Hash: BC11E578D09618EFCB19DFA9D5886ADBBB2FB49300F1084AAD801A7261D7706E45CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05321240, Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68ca2bea2f42ae5904d99a97b6c108b3e744fce4c4a66b502d0ebf4f8b8d511b
                                          • Instruction ID: 981c9645889b66a7bd78a89a63a867a254f4d4915986127831dcf9b762c63519
                                          • Opcode Fuzzy Hash: 68ca2bea2f42ae5904d99a97b6c108b3e744fce4c4a66b502d0ebf4f8b8d511b
                                          • Instruction Fuzzy Hash: A8015A70C1A318EFCB14CFA4E6419AEBBB5FB49700F1094AAE802AB294C7349B54DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320D18, Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7634c2d9fd5057c45f556995dfd9c8cb5b0b4096e90cdfa7ad0a6e6b9e8b6e8
                                          • Instruction ID: 79c686801f2a23a28c03e770d8a02b957d7fb4c297efba2feaceec6f9ca1945b
                                          • Opcode Fuzzy Hash: b7634c2d9fd5057c45f556995dfd9c8cb5b0b4096e90cdfa7ad0a6e6b9e8b6e8
                                          • Instruction Fuzzy Hash: 0911D778D05618EFCB18DFA9D5886ADBBF6FF48300F1084A9D805A7364D7706E45CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532123B, Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d20ef1ac4eca140c5b7b9cb98d7e61645f40f0953e1d5a7deb4f7c9e04ccde2e
                                          • Instruction ID: edaaa0a5bfe3a31b847a6ba5c3768ceea1fb837078d305a5284996fc1841a840
                                          • Opcode Fuzzy Hash: d20ef1ac4eca140c5b7b9cb98d7e61645f40f0953e1d5a7deb4f7c9e04ccde2e
                                          • Instruction Fuzzy Hash: 82018C30C19318EFCF14CFA8E6415AEBFB1FB49300F1095AAE802AB254C3349650DF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D12AF, Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b59fd05ad05ea77d68a3e75267713dc9d102ccf0395221a72cde701a621a1340
                                          • Instruction ID: 3a7656f539a5a5d6fcd9dc0cd8a6fafd1f818f1347045180438a26c0f83709a2
                                          • Opcode Fuzzy Hash: b59fd05ad05ea77d68a3e75267713dc9d102ccf0395221a72cde701a621a1340
                                          • Instruction Fuzzy Hash: 2E11137092222ACFDB60DF65E98C7ECBBB0FB49316F10A0E6D40AA2640D7351A95CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532A54E, Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87a3f1f2e43228de0cedb5080794ca575514a55fd834e082068d62f2f0f341a1
                                          • Instruction ID: 1c3a0766664d393eaf183e01fd379ede396cf19584677e0b1e7781e15be5c0c1
                                          • Opcode Fuzzy Hash: 87a3f1f2e43228de0cedb5080794ca575514a55fd834e082068d62f2f0f341a1
                                          • Instruction Fuzzy Hash: 86113074A12228CFCB18DF64D8957DDBBB2EB86210F5080DAA809A7344DB305D85CF61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053203EB, Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7b701944aceeb50d2ed657132ba20d064961fd3f4dac83ec476348af4fcd9a2
                                          • Instruction ID: b96f18bf9cabbe5e18054d16a5dab7c77633ed2c27c6c46cf14162217383798c
                                          • Opcode Fuzzy Hash: a7b701944aceeb50d2ed657132ba20d064961fd3f4dac83ec476348af4fcd9a2
                                          • Instruction Fuzzy Hash: 83F0BE30A4A208EFD708CBF4C550BFF77B3DFC6204F2888A9800127291CAB85E05DB24
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320063, Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 367747cdbd541bfa53ac7a65cba44f3e4fe2a2d8095ce360eae4785192d955f4
                                          • Instruction ID: e922907975ea9a39595eeff0d879861f067aa26d3644f913504180a0c31921c9
                                          • Opcode Fuzzy Hash: 367747cdbd541bfa53ac7a65cba44f3e4fe2a2d8095ce360eae4785192d955f4
                                          • Instruction Fuzzy Hash: 89F09030D512199FEB588B78D4597FFBBF5AB85710F10582ED401B3640DAB519088BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320070, Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7b4f253b6005b24399c3aa75628ed30337ea0440298c6ccc190975b98ddbc58
                                          • Instruction ID: bc63ab20f53979cf6116a359d6e01c490979372c2f4603c354106c48bf10f7af
                                          • Opcode Fuzzy Hash: b7b4f253b6005b24399c3aa75628ed30337ea0440298c6ccc190975b98ddbc58
                                          • Instruction Fuzzy Hash: D7F08270D112199BEB589FA8D8597EFBAF5EB49700F10582AD001B3280DAB559088BE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053203F8, Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36074e83be95abbc8e738374255aac4c1c9072dd610176a0085a4a2b634b42f1
                                          • Instruction ID: dcfebc810062795ae99276ea427a74014ff8eac963ee13c5fa30257aad8de440
                                          • Opcode Fuzzy Hash: 36074e83be95abbc8e738374255aac4c1c9072dd610176a0085a4a2b634b42f1
                                          • Instruction Fuzzy Hash: B2F01C30A46208EBD708DBB4C544BAF7377DBC5208F6498689405232848EB95E059665
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320531, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6b07ae8bd0ec6373f00c0866db6fd949a0a69624eb8da13749ac55e30d9e3d6
                                          • Instruction ID: 3cbbf36b038202a34937c0c1f10392d448aa733bf3a0bd29b9b41cabb003d0cb
                                          • Opcode Fuzzy Hash: c6b07ae8bd0ec6373f00c0866db6fd949a0a69624eb8da13749ac55e30d9e3d6
                                          • Instruction Fuzzy Hash: 75011474A0A219DFCB44CBA8D58499DBFB1FF49200F2081AAD801A7355C270AE45DB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05329E98, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6abd62045f128aad6e6a76ef928c0829b233504674250db8e4061b0b6e83634a
                                          • Instruction ID: b7dde2f303cd5b672c5c4aec6bc7b3e08b8094e898fbf9306424f2b6bcd803b2
                                          • Opcode Fuzzy Hash: 6abd62045f128aad6e6a76ef928c0829b233504674250db8e4061b0b6e83634a
                                          • Instruction Fuzzy Hash: 4EF0C870909299DFD749DF98D54468C7FB2FF45704F24C9A7D0009B255DB745A40DB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02D20818, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238538790.0000000002D20000.00000040.00000040.sdmp, Offset: 02D20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                          • Instruction ID: 486aa64e0e2a84b6c67d5c342a1974edc97d27b700bac3709f1e0393d304ff79
                                          • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                          • Instruction Fuzzy Hash: 99F01D35104645DFC706CF40D940B16FBA6EB99718F24C6ADE9490B762C337D813DE81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0F97, Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ce9aaa19195113477f4d6d1ff92db0d23400cba993ad290fcaca99b3249ffda
                                          • Instruction ID: 05fbcb97d7148d7ea8a9ec81085249f4a8442990d5ee6bdb89beee13dd7fb880
                                          • Opcode Fuzzy Hash: 1ce9aaa19195113477f4d6d1ff92db0d23400cba993ad290fcaca99b3249ffda
                                          • Instruction Fuzzy Hash: 4D014975950229AFDB61CF60CC81FD8BBB4FB08314F2041A5A619AA2D0DB74AB82CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0A56, Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9295587a35772d0936ab5c1f8c50ffb4b869a9ace3e842de26e003983d55eb78
                                          • Instruction ID: 099e4c1684f14881f13a4ff3efaf7f904138974572e0522e47d1c9501ff4b981
                                          • Opcode Fuzzy Hash: 9295587a35772d0936ab5c1f8c50ffb4b869a9ace3e842de26e003983d55eb78
                                          • Instruction Fuzzy Hash: 7301EEB191122A9FEBA0CF64CD80BD8BBB8FB08350F0080C9D95CA7261C7349AD5CF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320450, Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92c9e7920f5718c9fb688b9acca2fc13dd35d2e427b1fb6c9406413421a73a17
                                          • Instruction ID: 9bac673cc4d0ab4927fcbd8248c0d1dd445a7946fa51f0fa66208309159f4f07
                                          • Opcode Fuzzy Hash: 92c9e7920f5718c9fb688b9acca2fc13dd35d2e427b1fb6c9406413421a73a17
                                          • Instruction Fuzzy Hash: 49F01274C49208EFCB18DFB8E4495ADBFB0EB46200F1085AAC845A33A6E7795A16CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05327F55, Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07ce708b49217954641dd847f5de0a4233aad4aab279426043a2b2f66af2a6c9
                                          • Instruction ID: 8fbcf76eaf99e79aaa155e053f7fac9d8381427384889145192855dae926d136
                                          • Opcode Fuzzy Hash: 07ce708b49217954641dd847f5de0a4233aad4aab279426043a2b2f66af2a6c9
                                          • Instruction Fuzzy Hash: 92F06D7480C625DECB64CF62C440659FBF6FB5A340F21A4A680499B620E7304A858F64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532A054, Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9885b8cbd84031c2a43f7cc5569fd0a9e83578f8d9a96dc485ba93f9165c1460
                                          • Instruction ID: b83106f4bf10ca4ad7a8f21d87f140c430fb16ccb2f91278efefd55eee93ecea
                                          • Opcode Fuzzy Hash: 9885b8cbd84031c2a43f7cc5569fd0a9e83578f8d9a96dc485ba93f9165c1460
                                          • Instruction Fuzzy Hash: D5018C74951219CFCB54CFB4D5946EDBFB1FB84214F20852AE801A7756CB705941CF61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02D205F6, Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238538790.0000000002D20000.00000040.00000040.sdmp, Offset: 02D20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e86fde48bebd7911da98bbf9cc858045d5179ec34802a432327349a6870dd6e5
                                          • Instruction ID: 6e7604825948d8ea21bc833a35616dcdf910cf76c8163177a30fe72e2934a07b
                                          • Opcode Fuzzy Hash: e86fde48bebd7911da98bbf9cc858045d5179ec34802a432327349a6870dd6e5
                                          • Instruction Fuzzy Hash: 8CE092B66006044BD650CF0AEC81462F7D8EB84630B18C47FDC0D8B701D235B508CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D18B8, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: edc83b87cadb45f0aac76bc3ccec20ec2263eb0bf75063e2141fe0e36baecdfd
                                          • Instruction ID: 4f905f5b2ff321c5f163d1b12f73a19f32aee09e299437e439bb501f0f3781ba
                                          • Opcode Fuzzy Hash: edc83b87cadb45f0aac76bc3ccec20ec2263eb0bf75063e2141fe0e36baecdfd
                                          • Instruction Fuzzy Hash: 50E0223182A2C48BC762CB78E9083983FB0DB03316F2042EE8C04972D5D63A8552C385
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A95B, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbb83ccff72f61be0de92cc5da6d455ff9f00f1ec754567390543eb40758e01f
                                          • Instruction ID: 4bf0167f07d4cf64ac02dde9c5a3ed95ab679a0ecd26f21351790ee61f70baad
                                          • Opcode Fuzzy Hash: bbb83ccff72f61be0de92cc5da6d455ff9f00f1ec754567390543eb40758e01f
                                          • Instruction Fuzzy Hash: BCE0D8B254130467E2508F0ADC46F23FB5CDB84E30F18C46BEE095F301E171B5188AE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A1AC, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0e515d35250f8df4193a6bbbeffe9a5533f09291210de82a625e60955c03268
                                          • Instruction ID: 015b2c6728802dd6e9eee30d1fc5187ca586bd4024ce54afcb96674ab13c23a7
                                          • Opcode Fuzzy Hash: e0e515d35250f8df4193a6bbbeffe9a5533f09291210de82a625e60955c03268
                                          • Instruction Fuzzy Hash: 0FE020B154130467D260CF0ADC46B22FB5CDB84D30F18C567ED091F701D175B5148EE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A82F, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c73630211fb5804a22d87cd734534c950f86e76fccae069a093da73bef792562
                                          • Instruction ID: 4cebf6b9035a6304f152bb04e96859aa282270720f04a996f9daecb968a6e323
                                          • Opcode Fuzzy Hash: c73630211fb5804a22d87cd734534c950f86e76fccae069a093da73bef792562
                                          • Instruction Fuzzy Hash: 1FE0D8B254120467D2508F0ADC46F22FB5CDB94A30F18C46BED091F301D172B5148AE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A3C3, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37781c367836a0b2d35811337354b431798ce7d7183cfc8d4fb1a43e65e0bce4
                                          • Instruction ID: f503f56dc5514922749b690c01ef805a00c13e8d6ee6781bc33615106c18c013
                                          • Opcode Fuzzy Hash: 37781c367836a0b2d35811337354b431798ce7d7183cfc8d4fb1a43e65e0bce4
                                          • Instruction Fuzzy Hash: FBE0D8B154130467E2508E0ADC46B22FB5CDB84930F18C467ED091F301D175B5048AE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126ABCB, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db964c363edb6c8e9927081654cadd63396e162e2f2f473394b00ea143493f69
                                          • Instruction ID: 47543947c5cf922fd71c653f61ede7bdbf7bf58ab3cde6cd5319aa299fa8cd64
                                          • Opcode Fuzzy Hash: db964c363edb6c8e9927081654cadd63396e162e2f2f473394b00ea143493f69
                                          • Instruction Fuzzy Hash: 10E0D8B254130467D2509E0ADC46B23FB5CDB84A30F18C467ED091F702D172B5148EE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A5DB, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55d2a20da931f73e86cfd339298590f6b638480df72d9e5ff4e6901984ce5342
                                          • Instruction ID: 92ebc999f1185f041ae388c24e25eea54fb8f8601d4693eaae49c5e377bda7fb
                                          • Opcode Fuzzy Hash: 55d2a20da931f73e86cfd339298590f6b638480df72d9e5ff4e6901984ce5342
                                          • Instruction Fuzzy Hash: ADE020B164130467D2508F0ADC46B23FB5CDB84D30F18C467ED091F301D175B5048EE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0126A703, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238440991.0000000001262000.00000040.00000001.sdmp, Offset: 01262000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a8e72e36034a1880f780b3a15d809cdf418c47a5aa7b70a916392e7b2bf1cd4
                                          • Instruction ID: dde2e04b640894349a9f4b0100c22cec0ab8b0612407e1a27e00f47bbab37b56
                                          • Opcode Fuzzy Hash: 5a8e72e36034a1880f780b3a15d809cdf418c47a5aa7b70a916392e7b2bf1cd4
                                          • Instruction Fuzzy Hash: 2EE0D8B254130467D2509F0ADC46F23FB5CDB94A30F18C86BED091F702D171B5148AE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D1678, Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d15b692a2a5df7e91c01858db35d60acce40cc516b098c0846c461937638ece8
                                          • Instruction ID: ec0b2018e0b788b3aa54fad13d74db463a8d507d0285bacadb461e43269679b2
                                          • Opcode Fuzzy Hash: d15b692a2a5df7e91c01858db35d60acce40cc516b098c0846c461937638ece8
                                          • Instruction Fuzzy Hash: 9EE0223082A2C58BC7A5DB78DA082983F70DB03218F2846E9CC149B2C1D63A4592CB82
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320460, Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fcff8ecb4b53873f76dfa6f317926ebd6d83f8aec7acb667164133d284a60aa4
                                          • Instruction ID: 50f64bf34e9bc54e98bc2517c805270e3ed47edf9809309b023aa30520c64e8c
                                          • Opcode Fuzzy Hash: fcff8ecb4b53873f76dfa6f317926ebd6d83f8aec7acb667164133d284a60aa4
                                          • Instruction Fuzzy Hash: 29F03274C01218EFCB18EFB8E40C9AEBBB0FB44304F1085A9C814A3394EB75AA10CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0EBC, Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc8a88e7ae684db35562114a66f476b4635831c3b571e92dd7bcb1b6f1be2180
                                          • Instruction ID: a7c37e1468ea2d7a7b9a2e07d1ff7e493c517351af9d0d5743b941ec47da5398
                                          • Opcode Fuzzy Hash: cc8a88e7ae684db35562114a66f476b4635831c3b571e92dd7bcb1b6f1be2180
                                          • Instruction Fuzzy Hash: 1FF01576A04218DFDB10CF94C881BEAB7B8EB49304F00809A9959EB291D334AA85CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0C48, Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c17d6e9ff9fbbe3bdf1bd0543c167f08f209b3fdbe70ae18adb11cc8de16d4c
                                          • Instruction ID: d014229714f4983e228336078829e60966ea76fc54a6d3ab2167b710d589c449
                                          • Opcode Fuzzy Hash: 5c17d6e9ff9fbbe3bdf1bd0543c167f08f209b3fdbe70ae18adb11cc8de16d4c
                                          • Instruction Fuzzy Hash: 98F0627582822DCFDB64CF65D945BD8BBB0AB48304F1045DAC5196B251C3B19BC1DFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532F308, Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da8974f38bba6ec34cd6b846b16221203a50000e0f248a76af9ef402cdef425e
                                          • Instruction ID: dc9a1bbd67b8f4658b12c9516c9e1434c350466d45f3c3a04d34085d07947b2f
                                          • Opcode Fuzzy Hash: da8974f38bba6ec34cd6b846b16221203a50000e0f248a76af9ef402cdef425e
                                          • Instruction Fuzzy Hash: E7E01270D05208DFCB44EFA8E949AAEBBB5FB4A301F1085AAD819B3340DBB05E01CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D05C8, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f629ebc79e1b0aa07643d98efcfc8c4a34dc46a5c0731bf0fccbe6a73d6acf22
                                          • Instruction ID: 07585710f8673c6d4277aff00fd3c6a0f045b647394a4d3107b26fa2dd6b65be
                                          • Opcode Fuzzy Hash: f629ebc79e1b0aa07643d98efcfc8c4a34dc46a5c0731bf0fccbe6a73d6acf22
                                          • Instruction Fuzzy Hash: 75F01575910218DFCB60CFA0C880BDDBBB5FF48314F10809AEA19EB290C734AA85CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05329DBF, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94e0931abe6098526f0e3786892e792da7111b6f864e50350356c6fb2a230c4a
                                          • Instruction ID: b4c5d8206c4f8bb75a3dd73aae72120b6c07c49458444f2660c1bf59efea22fb
                                          • Opcode Fuzzy Hash: 94e0931abe6098526f0e3786892e792da7111b6f864e50350356c6fb2a230c4a
                                          • Instruction Fuzzy Hash: 22E09231D093849FCB13DB78D0086A8BFF0DF03214F1082DFD891972A2DA351446CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532022B, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a457f51f867b92580b0e27a25dee0579c493c6a181fb8a6ad05639b7e779b504
                                          • Instruction ID: 8b02ca871c12c3102520b0f8ce4744f2d44a20d54645717a945315b3392a9e28
                                          • Opcode Fuzzy Hash: a457f51f867b92580b0e27a25dee0579c493c6a181fb8a6ad05639b7e779b504
                                          • Instruction Fuzzy Hash: 3FE06D30909308DBCB58DFA8E00859CBBB6EB46310F2081AAD80963360C7721A54CB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532F690, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98eaff19690496c24cff6c6d60c0d07407a7d948aa6d8d28e8dc77a4bad076c9
                                          • Instruction ID: 2e930fec4c2c2b56dc0d6527a0bfbb332af6c0e2c61cde36d80d00d9fa565950
                                          • Opcode Fuzzy Hash: 98eaff19690496c24cff6c6d60c0d07407a7d948aa6d8d28e8dc77a4bad076c9
                                          • Instruction Fuzzy Hash: 4BF0C975D0420CAFCF41EFA8D945AADBBB1FB48300F10859AE854A3250D7719660DF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532A2E1, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56197f66f9b3a27955742a2bb1ac0e7ca0b2f1f4694d41805b48e382e2d1916e
                                          • Instruction ID: e40ca52003309e77f468c71b93aa2eefd2c255b0ea2f8091f0952584b2ca9701
                                          • Opcode Fuzzy Hash: 56197f66f9b3a27955742a2bb1ac0e7ca0b2f1f4694d41805b48e382e2d1916e
                                          • Instruction Fuzzy Hash: 6EF09770912229CFDF64CF54DD94B9CBBB5FB48211F1086EAD80AA3694DB306E81CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320230, Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbc7515bf745fddf89da0598ebdee645436e1afb5dd1ff54c5bc13ed40a3c3df
                                          • Instruction ID: 039c79cea5997f48a27d4efba3a0e2afbcafb4081f331ce0ec0231cb60bbe83c
                                          • Opcode Fuzzy Hash: bbc7515bf745fddf89da0598ebdee645436e1afb5dd1ff54c5bc13ed40a3c3df
                                          • Instruction Fuzzy Hash: D6E04F74909308EBCB58DFA9E50D55CBBBAEB45301F1080AAD84553354DB716E44CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D054B, Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 052222d55840586c0f677150fd30d1a2c31782d27e41cdf6454994a24d8aa759
                                          • Instruction ID: 5b553a0c636d5ba48e399df002c775abad2f99b575a026ea75cc64a3e43e4604
                                          • Opcode Fuzzy Hash: 052222d55840586c0f677150fd30d1a2c31782d27e41cdf6454994a24d8aa759
                                          • Instruction Fuzzy Hash: CAF0B2B4C25229CFCBB4CF24D8A27D9BBB0BB06350F1844D9994E76260CB700A80CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05324937, Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55df50a661ad5a47b705065b5ee4c5c36d6a3dcacc02bf9fa7f6ee479579ba09
                                          • Instruction ID: a60d5a5d0fd54097ca1774d2bb2de7cc02e4f1fbe3f01278e1d4acacab7d2eb1
                                          • Opcode Fuzzy Hash: 55df50a661ad5a47b705065b5ee4c5c36d6a3dcacc02bf9fa7f6ee479579ba09
                                          • Instruction Fuzzy Hash: 7FF01978946329CFCB65DF68D980A99BBB1FB08310F9011E9E809A7710D730AE82DF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05327FA3, Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d8398e7078c676fa1aebf985a9d86002e0da04e0cd38a618e3b33d3d0cb8c03
                                          • Instruction ID: 5215a1b1815c0c7130b3793274e567f59123bf57e9bfa91b45687ab669eca51f
                                          • Opcode Fuzzy Hash: 1d8398e7078c676fa1aebf985a9d86002e0da04e0cd38a618e3b33d3d0cb8c03
                                          • Instruction Fuzzy Hash: 80E0C2B4E043198FDB04CFA5C980B9DB7FAAF59300F109095850CAB654D7345E408F18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05321FD1, Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d45e08f113b016eb96a5266a6e5431d980d26dfdbec13d036999724413add0e
                                          • Instruction ID: f123b89fd6542cf37bbe55504c29994d11809c884b8153de10598aee4942b71a
                                          • Opcode Fuzzy Hash: 9d45e08f113b016eb96a5266a6e5431d980d26dfdbec13d036999724413add0e
                                          • Instruction Fuzzy Hash: 2FE086724493449FC7A29F74B40C51D7FB0AB57205F1185ABD086C31F6D7750850CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532A4F0, Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8b3a1182475c6970ac39ddf90b30cfbe0500de6ca22f6460b804bb7e6638963
                                          • Instruction ID: 298671b66ffc4ec43e9f37a6182924c38ed41a46acdfc7df4c903c4491283360
                                          • Opcode Fuzzy Hash: a8b3a1182475c6970ac39ddf90b30cfbe0500de6ca22f6460b804bb7e6638963
                                          • Instruction Fuzzy Hash: 39F0153090522A9FCB54CF24C941BA9BBB6EB44220F2081D5941AA72A9DB305E808F52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D03ED, Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90370d9be2e27cd38614a7ca3be865baba77e9213c4563d39e965be7a85004d8
                                          • Instruction ID: e92f28edced528e9628268ddb746e1024f17427cd8d9685f7c05347cb5e98f7c
                                          • Opcode Fuzzy Hash: 90370d9be2e27cd38614a7ca3be865baba77e9213c4563d39e965be7a85004d8
                                          • Instruction Fuzzy Hash: 8EE0C235900118CFCF25DFA0C840BDEBBB2BB48304F108199D419A3251D3369A82CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05328231, Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c0361f2941055d0d255d23ddd3561edaf71a912d0d04b690e506cd9dfd6229c
                                          • Instruction ID: fc451af86690d3ad84fd28459926f8ae1ffccb43b6e9515c0f799bdf453b33ea
                                          • Opcode Fuzzy Hash: 6c0361f2941055d0d255d23ddd3561edaf71a912d0d04b690e506cd9dfd6229c
                                          • Instruction Fuzzy Hash: FFE01AB5D1421C8FCF50CFA4C540B8DB7BAEB59310F1094968519EB351D6309946CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0CC7, Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2804ac0762d3cedc5c84f941b36f503b92ed3a4ea86f9923e19b31c8659b6e05
                                          • Instruction ID: 776c03c1e94a9d65a8bfc6e7ba5d06971eab0ccded676b80ab1d85019eb15f5b
                                          • Opcode Fuzzy Hash: 2804ac0762d3cedc5c84f941b36f503b92ed3a4ea86f9923e19b31c8659b6e05
                                          • Instruction Fuzzy Hash: FEE0E534D042189FCB61CFA0CC51B98FBB1FB4C300F1090999A29AB291C372AA42CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05329DD0, Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6cbb574c2e2b7cbff848656eae6ead7c0ac9dfefa557d8151b3622ab2b8f3f5b
                                          • Instruction ID: 27dfdf2f815df28b4e9182135da1216963067a52f88da1432f69ea24363f6fbe
                                          • Opcode Fuzzy Hash: 6cbb574c2e2b7cbff848656eae6ead7c0ac9dfefa557d8151b3622ab2b8f3f5b
                                          • Instruction Fuzzy Hash: FFE0E274E04208EFCB50EFB8E148AACBBF4EB09304F1080E9D848A3350E675AA44CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053200ED, Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80152aadc6c1dfb369e0c49bea92f2219ffeb86767a62ab9fecc976a416e9b10
                                          • Instruction ID: 14103e8e209da67c592fbb1e09ef40a698bc49e0c78312bd65c62a8022d27377
                                          • Opcode Fuzzy Hash: 80152aadc6c1dfb369e0c49bea92f2219ffeb86767a62ab9fecc976a416e9b10
                                          • Instruction Fuzzy Hash: 55D01735D01108DFDB10CFA8E0482ECF771EB89325F10942AC614A3650C3314445CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D1688, Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b9d91ce8f3bbf2a004cebb9aac52a92d7eabda8f03f1747a0151902da794148
                                          • Instruction ID: 0c2fc21d2141246809fe8a58e2dd2a7439ba510ec57cf7bc14212fcc26ca083a
                                          • Opcode Fuzzy Hash: 5b9d91ce8f3bbf2a004cebb9aac52a92d7eabda8f03f1747a0151902da794148
                                          • Instruction Fuzzy Hash: 0ED05E30C152099FC794EFB8A50876C7BB4DB01205F2044A8C80863280E7329590CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0672, Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8aa9e5fcfd65404740fa6607622d5d937361fb726c81cfd84b534391757168c
                                          • Instruction ID: 5ddf46346b38646663180bb2d5966f70545dc2c42ed40f625adf3cbca20691f5
                                          • Opcode Fuzzy Hash: b8aa9e5fcfd65404740fa6607622d5d937361fb726c81cfd84b534391757168c
                                          • Instruction Fuzzy Hash: 02E0E5358142248FCB50CF20C984B9CBBB1EB48314F1085EAC81DA6291D7359BC1CF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532DF98, Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 036fb4f4e4743b0b3f8f216bc4795f8ba142b12edb8dc9229f73f4d914082929
                                          • Instruction ID: a1d354f08f70cf6416e5544b939173ce96bdfc0c0e1b9ce273ad2b8933173067
                                          • Opcode Fuzzy Hash: 036fb4f4e4743b0b3f8f216bc4795f8ba142b12edb8dc9229f73f4d914082929
                                          • Instruction Fuzzy Hash: 90D05E70D0831CAFCB51EFB8E5083ACBFF4AB09704F2085EAC884A3380E6785640CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532DEC0, Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40b2ab20d04c935fee015c7564d6cfae3090bf6f95529b96ef288dede087a1b7
                                          • Instruction ID: 5c9735aade0fd4cc664b974fbf69e7ac41188cb21d65479c707dd42fe5277f04
                                          • Opcode Fuzzy Hash: 40b2ab20d04c935fee015c7564d6cfae3090bf6f95529b96ef288dede087a1b7
                                          • Instruction Fuzzy Hash: CED01774D04208AFCB50EFA8E50979CBBF4EB04700F1084A9C808A3344EB755A00CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012523F4, Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238426905.0000000001252000.00000040.00000001.sdmp, Offset: 01252000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3149531bc8b2ed1e0e8b0a447c8cd6cf2c21a7239e4530e769aba0ccfe8b7602
                                          • Instruction ID: e00d77b020252f5e02942cbaf63b41f47979bc7574ea7efb18cc8de58c4e3b98
                                          • Opcode Fuzzy Hash: 3149531bc8b2ed1e0e8b0a447c8cd6cf2c21a7239e4530e769aba0ccfe8b7602
                                          • Instruction Fuzzy Hash: 0BD05E79215A92CFE3268A1CC1A8B953FA4EF51B04F4644F9ED008B6A3C378D581D200
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05321FE0, Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf59383340b930334478045ca5587e089ab9e9303ef2b88169ab213f9dd46acc
                                          • Instruction ID: 946b82f03d3fe07fb861ebb572230b0aba99fdb5159ed7881997de7321e88a09
                                          • Opcode Fuzzy Hash: cf59383340b930334478045ca5587e089ab9e9303ef2b88169ab213f9dd46acc
                                          • Instruction Fuzzy Hash: AAD0C7714453049FC761AF74F90D6197BA8E70A256F00D564E406D31B4DB751850C765
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05320BDA, Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 308a755a4f2c01a7d719b463de4956249ed3d01bfec31bbcf6f4231893d0aac7
                                          • Instruction ID: f2dbf251fb006050f3ad2d8372fac8d0f1c97972f862ea8e1bec749e0ccd7d8c
                                          • Opcode Fuzzy Hash: 308a755a4f2c01a7d719b463de4956249ed3d01bfec31bbcf6f4231893d0aac7
                                          • Instruction Fuzzy Hash: 7CD0A77480E7DD8EC706C7709948BE67F7EAB03204F4916D5D0E46B993C3A8000C8702
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05329071, Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a9f5c5bdf809c2ff22c1451fd604852bbf3e3d99678d40ab5b01596d7e87e93
                                          • Instruction ID: 5887abccf6f97810bff026d12674b170e707fd8bf5d84f1d494cdc8923d48bc9
                                          • Opcode Fuzzy Hash: 3a9f5c5bdf809c2ff22c1451fd604852bbf3e3d99678d40ab5b01596d7e87e93
                                          • Instruction Fuzzy Hash: F3D0127081861889C790CE648440BA57A7BB725200F209196444DA3745D9340985CF67
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0A18, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9005a64f3cfd1910cd7e304155e7a578aaf0a53914b0045f8eb77d556d073535
                                          • Instruction ID: 67a25c4670e24d46cabca1504aceef2d3d5a6f005b8963de8f2780b17991a378
                                          • Opcode Fuzzy Hash: 9005a64f3cfd1910cd7e304155e7a578aaf0a53914b0045f8eb77d556d073535
                                          • Instruction Fuzzy Hash: 29E0B639814314CFCB60CF64C9406D8BB70AB49324F5487E98469B7291CB319A838B40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012523BC, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.238426905.0000000001252000.00000040.00000001.sdmp, Offset: 01252000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 818e9e7b7eb07a26bca5cec9fb495d80e484776180eb4ecede1f587d07e2134a
                                          • Instruction ID: 02e55ecdadcae6b075e86f6f2094135b0eb4238156a1f0039b8e404a506d0d48
                                          • Opcode Fuzzy Hash: 818e9e7b7eb07a26bca5cec9fb495d80e484776180eb4ecede1f587d07e2134a
                                          • Instruction Fuzzy Hash: 95D05E34211282CBD715DB1CC1D4F593BD4AB41B00F0644E8BD008B2A2C3B4E881C600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05329105, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f77fd8e6d9ac522db1903ccf789025fd9324d8f3910d6b43fe03d96fe214e3b
                                          • Instruction ID: 61ca868f0ea579e8ccaabab8237ce0b24cdbf517a9bda03d044b3795ca1c1dcd
                                          • Opcode Fuzzy Hash: 9f77fd8e6d9ac522db1903ccf789025fd9324d8f3910d6b43fe03d96fe214e3b
                                          • Instruction Fuzzy Hash: 63D06774D543589FDB40DBA4C540B9DB7F9AB1A300F205095860D6B391D7345E45CB29
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053222E7, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e97fd47d28323deb45449c81d6fb1faa1d25fd1a86321886df38abf0a6727d7
                                          • Instruction ID: d62831aa6de68d1f3ba93cd6f0190e2f3dd4e501fc8dd29d00a471bf49923f77
                                          • Opcode Fuzzy Hash: 7e97fd47d28323deb45449c81d6fb1faa1d25fd1a86321886df38abf0a6727d7
                                          • Instruction Fuzzy Hash: 4EE09AB090226ADFEB64DF54DD80F88BB71FB44200F108596D40E97254DB706EC4CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053200CD, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7eef0eed48f47bb3b2174dbd83eb79bd494dea91b8d0b86d472ff6326d17def2
                                          • Instruction ID: d6280a227a76c44cf20501dbb10b3534700cdd556e6139f397269a8ff48e6a71
                                          • Opcode Fuzzy Hash: 7eef0eed48f47bb3b2174dbd83eb79bd494dea91b8d0b86d472ff6326d17def2
                                          • Instruction Fuzzy Hash: 90D0C936E01108DF8B108FB8E4440DCF771EBCD265B10D16AC624B3350C7319815CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0F5C, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f51e98207276f81f46ec4cb498c2c79cc0d5f8005467b057ec16ebf49d095d8b
                                          • Instruction ID: 72c2e0cc6b3391f1cc5450d812b9c3cfe1c62d539a5154fbf1b65da3ba2b33ed
                                          • Opcode Fuzzy Hash: f51e98207276f81f46ec4cb498c2c79cc0d5f8005467b057ec16ebf49d095d8b
                                          • Instruction Fuzzy Hash: 37E01274820319CFCB14CF60E44A7D8BBB0FB45351F008495D40AE3114DB344A40CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05323E45, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68a598d0c101956f1c3e4c44474298efedd76e30d90a1999b915852b124e05c8
                                          • Instruction ID: 736b5a1643169c53abf7a056e88fa6fc2d48a7a017862f57bad8bc4d9a2e6e20
                                          • Opcode Fuzzy Hash: 68a598d0c101956f1c3e4c44474298efedd76e30d90a1999b915852b124e05c8
                                          • Instruction Fuzzy Hash: A8D06C75506364CFC768DF64D2988987BB2BB49316F104598E80A9B7A5CB35DE80CF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532848C, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1ec191171a6cc42371c215221e41c8cdc0d3cbeac8123162ea3b150ad28e893
                                          • Instruction ID: 6da8f47a0b5477e36b4cc20de1ece47880d39e1ce1c0c06eb69cda887c060d66
                                          • Opcode Fuzzy Hash: b1ec191171a6cc42371c215221e41c8cdc0d3cbeac8123162ea3b150ad28e893
                                          • Instruction Fuzzy Hash: A7D0C974D1412C8BCB50DFA0C840BAEF779BF15304F10509A8419B3641C7305941CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05326EF4, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e194186176d9d9d0c24b2b917e063cc6a2af8abd1c6ebed3ebd648a66d730a86
                                          • Instruction ID: e422f944de2d5d54d2ba74b9d09e0338abbbf09db2062fc41a7d184e887dc3b2
                                          • Opcode Fuzzy Hash: e194186176d9d9d0c24b2b917e063cc6a2af8abd1c6ebed3ebd648a66d730a86
                                          • Instruction Fuzzy Hash: 8BD05230A0232AEFCB10DF60C980A8CB7B6FF02280F0044A9A009AB158CB346F828F01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053298F5, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca4d3c8ca67f8ad9dbf3c912ca4d1522b89d5ea4dd4939fcb3da21afa7be2238
                                          • Instruction ID: 16994acb2ebc01dd8836b22c482c8074d106e51f361abad8f4b0ea51fc88633f
                                          • Opcode Fuzzy Hash: ca4d3c8ca67f8ad9dbf3c912ca4d1522b89d5ea4dd4939fcb3da21afa7be2238
                                          • Instruction Fuzzy Hash: 10C00278D1831C9ADB94DFA4C444BADBBBEAF5A300F1090A9944DA7640DB305A89CF66
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053290DD, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e10ac3680f2bb5adb96fa2dfb2bf738243707b60a17c8000ebdb90d6d2f2b5f5
                                          • Instruction ID: 986d7b8c85dbb24da9304cc382725dc3fa8ec043e20640a21f7a59f9f3382b59
                                          • Opcode Fuzzy Hash: e10ac3680f2bb5adb96fa2dfb2bf738243707b60a17c8000ebdb90d6d2f2b5f5
                                          • Instruction Fuzzy Hash: 65C01274D0421C8ACB80DFA0C4407ADB7BEBB55300F209096400C73240CA304A80CF16
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0532A791, Relevance: .3, Instructions: 262COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b594652b8849ebaaf066113fad80e90adc4586175a45cd831e66588215ed18d1
                                          • Instruction ID: 950d5bf0371182d730db78e512f22ff14c42798e9c07a2952846197f4e087786
                                          • Opcode Fuzzy Hash: b594652b8849ebaaf066113fad80e90adc4586175a45cd831e66588215ed18d1
                                          • Instruction Fuzzy Hash: 84C15B70D08668DFCB14DFA9C5805ADFFB2FB4A304F2481A9D454AB646C774AE82DF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532A808, Relevance: .2, Instructions: 234COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e24e3acfbc68a7c0802ef77f06b4c218337289324220c4ebd5f8775c69a56c0
                                          • Instruction ID: 41366e279927e4b6f498ca34a1e77b67b3a146010f4d8ea9b657956bdb3e29ef
                                          • Opcode Fuzzy Hash: 3e24e3acfbc68a7c0802ef77f06b4c218337289324220c4ebd5f8775c69a56c0
                                          • Instruction Fuzzy Hash: E5B11874D04668DFCB04DFAAC5805ADFBB2FB89304F2481A9D854AB745C774AE82CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532B610, Relevance: .2, Instructions: 228COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5b985665cc37b19812513865d8eeadb918f815412c160713d30f731b6973301
                                          • Instruction ID: 7f2cb747b4e9d9e9a70f3c974b60e3c64a2fe1f9d7da8e493b7fc96cf6f71697
                                          • Opcode Fuzzy Hash: e5b985665cc37b19812513865d8eeadb918f815412c160713d30f731b6973301
                                          • Instruction Fuzzy Hash: 23A13470D0561ACFCB04CFAAC5909AEFBB2FF89310F20D56AD454BB264D6349A418FA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0006, Relevance: .2, Instructions: 177COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4026b6dd9f4bdd0fbfec66edc855028b5c200bd51f5a45cb6e43422d84684806
                                          • Instruction ID: ef08cd9e2c88bc5ba3196286f3681af69e66cf6666a2266a524299c4f5c78327
                                          • Opcode Fuzzy Hash: 4026b6dd9f4bdd0fbfec66edc855028b5c200bd51f5a45cb6e43422d84684806
                                          • Instruction Fuzzy Hash: 6C61AEB1D1A25A8FDB65CF65C8487DDFBB2BF89300F0480EAC409A7662E7340A85CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532CAA0, Relevance: .2, Instructions: 175COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 934166812903a768d0399ee1a9ae1b7faf3a28a258ca40773be82edab359d472
                                          • Instruction ID: ff26575e7014e923dae4e5c720458ff7d7adc8a1301e985f59066306044e12d7
                                          • Opcode Fuzzy Hash: 934166812903a768d0399ee1a9ae1b7faf3a28a258ca40773be82edab359d472
                                          • Instruction Fuzzy Hash: 81810674D04628EFDB14CFA9C580AADBBB2FF89300F20916AD819AB355D7349E42CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05325803, Relevance: .2, Instructions: 174COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54c947f52719100d905f534b4f4450dd08fdae9be5f61f41456de2d9b4938886
                                          • Instruction ID: 13762daeea54c4edf611589ec30c2ef7c68490d5f4836591de3a043c930aaa36
                                          • Opcode Fuzzy Hash: 54c947f52719100d905f534b4f4450dd08fdae9be5f61f41456de2d9b4938886
                                          • Instruction Fuzzy Hash: 4271F074E25219EFCB45CFA9D58499DBBF1FF49310F14C4AAE815AB660E334AA41CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532ADD8, Relevance: .2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4082b01ab09e4da6d5fd29f1c1118ac410e3397efc425c915cc374ca8635970a
                                          • Instruction ID: b0a359543ebc61506eb49072f7546b88920d7a5a8ee99016f23978412fc40d31
                                          • Opcode Fuzzy Hash: 4082b01ab09e4da6d5fd29f1c1118ac410e3397efc425c915cc374ca8635970a
                                          • Instruction Fuzzy Hash: 7C712774D04668DBCB14DFAAC5804ADFBB2FF89304F24C269D854AB745D734AA82CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05325810, Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e18d48763256326440130d368acc88beda58601ed154ed785124e63884a2d7f
                                          • Instruction ID: 97516b6295e926ef2f2fff5b5fc711bd70bf814bdf81be996853ecfc96f7569f
                                          • Opcode Fuzzy Hash: 7e18d48763256326440130d368acc88beda58601ed154ed785124e63884a2d7f
                                          • Instruction Fuzzy Hash: D571CB74E25219EFCB44CFA9D58599DBBF1FF49310F14949AE819AB620E334AA40CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D0070, Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 291d85494e0f213c8e7ccb19e83f3d38459d62bacfd06722f35613835a763a6d
                                          • Instruction ID: fda9d4750ee40d0eca63b333040603c54dc34a3039a5fd42b20d9356fc3aca57
                                          • Opcode Fuzzy Hash: 291d85494e0f213c8e7ccb19e83f3d38459d62bacfd06722f35613835a763a6d
                                          • Instruction Fuzzy Hash: 2E511B70D6562ACFEBA4CF66C8487EDFAB2BB89300F1090F6C51DA7654E7705A818F50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532BA88, Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3fb2db50a7edf2e3ecce29da75f1a067e7aaf9fe355a2300ad1a70c2b22fbed1
                                          • Instruction ID: 132584aca5c6d8daa687e758c165cd2ed1b031dbc263c000d3009e6790ce125f
                                          • Opcode Fuzzy Hash: 3fb2db50a7edf2e3ecce29da75f1a067e7aaf9fe355a2300ad1a70c2b22fbed1
                                          • Instruction Fuzzy Hash: 06518970D0562A8FCB04CFA9C551AEEFBB6FF89310F10D166D014B7254D7749A418BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053236E0, Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e7f2f7e30eff06332ac4fabd903dd03666aecd2deb906baab5d71b904b02f4b
                                          • Instruction ID: f9d09596f3bdb6b9a2ebccd1a70e91192251ec4d6fe91607f27d02a5bd987d10
                                          • Opcode Fuzzy Hash: 7e7f2f7e30eff06332ac4fabd903dd03666aecd2deb906baab5d71b904b02f4b
                                          • Instruction Fuzzy Hash: F95126B4D0461ACFCB04CFA9D1809EEBBF2FB49340F24895AC415BB650C378AA41CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05326278, Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc165a842fb68cdd4cf9848155e716be7159e03bb8fe8bb089416c51d437c702
                                          • Instruction ID: 3584141981b8181cdfcb5cc9acfffa501cd47eb9dc348b746de294e1a8060eb7
                                          • Opcode Fuzzy Hash: fc165a842fb68cdd4cf9848155e716be7159e03bb8fe8bb089416c51d437c702
                                          • Instruction Fuzzy Hash: 5451D074D15629EFCB04CFA8D5819AEFBB6FF48210F20855AE415BB215DB30AA40CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532626B, Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd79b2c4054f81ff427f7f9a31d78e9c4e81b46a9e004dbe53f7054d5817dfea
                                          • Instruction ID: c71df0c950518e08ccd989b1c80131cd3e4bfe10fe98a20d38ae95e535f9a9ec
                                          • Opcode Fuzzy Hash: fd79b2c4054f81ff427f7f9a31d78e9c4e81b46a9e004dbe53f7054d5817dfea
                                          • Instruction Fuzzy Hash: A951E274D15629EFCB04CFA8D5819AEFBF6FF49210F24855AE405BB211CB30AA40CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053269BD, Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 428f9ffcc0242c97ad2f8150c9fa8051648778f089948ed1901c7f64de337f3b
                                          • Instruction ID: 30ba8bc374c37e95d98167680025e60765b5feb161b8e95bdadd3ad223a67a11
                                          • Opcode Fuzzy Hash: 428f9ffcc0242c97ad2f8150c9fa8051648778f089948ed1901c7f64de337f3b
                                          • Instruction Fuzzy Hash: BA51DEB0D156199FCB44CFAAC9819AEFBF2FF89300F24C5AAD815B7214DB349A418F54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053215D0, Relevance: .1, Instructions: 125COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21bacdbd649fc465a0454fc96020ab30d3696c3b9baa36f142c7a0103db6d6ce
                                          • Instruction ID: debdbbebd5034f54d76199fdfe6ec334ec23a7cd7345e64e71cf743fe57bece1
                                          • Opcode Fuzzy Hash: 21bacdbd649fc465a0454fc96020ab30d3696c3b9baa36f142c7a0103db6d6ce
                                          • Instruction Fuzzy Hash: D95114B0D05219DFCB44CFA9D680AAEBBF2BF89310F14846AD851BB354D7359A41CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053215E0, Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e4e0d9599e405263bba8d8c90d1e034e84493b07b34bd8d94323c29b2f51458
                                          • Instruction ID: 78897afbc99deabb80f635eb384c7544450180912a3f8be980a2f4cf570a7a66
                                          • Opcode Fuzzy Hash: 0e4e0d9599e405263bba8d8c90d1e034e84493b07b34bd8d94323c29b2f51458
                                          • Instruction Fuzzy Hash: D25121B4D01219DFCB44CFA9D680AAEBBB6FF89310F148869D811BB354D7349A41CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05326BA3, Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e05e0048bb657c0bb28c855e0999e2e56c6466abb0a026dcd2c3c36f707bd53
                                          • Instruction ID: 5e07459da287820b4e7bb062d2e9b6ae8ad5ca7fd7e5dcf60daa8767094e0f89
                                          • Opcode Fuzzy Hash: 9e05e0048bb657c0bb28c855e0999e2e56c6466abb0a026dcd2c3c36f707bd53
                                          • Instruction Fuzzy Hash: FF410870D0561ADFCB04CFA9C5824AEFBB6FF89300F24D86AD405BB214DB349A418B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05326BB0, Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5f46fe3d365fc7d7ea6a5ddc930badb01afa3ea4f198e9493d2c6bc346f4974
                                          • Instruction ID: f44dee1cd81f6b77b7c6c17cb77371f0e83f8673c13a771fe39bf4062885084c
                                          • Opcode Fuzzy Hash: f5f46fe3d365fc7d7ea6a5ddc930badb01afa3ea4f198e9493d2c6bc346f4974
                                          • Instruction Fuzzy Hash: 14410870D0561ADFCB04DFDAC5825AEFBB6FF89300F20D86AD505BB214DB349A418B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053267F0, Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1c1b9471e87cdd0f088cb39450c6cdfc066c772bf6e6b53539a34b1990d59a6
                                          • Instruction ID: 39b44f7df33e199b02c47417de04b4c23d18e49ff8fe857105f77ba23735a043
                                          • Opcode Fuzzy Hash: e1c1b9471e87cdd0f088cb39450c6cdfc066c772bf6e6b53539a34b1990d59a6
                                          • Instruction Fuzzy Hash: 15411570D04629DBCB05CFAAC5825AEFBF6BF88300F10D569C415BB644DB3496418FA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 053267EB, Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a18914710410b201413fdb5d572ce9be01cfb0c540e3d74eedce1aa041dbc32e
                                          • Instruction ID: d30efdb80984994ccee3384136a73fb018cc05fffdab9a4c28c5afbd3d7a7844
                                          • Opcode Fuzzy Hash: a18914710410b201413fdb5d572ce9be01cfb0c540e3d74eedce1aa041dbc32e
                                          • Instruction Fuzzy Hash: 04311370D0462ADFCB09CFAAC4825AEFBF6BF88300F14C469D445BB654DB3496818BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D1DF0, Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 042494d15e1b3a3f6fc56890ee3ddfa081123ecb8cc766d66e88df75910fb0a8
                                          • Instruction ID: fd37d7d647d24b86e51e12cfbaa906b562ff7ad5f73363c4b90aacc23177014a
                                          • Opcode Fuzzy Hash: 042494d15e1b3a3f6fc56890ee3ddfa081123ecb8cc766d66e88df75910fb0a8
                                          • Instruction Fuzzy Hash: D6214AB0C252599EDB54CFA5D848BFEBFF1AB0A301F14446AE845F3A81D3744A50CFA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05326D70, Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa112ff23ae2b43059f97835872877a3a3266fde9673c0854fd5b1397c62762f
                                          • Instruction ID: 36b0109ff0a321df1b5615685e7cbbd691793080641bdbe5669e9b374f2c93ea
                                          • Opcode Fuzzy Hash: fa112ff23ae2b43059f97835872877a3a3266fde9673c0854fd5b1397c62762f
                                          • Instruction Fuzzy Hash: 0C21ED72E156189FDB18CFABD8445DEFBF7AFC9200F04C17AD418A6254DB3005528B51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 062D1E00, Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242307176.00000000062D0000.00000040.00000001.sdmp, Offset: 062D0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b526f8520c11c036a93ac1736239c4ccc2fa08c54acf54f3a9bd0533152caec1
                                          • Instruction ID: cab0ccc4e9ad6bca7e89c9f46ad13c16a2d6aa2ce5cf0d09e7da118cd3ef8134
                                          • Opcode Fuzzy Hash: b526f8520c11c036a93ac1736239c4ccc2fa08c54acf54f3a9bd0533152caec1
                                          • Instruction Fuzzy Hash: E1110670D14219DEDB54CFAAD848BEEBEF4AF0A300F14946AE445F3690D7749650CFA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0532C348, Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.239770655.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d332a94a1d2c2e288c0d6d70bf15bd5410bb2a01e4bb491c9c6dd55586a7a34
                                          • Instruction ID: 4eb79480006b37a04516c1957396859ce7396ab60e0de6600dc8c12f823a3941
                                          • Opcode Fuzzy Hash: 4d332a94a1d2c2e288c0d6d70bf15bd5410bb2a01e4bb491c9c6dd55586a7a34
                                          • Instruction Fuzzy Hash: B911F5B1D00608DBDB28CFABD9015AEFBF6AF88200F24C56AD414AB255DB344A028F40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: PURCHASE ORDER.exe PID: 6172 Parent PID: 5388 PURCHASE ORDER.exeCOMMON

                                          Executed Functions

                                          Function 06480070, Relevance: 36.2, Strings: 28, Instructions: 1181COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r
                                          • API String ID: 0-4012828230
                                          • Opcode ID: 0010cf0eb69a5c74a7b9cae2408ae34142c8369e589a2cf1f509535b8c5c924f
                                          • Instruction ID: 3ef73138271049841d28395fc32a31525bcc5a51355454b9eee973b70ba1015f
                                          • Opcode Fuzzy Hash: 0010cf0eb69a5c74a7b9cae2408ae34142c8369e589a2cf1f509535b8c5c924f
                                          • Instruction Fuzzy Hash: 3CA22A70E012198FDBA4EFB9C9547AEB6F2AF85704F1484AAC509AB394DB34DD81CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064EABD0, Relevance: 23.6, APIs: 1, Strings: 12, Instructions: 829libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505518872.00000000064E0000.00000040.00000001.sdmp, Offset: 064E0000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r
                                          • API String ID: 2994545307-3976764176
                                          • Opcode ID: 9b02fcc81cda1d8eb7ab9296964957bfc548d245695210c2d0a708674047483c
                                          • Instruction ID: c5f8cbb82a2cd739446ff3ea47f56f03e816374ce39cb3333eaa6821dea55b13
                                          • Opcode Fuzzy Hash: 9b02fcc81cda1d8eb7ab9296964957bfc548d245695210c2d0a708674047483c
                                          • Instruction Fuzzy Hash: EF624C35E00219CFCB65DFA8C944BDEBBB2EF89300F1485A9D909AB264DB719D41CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300A7D0, Relevance: 1.7, APIs: 1, Instructions: 202libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 00a8d0e1ba1af89566849efdd49c791f730ca6d2b211e4947075ad3227b219ef
                                          • Instruction ID: b16463fd42845c20cbdb0e0088770a32dfbb7bd01a41e3c899d6f6746b2ef9f5
                                          • Opcode Fuzzy Hash: 00a8d0e1ba1af89566849efdd49c791f730ca6d2b211e4947075ad3227b219ef
                                          • Instruction Fuzzy Hash: 95713B70B003099FDB14DFB8D598BAEBBF2BF88315F158929D405AB395DB749841CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAF07, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 013FAF87
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: AdjustPrivilegesToken
                                          • String ID:
                                          • API String ID: 2874748243-0
                                          • Opcode ID: 9066595238267a7b268b6d48f8f65a09ce7c07e5785ecabeadddf61ccd0f8acd
                                          • Instruction ID: a8c3e42c73d0c8044ef3ee38fe202e5722ff87ca3dcbcae54304ecb2cce06b57
                                          • Opcode Fuzzy Hash: 9066595238267a7b268b6d48f8f65a09ce7c07e5785ecabeadddf61ccd0f8acd
                                          • Instruction Fuzzy Hash: E821A1755097849FEB238F25DC40B52BFB4EF06314F0885DAE9898F1A3D274E908CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB089, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 013FB0F5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: InformationQuerySystem
                                          • String ID:
                                          • API String ID: 3562636166-0
                                          • Opcode ID: 61f63e736e9c81163e542a561878bbacd8e649e4a58c83256d7e94d977849f0d
                                          • Instruction ID: 7a777dc74155caf8b35300c83df7086b6c862ad9248fb6d1d6f3d4f16f654088
                                          • Opcode Fuzzy Hash: 61f63e736e9c81163e542a561878bbacd8e649e4a58c83256d7e94d977849f0d
                                          • Instruction Fuzzy Hash: 74115B724097C49FDB238F25DC45A52FFB4EF06324F09C4DAE9848B263D265A918DB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAF3E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 013FAF87
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: AdjustPrivilegesToken
                                          • String ID:
                                          • API String ID: 2874748243-0
                                          • Opcode ID: a8808db664d937380185126b229a6735ed9a1879baf570ed4aee2aba68f47804
                                          • Instruction ID: 77dedfc66ddbb74e77af7d6bbc8521c42383fe67b3044ad46b4ca9e4e7712587
                                          • Opcode Fuzzy Hash: a8808db664d937380185126b229a6735ed9a1879baf570ed4aee2aba68f47804
                                          • Instruction Fuzzy Hash: 2B115E755003049FDB21CF69DC84B56FBE8EF04224F08C56EEE498B652D275E418CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA09A, Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: recv
                                          • String ID:
                                          • API String ID: 1507349165-0
                                          • Opcode ID: 4343d6eaa3cdc5ee7ec1cef81ea7b53fd8db2c81e57f9be1bbfdc0761eb524ff
                                          • Instruction ID: aaa9d7f5844b69cfbdf9590f6afff98ba71e85d2cff80ac521e5769ba59ed18b
                                          • Opcode Fuzzy Hash: 4343d6eaa3cdc5ee7ec1cef81ea7b53fd8db2c81e57f9be1bbfdc0761eb524ff
                                          • Instruction Fuzzy Hash: D701DF718002449FDB21CF59E884B66FFA4EF44324F08C4AEEE498B652D375A408CFB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB0BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 013FB0F5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: InformationQuerySystem
                                          • String ID:
                                          • API String ID: 3562636166-0
                                          • Opcode ID: be00c9143826e527be89693fd91d91c3b6472223465f7143a6affcf8696b03f3
                                          • Instruction ID: 4d11a322e8ad80d0c907507db8743e562128b237da828df527c8947caab7d71e
                                          • Opcode Fuzzy Hash: be00c9143826e527be89693fd91d91c3b6472223465f7143a6affcf8696b03f3
                                          • Instruction Fuzzy Hash: FF01AD714102449FEB21CF59D884B25FFA4EF48324F08C49EDE994B656C375A418CF72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003A88, Relevance: 2.7, APIs: 1, Instructions: 1230libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a08f8a096a110c600233cc70d689be7b9fa5b59449d413604cfcf413d8207486
                                          • Instruction ID: fe6ff288b3d0070790750bd35392853a38a0ab0e9b541bfaf9e20bbce1129a69
                                          • Opcode Fuzzy Hash: a08f8a096a110c600233cc70d689be7b9fa5b59449d413604cfcf413d8207486
                                          • Instruction Fuzzy Hash: 90D2A574A01A288FDB65DF69DC54B9EBBF6BB48302F1084E6D909A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003AB8, Relevance: 2.2, APIs: 1, Instructions: 696libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 54404e767f0335482e72d4a5167cd45e4c408b5b206e9527da6f87112d6ed394
                                          • Instruction ID: 15c453bb1084021e7b7b6803c8aad28373176aa7237352506c898fbfd6fdbb74
                                          • Opcode Fuzzy Hash: 54404e767f0335482e72d4a5167cd45e4c408b5b206e9527da6f87112d6ed394
                                          • Instruction Fuzzy Hash: 9B72B278A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003B0C, Relevance: 2.2, APIs: 1, Instructions: 686libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7d4815255c5874913f7ffa48f6f4faedc1807a6e4ba284138f09704e2abd4268
                                          • Instruction ID: cb7446c5ab4b99bdd8de8299f7f1d9b2e133e807c01c846cf9f7b5805a43787e
                                          • Opcode Fuzzy Hash: 7d4815255c5874913f7ffa48f6f4faedc1807a6e4ba284138f09704e2abd4268
                                          • Instruction Fuzzy Hash: 3F72B278A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003B60, Relevance: 2.2, APIs: 1, Instructions: 676libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 15f39e83c2f19b655ca3772927eab061e6967e98958d781c0c4173f5cfdc9784
                                          • Instruction ID: 7c3e30e6d93f4648e8f519aee42a3ce52afbda96377dd6b890e4849214f6e3eb
                                          • Opcode Fuzzy Hash: 15f39e83c2f19b655ca3772927eab061e6967e98958d781c0c4173f5cfdc9784
                                          • Instruction Fuzzy Hash: 0472B278A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003BB4, Relevance: 2.2, APIs: 1, Instructions: 666libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1c5e88d8d98fb7f618c57f5001d155004a75e231450906d1498e0b333d7d45ce
                                          • Instruction ID: 910fef7f71befbe8b0b6a9297380a7bd6896cb03690334f9d42a70650aa12241
                                          • Opcode Fuzzy Hash: 1c5e88d8d98fb7f618c57f5001d155004a75e231450906d1498e0b333d7d45ce
                                          • Instruction Fuzzy Hash: A172A278A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003C08, Relevance: 2.2, APIs: 1, Instructions: 656libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8b2ad5c53793439208a99c9c56aeefb1d1dc3f24226dbf45bab7167e73de5b55
                                          • Instruction ID: 9cacac950ea4106953a764b9503d2abb78aa09220296e67c5887922c2fc4a716
                                          • Opcode Fuzzy Hash: 8b2ad5c53793439208a99c9c56aeefb1d1dc3f24226dbf45bab7167e73de5b55
                                          • Instruction Fuzzy Hash: 4E72A278A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003C5C, Relevance: 2.1, APIs: 1, Instructions: 644libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f078fdba6d74d484c736c991f9c03911bb9da66432db2a2d615c01a77bfeaaa0
                                          • Instruction ID: 03267b93fa71562a29390a214e9962dbac68962638bfeb90e22144e6141ffe39
                                          • Opcode Fuzzy Hash: f078fdba6d74d484c736c991f9c03911bb9da66432db2a2d615c01a77bfeaaa0
                                          • Instruction Fuzzy Hash: 6B62A278A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003CA7, Relevance: 2.1, APIs: 1, Instructions: 636libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 880cfef9fc1f3349794a22ad369df557d048efbd31fea2e16bc78c2675f87d6f
                                          • Instruction ID: ef2cf6d5d735efea5b63f944bfb21dc2bcaac39d6a5315ab666666dd3b84eaed
                                          • Opcode Fuzzy Hash: 880cfef9fc1f3349794a22ad369df557d048efbd31fea2e16bc78c2675f87d6f
                                          • Instruction Fuzzy Hash: 6262A274A01A288FDB65DF68DC54B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003CFB, Relevance: 2.1, APIs: 1, Instructions: 626libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9b4f16dddb11a9694cbfe6c7b8e801e725a69298fab3df27ca66ddae1a9263c8
                                          • Instruction ID: ea274c5148a4714efcd2c51a1d0e971da56d58ef251dd9b7c7edc6f8af76c96a
                                          • Opcode Fuzzy Hash: 9b4f16dddb11a9694cbfe6c7b8e801e725a69298fab3df27ca66ddae1a9263c8
                                          • Instruction Fuzzy Hash: 5A62A274A01A288FDB65DF68DC94B9DBBF1FB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003D4F, Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 873e6a22cf565da4703fc274bb4107de954571933cfa3e878de544a1aefe3f51
                                          • Instruction ID: b2335120ba9792ffc9ba51a3dbfc180f5b5eee7fcd7590687b8fb951e6501c05
                                          • Opcode Fuzzy Hash: 873e6a22cf565da4703fc274bb4107de954571933cfa3e878de544a1aefe3f51
                                          • Instruction Fuzzy Hash: 6F62A274A01A288FDB65DF68DC54B9DBBF1BB48312F1085E69A09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003DAF, Relevance: 2.1, APIs: 1, Instructions: 603libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 40210084e7ec03f4914e047a537cdcced3fd814af18925b612d1caad6655f74e
                                          • Instruction ID: 0532db71ba69a2f102d217ebf09d880247d6da0b4cfec0ef547c949a07e27a0c
                                          • Opcode Fuzzy Hash: 40210084e7ec03f4914e047a537cdcced3fd814af18925b612d1caad6655f74e
                                          • Instruction Fuzzy Hash: 8E629274A01A288FDB65DF68DC54B9DBBF1BB48312F1085E6DA09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003E03, Relevance: 2.1, APIs: 1, Instructions: 593libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5ee469d8f564585905c58eb8d0879f6d2f1258c1970738e1c52b81b7504e8e68
                                          • Instruction ID: 916d8cb2145eb17bbbf8c63931959cb399b550d654480d196e0530019e41790d
                                          • Opcode Fuzzy Hash: 5ee469d8f564585905c58eb8d0879f6d2f1258c1970738e1c52b81b7504e8e68
                                          • Instruction Fuzzy Hash: 77529274A01A288FDB65DF68DC54B9DBBF1BB48312F1085E6DA09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003E57, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d68a1bb8c8747cf98fd455c166cf4805348e316af334451177290d79591443c6
                                          • Instruction ID: e458484d657e7b4ef8ba3310cabae701df93d0680ec6de71523ea51f9a99ca52
                                          • Opcode Fuzzy Hash: d68a1bb8c8747cf98fd455c166cf4805348e316af334451177290d79591443c6
                                          • Instruction Fuzzy Hash: 0152A274A01A288FDB65DF68DC94B9DBBF1BB48312F1085E6DA09A7354DB309E81CF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003EA2, Relevance: 2.1, APIs: 1, Instructions: 573libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8e2fdeaf5ef062665128045f7a68074e509e4bdab0fab516f172f2aa7bc5188d
                                          • Instruction ID: 5cf4eca9b5d49f1bb2436a99284c20736fd3a784b08ed51c34c5107a3bad58cd
                                          • Opcode Fuzzy Hash: 8e2fdeaf5ef062665128045f7a68074e509e4bdab0fab516f172f2aa7bc5188d
                                          • Instruction Fuzzy Hash: 3452A274A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF04
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003EF6, Relevance: 2.1, APIs: 1, Instructions: 563libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 11a653b9591c952d01ab1d26a0cde14f08d09e18c715e8191fa6efa7fffe0833
                                          • Instruction ID: 5a9826891017f92d5af269db570b7c98ae6c0bdac271ecac8a2af04c0f6bfab5
                                          • Opcode Fuzzy Hash: 11a653b9591c952d01ab1d26a0cde14f08d09e18c715e8191fa6efa7fffe0833
                                          • Instruction Fuzzy Hash: 9352A274A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003F4A, Relevance: 2.1, APIs: 1, Instructions: 551libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 281921197e46bead513883a7fa423a3375c0ef7f480a585411672baf96e751a3
                                          • Instruction ID: f5c19a9f5928d3855fffa972259f6015dba258bb7d80f4a28dbc20ec826b8c1a
                                          • Opcode Fuzzy Hash: 281921197e46bead513883a7fa423a3375c0ef7f480a585411672baf96e751a3
                                          • Instruction Fuzzy Hash: 5852A274A01A288FDB65DF69DC54B9DBBF2BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003F95, Relevance: 2.0, APIs: 1, Instructions: 543libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d929d1cbd38fd27067728d1230a8cf50654774f397c16040bba38f70b63f1fdf
                                          • Instruction ID: 6c678ddb641051a09b3af165da2fc37aa55978f1c159fe343d74608cee48206c
                                          • Opcode Fuzzy Hash: d929d1cbd38fd27067728d1230a8cf50654774f397c16040bba38f70b63f1fdf
                                          • Instruction Fuzzy Hash: 2642A374A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03003FE9, Relevance: 2.0, APIs: 1, Instructions: 533libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 08521cb4023700ad7b7573744309ae27f96bf37ad05be1940854418dc6efa067
                                          • Instruction ID: 0d9bb8bcc261c359e8ee2beeb9f17419d3108467ee74dc56cefb9b635dfb46c9
                                          • Opcode Fuzzy Hash: 08521cb4023700ad7b7573744309ae27f96bf37ad05be1940854418dc6efa067
                                          • Instruction Fuzzy Hash: 4542A374A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300403D, Relevance: 2.0, APIs: 1, Instructions: 523libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 52900c790906725cd023e46bb15ac34024ada00054120186f11b33b8f0fe0cb9
                                          • Instruction ID: 1bf8edf51be4618598a08a46e0e43c25c4aaf4b089b2bf894f5dc5b028662b0a
                                          • Opcode Fuzzy Hash: 52900c790906725cd023e46bb15ac34024ada00054120186f11b33b8f0fe0cb9
                                          • Instruction Fuzzy Hash: 6242A374A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004091, Relevance: 2.0, APIs: 1, Instructions: 513libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b7514d5cfc4f0e242a3f879dbc85250ff7aee7b6342b4ceea23ffed06852d062
                                          • Instruction ID: 4308ebeb19be9d7bb2b53c79d70b1869cee284e5374d584d997c85bbd1142f6f
                                          • Opcode Fuzzy Hash: b7514d5cfc4f0e242a3f879dbc85250ff7aee7b6342b4ceea23ffed06852d062
                                          • Instruction Fuzzy Hash: 3742A374A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030040E5, Relevance: 2.0, APIs: 1, Instructions: 503libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b51d14458e6f6e27d97535ac9a31f23529ba0460790adc313f4068993acf2433
                                          • Instruction ID: 227c81686ae34fa7e74f0f6e7f0a695fecc792f47da6f4e125a0c3756f59ef7a
                                          • Opcode Fuzzy Hash: b51d14458e6f6e27d97535ac9a31f23529ba0460790adc313f4068993acf2433
                                          • Instruction Fuzzy Hash: D342A374A01A288FDB65DF69DC94B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004139, Relevance: 2.0, APIs: 1, Instructions: 493libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3b7f984c09c14633e9637ba65245fd61447906ef740237a9af72a2e797d3368d
                                          • Instruction ID: 743e1d4a85b7462365ce40e8747adacac6162febb773f260a8ea2472663da9cd
                                          • Opcode Fuzzy Hash: 3b7f984c09c14633e9637ba65245fd61447906ef740237a9af72a2e797d3368d
                                          • Instruction Fuzzy Hash: A032A374A01A288FDB64DF69DC54B9DBBF2BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300418D, Relevance: 2.0, APIs: 1, Instructions: 483libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a83a6354e9988bce4597a686046cb3dae5ac3f05a277db1616c56d75e18db607
                                          • Instruction ID: d97f9a4f3789a5eadac45c874f086da23294edc7273d1ad28a9c50f2956ebb92
                                          • Opcode Fuzzy Hash: a83a6354e9988bce4597a686046cb3dae5ac3f05a277db1616c56d75e18db607
                                          • Instruction Fuzzy Hash: 6032A374A01A288FDB64DF69DC54B9DBBF2BB48302F1085E6DA09A7354DB309E81CF15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030041E1, Relevance: 2.0, APIs: 1, Instructions: 473libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9c804eafa94dea6ca782e59cf7030e9a7bc8e2f5b83c0f9959c3285056ac211f
                                          • Instruction ID: 0fa745f88ee47983d2fc675799e697cda85f2005e98f2d8369e329e6433c2e60
                                          • Opcode Fuzzy Hash: 9c804eafa94dea6ca782e59cf7030e9a7bc8e2f5b83c0f9959c3285056ac211f
                                          • Instruction Fuzzy Hash: CC32A374A01A288FDB64DF69DC54B9DBBF2BB48302F1085E6DA09A7354DB309E81CF15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004235, Relevance: 2.0, APIs: 1, Instructions: 463libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f5094744ba6c3e91ca1d5041f13701be548aede310056557d6c252ce52c182db
                                          • Instruction ID: 8fa66b1ca1ad6b8134fb376f92521a9da78df6e6f3d90eb25acd1bbcace4b95c
                                          • Opcode Fuzzy Hash: f5094744ba6c3e91ca1d5041f13701be548aede310056557d6c252ce52c182db
                                          • Instruction Fuzzy Hash: E632A474A01A288FDB65DF69DC54B9DBBF1BB48302F1085E6DA09A7354DB309E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004295, Relevance: 2.0, APIs: 1, Instructions: 450libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 37efc420a57f83c1fc77d7516e2f2a4ff1e94490b545b7fe685c6e80fed42b01
                                          • Instruction ID: ec6cd8a4ebdbdd5dd0313605c07cf2f993f04d92d3ad2c20fbbbda9a1ab7b6d3
                                          • Opcode Fuzzy Hash: 37efc420a57f83c1fc77d7516e2f2a4ff1e94490b545b7fe685c6e80fed42b01
                                          • Instruction Fuzzy Hash: 31229374A01A288FDB64DF69DC58B9DBBF1BB48302F1085E6DA09A7354DB309E81CF15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030042E9, Relevance: 1.9, APIs: 1, Instructions: 440libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: dd0373817fbbbc81b50e735fa64e784f7a620ac8e4366882612dee8e7afd1fb7
                                          • Instruction ID: 82c521438832fa516df2ebac780d4cbcb25ddf6cbf3b9459641ea0bea27b2ab3
                                          • Opcode Fuzzy Hash: dd0373817fbbbc81b50e735fa64e784f7a620ac8e4366882612dee8e7afd1fb7
                                          • Instruction Fuzzy Hash: 4522A374A01A288FDB64DF69DC58B9DBBF1BB48302F1085E6DA09A7354DB309E81CF15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004340, Relevance: 1.9, APIs: 1, Instructions: 430libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5ec8e24c0dd70a73c219cad974352c9f8600a08d2792c7627514749fe4b1b4dd
                                          • Instruction ID: b4e161425e49d6d08bdebd447f761458dedc4dfdc6b539298d4786c933ac7889
                                          • Opcode Fuzzy Hash: 5ec8e24c0dd70a73c219cad974352c9f8600a08d2792c7627514749fe4b1b4dd
                                          • Instruction Fuzzy Hash: F822A374A01A288FDB64DF69DC58B9DBBB1BF48302F1085E6DA09A7354DB309E81CF15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004397, Relevance: 1.9, APIs: 1, Instructions: 420libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 10f232da4cb726441344c7721932cd348ae471ac00b48ed75d964738c4b9b235
                                          • Instruction ID: 6bcaf10fd8379c0750e35be0b9244324bcc14c58aac7689c6dabac9541080a99
                                          • Opcode Fuzzy Hash: 10f232da4cb726441344c7721932cd348ae471ac00b48ed75d964738c4b9b235
                                          • Instruction Fuzzy Hash: 1822A474A016288FDB64DF69DC98B9DBBB1BF48302F1085E6DA09A7354DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030043EE, Relevance: 1.9, APIs: 1, Instructions: 408libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6bcea6fd50cfc8c6ef642eeddb9c8a61f8879edb2943b689daa77b22186ff6ae
                                          • Instruction ID: 958cfc8d5f67a6bbd873e13dbd03a247c65b8de1136ad326ad24a0b379e13665
                                          • Opcode Fuzzy Hash: 6bcea6fd50cfc8c6ef642eeddb9c8a61f8879edb2943b689daa77b22186ff6ae
                                          • Instruction Fuzzy Hash: A712A474A01A288FDB64DF69DC58B9DBBB1BF48302F1085E6DA0DA7354DA349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004439, Relevance: 1.9, APIs: 1, Instructions: 400libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 54a632f8d4368763a06da105e1c8af8bf5868aae0356322b580927c3d5a68845
                                          • Instruction ID: 2847d1396d171a05dcfd69f11bc920b8222d3426c6b85fea0b60901d106436a5
                                          • Opcode Fuzzy Hash: 54a632f8d4368763a06da105e1c8af8bf5868aae0356322b580927c3d5a68845
                                          • Instruction Fuzzy Hash: 8E12A474A016288FDB64DF69DC58B9DBBB1BF48302F1085E6DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004490, Relevance: 1.9, APIs: 1, Instructions: 390libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7251bc117cd8a89ff79b447997e9531a50cd1e0ac8c666c37f8ab56b44fe106c
                                          • Instruction ID: c0373e6c3938a1cedb54940dc105eda69ee809bc2cca18c6c1e69790408421d0
                                          • Opcode Fuzzy Hash: 7251bc117cd8a89ff79b447997e9531a50cd1e0ac8c666c37f8ab56b44fe106c
                                          • Instruction Fuzzy Hash: 0B12A474A016288FDB64DF69DC58B9DBBB1BF48302F1085E6DA0DA7354DA349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030044E7, Relevance: 1.9, APIs: 1, Instructions: 380libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8b2ed91deadd56778cdcfb97df79c8be2faff3a0d18f91730514f34d4cbecc1f
                                          • Instruction ID: f40a2827523cfc6d5eddecc2f404e22e372e89d6661d3c4df9e75bfb7a201026
                                          • Opcode Fuzzy Hash: 8b2ed91deadd56778cdcfb97df79c8be2faff3a0d18f91730514f34d4cbecc1f
                                          • Instruction Fuzzy Hash: EA02B474A016288FDB64DF69DC98B9DBBB1BF48302F1085E6DA0DA7354DA349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300453E, Relevance: 1.9, APIs: 1, Instructions: 370libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 814421ef42a7a6d61eeb54c6a54abfb8917bf3da3f0ebd7f4b2c35514a1d47c8
                                          • Instruction ID: 586ae54dceb712c5bcfaf5513de6a5a6d5b1a31ae0a88eb645c51cabd1e5838f
                                          • Opcode Fuzzy Hash: 814421ef42a7a6d61eeb54c6a54abfb8917bf3da3f0ebd7f4b2c35514a1d47c8
                                          • Instruction Fuzzy Hash: 3B02B474A016288FDB64DF69DC98B9DBBB1BF48302F1085E6DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004595, Relevance: 1.9, APIs: 1, Instructions: 360libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 25b0cfcd3639ec2f2c8bab12daed3f48f0b3507f70356996f5a19a9e6795b40a
                                          • Instruction ID: 59dc2c44f5b77b3f819daf134e6aee0f674228aafcda1cc18e7b5add2aa02293
                                          • Opcode Fuzzy Hash: 25b0cfcd3639ec2f2c8bab12daed3f48f0b3507f70356996f5a19a9e6795b40a
                                          • Instruction Fuzzy Hash: 2002C574A016288FDB64DF69DC98B9DBBB1BF48302F1085E6DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030045EC, Relevance: 1.8, APIs: 1, Instructions: 350libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3491097f9c958b8e44cd73b1794bc1f4d74f6b599e410495801b9aae3504e696
                                          • Instruction ID: 093630ec67f74d9dd83f61307badc8abe987ff1473b131f7a2f0bd705dba0f73
                                          • Opcode Fuzzy Hash: 3491097f9c958b8e44cd73b1794bc1f4d74f6b599e410495801b9aae3504e696
                                          • Instruction Fuzzy Hash: 04F1C574A016288FDB64DF69DC58B9DBBB2BF48302F1085E6DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004643, Relevance: 1.8, APIs: 1, Instructions: 340libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d37125a70f147ef1260c396387ceef1f7bdd17535c585b14c6c28c5f28cd1c48
                                          • Instruction ID: ae4ed3f28d1c25fd100710c2a82ced97c17d8d12c84de66f6298d3fcde464e15
                                          • Opcode Fuzzy Hash: d37125a70f147ef1260c396387ceef1f7bdd17535c585b14c6c28c5f28cd1c48
                                          • Instruction Fuzzy Hash: 68F1D674A016288FDB65DF69CC98B9DBBB1BF48302F1085E6DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300469A, Relevance: 1.8, APIs: 1, Instructions: 328libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f301b05d778a77d60fe0d9563021239235cf5bce68047207cfa232af40b50fa7
                                          • Instruction ID: 5aff29ae79aef5dcfa5e33be1280c84dd355da97c2d152bc0643f52074e432f6
                                          • Opcode Fuzzy Hash: f301b05d778a77d60fe0d9563021239235cf5bce68047207cfa232af40b50fa7
                                          • Instruction Fuzzy Hash: 6EF1D774A016288FDB65DF69CC58B9DBBB1BF48302F1085E5DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030046E5, Relevance: 1.8, APIs: 1, Instructions: 320libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 02d5d1c8333958b92cdf21ed1657199ce5af09de2f7c7491ee2b7bd83dc0e069
                                          • Instruction ID: 17010f868580ecf6d77a95fb099c8da0db9dcf76c1fa280bd62ed425605f3ac0
                                          • Opcode Fuzzy Hash: 02d5d1c8333958b92cdf21ed1657199ce5af09de2f7c7491ee2b7bd83dc0e069
                                          • Instruction Fuzzy Hash: 08E1E674A016288FDB64DF69CC98B9DBBB2BF48302F1085E5DA0DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300473C, Relevance: 1.8, APIs: 1, Instructions: 310libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a81b83da76c13863c838eb90beb1884cda252075b1003a300b15cf4e32425e20
                                          • Instruction ID: 6ec17e1646823ba294465930f5ea6e827fda4e5f3d0034d2824e1fcb35591c32
                                          • Opcode Fuzzy Hash: a81b83da76c13863c838eb90beb1884cda252075b1003a300b15cf4e32425e20
                                          • Instruction Fuzzy Hash: 94E1F574A016288FDB65DF69CC98B9EBBB2BF48302F1085E5D60DA7254DB349E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004793, Relevance: 1.8, APIs: 1, Instructions: 298libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 68ad2d03629a3f8f1474fffdfcaa70235932b88e9676688271db462dded6ab08
                                          • Instruction ID: 5ceb0f61ed1c3550c4a33c14eef252d8e77e7a773b85d5a4b8d805ef84098fcb
                                          • Opcode Fuzzy Hash: 68ad2d03629a3f8f1474fffdfcaa70235932b88e9676688271db462dded6ab08
                                          • Instruction Fuzzy Hash: 7EE10574A016288FDB65DF69CC98B9EBBB2BF48302F1084E5D60DA7254DB349E81CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030047DE, Relevance: 1.8, APIs: 1, Instructions: 290libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2680d077933165a5745ea8be0a28ce996174c57aa7d068fa1b9d7d3776c0370d
                                          • Instruction ID: 459c433fde4396266cf7e095fd09c723a1191b8ac1029bb7e0547676e0ce33ab
                                          • Opcode Fuzzy Hash: 2680d077933165a5745ea8be0a28ce996174c57aa7d068fa1b9d7d3776c0370d
                                          • Instruction Fuzzy Hash: 73D10674A016288FDB65DF69CC98B9EBBB2BF48302F1084E5D60DA7254DB349E81CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03004835, Relevance: 1.8, APIs: 1, Instructions: 280libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4228a018ece4909d4586312365ea9afd551a772dcee24966c5df3aea1c749a73
                                          • Instruction ID: 7bb59f9ff620f375749be4721c881088b55d61aa84c07f4a7abade4cd053e9dd
                                          • Opcode Fuzzy Hash: 4228a018ece4909d4586312365ea9afd551a772dcee24966c5df3aea1c749a73
                                          • Instruction Fuzzy Hash: 0DD11574A016288FDB65DF69CC98B9EBBB2BF48302F1085E5D60DA7254DB349E81CF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300488C, Relevance: 1.8, APIs: 1, Instructions: 270libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 882543c4d7b2cc337339d9fce2fa121ef778a4e667c5bb3255cb003533cd6774
                                          • Instruction ID: 80cb2739a2d7fcaf314f7381f75cb7321fc423862f4f2d1261177747f4969536
                                          • Opcode Fuzzy Hash: 882543c4d7b2cc337339d9fce2fa121ef778a4e667c5bb3255cb003533cd6774
                                          • Instruction Fuzzy Hash: 9DC12674A016288FDB65EF69CC58B9EBBB2BF48302F1084E5D60DA7254DB349E81CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030048E3, Relevance: 1.8, APIs: 1, Instructions: 260libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 791c1bf31b968024c3c4207494874bb392fb11fda19b1bd1e65dc2ff449c8948
                                          • Instruction ID: f8a835bfeb7c0154eed0edf982d3ada0bd76de9f5145ad943d91930e01773eba
                                          • Opcode Fuzzy Hash: 791c1bf31b968024c3c4207494874bb392fb11fda19b1bd1e65dc2ff449c8948
                                          • Instruction Fuzzy Hash: A4C13774A016288FDB61EF69CC58B9EBBB2BF88301F1084E5D50DA7254DB349E81CF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064E9E6F, Relevance: 1.7, APIs: 1, Instructions: 186libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505518872.00000000064E0000.00000040.00000001.sdmp, Offset: 064E0000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c41565bac3eae24f84114992b4136fc02a4dd6e0f6f969f47a9a080ab560ffc6
                                          • Instruction ID: ca7cb1ac9e927cf8a9ae37fd296d1764c28640f4ae7762dee3027673738cff8d
                                          • Opcode Fuzzy Hash: c41565bac3eae24f84114992b4136fc02a4dd6e0f6f969f47a9a080ab560ffc6
                                          • Instruction Fuzzy Hash: BE51A070B013059FDB55DBB8D844AAE7BB6FF84304F20896AE505EF285EB34D845CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064E9ED0, Relevance: 1.7, APIs: 1, Instructions: 155libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505518872.00000000064E0000.00000040.00000001.sdmp, Offset: 064E0000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bdeed291f69cb84bbb9b215d3114a4c7278e90d199e80dc8fe109c0afb4da789
                                          • Instruction ID: 84c59f3e3c11705b7c6220260dbb928cc1b8f88f2e5bd4ab73ff669b7dc8cc8e
                                          • Opcode Fuzzy Hash: bdeed291f69cb84bbb9b215d3114a4c7278e90d199e80dc8fe109c0afb4da789
                                          • Instruction Fuzzy Hash: C7516170B002059BDB55EBB9D554AAEB7B6FF84304F108929E506DF284DF30D845CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1D0D, Relevance: 1.6, APIs: 1, Instructions: 106networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 05ED1DD6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Socket
                                          • String ID:
                                          • API String ID: 38366605-0
                                          • Opcode ID: 379e514d7dc9bc303172101e2fba4cc4d132071e74d28d8aba48895f821682ec
                                          • Instruction ID: 32bdfb79d6a20ff51410b0010a546a76f9f4876d7cfc88deda8ee54dda413dfa
                                          • Opcode Fuzzy Hash: 379e514d7dc9bc303172101e2fba4cc4d132071e74d28d8aba48895f821682ec
                                          • Instruction Fuzzy Hash: 4A415D7140D7C09FE7238B659C64B66BFB4AF07210F1985DBE9C48F1A3C265A809CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2AE7, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                          Download Yara Rule
                                          APIs
                                          • getaddrinfo.WS2_32(?,00000E2C), ref: 05ED2BBB
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: getaddrinfo
                                          • String ID:
                                          • API String ID: 300660673-0
                                          • Opcode ID: 8a14f01b09300993939820f0ed838f17030a2a022da7d34f47eec26da694bd50
                                          • Instruction ID: c47ac37f33919a18efe265bc835cf7baff21c8940043a09c34c50132edf5e066
                                          • Opcode Fuzzy Hash: 8a14f01b09300993939820f0ed838f17030a2a022da7d34f47eec26da694bd50
                                          • Instruction Fuzzy Hash: 3C31C2711042846FEB218B65CC84FA6BFACEF05310F14859AFA849B182D275A909CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED0E04, Relevance: 1.6, APIs: 1, Instructions: 96fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05ED0EB1
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 6b73e2df315400a3b61f4d813df8f3f9eff63394f19c0cc6c26e4c8df0014636
                                          • Instruction ID: 914b348c755140c519484995c34e4df59698a9b49c5f4b020d660402b67869e1
                                          • Opcode Fuzzy Hash: 6b73e2df315400a3b61f4d813df8f3f9eff63394f19c0cc6c26e4c8df0014636
                                          • Instruction Fuzzy Hash: A3317E71504280AFEB22CF65DC44F66FFE8EF06214F0884AAE9858B252D375E409CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2D99, Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAIoctl.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2E4D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Ioctl
                                          • String ID:
                                          • API String ID: 3041054344-0
                                          • Opcode ID: 021b207987cd6aa7e0e51d79d843c7899d4c22590d9672ead38efab833182b7d
                                          • Instruction ID: bc487b02054ae871a384e7e432038ee54a9ffd3c5d1e7ac41fa2ae93447bd313
                                          • Opcode Fuzzy Hash: 021b207987cd6aa7e0e51d79d843c7899d4c22590d9672ead38efab833182b7d
                                          • Instruction Fuzzy Hash: 00319475509780AFE722CF65DC80F56FFB8EF05314F08859AE9858B162D334A809DB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED14C3, Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED1578
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 0eb99592213db610ea0e509877a1f5a2845f78987c0f2548d924c5be1a5e30d2
                                          • Instruction ID: f40e6959759f86a1ed11dce8887b14fc45501513e87d890ccd3114cf561e91a4
                                          • Opcode Fuzzy Hash: 0eb99592213db610ea0e509877a1f5a2845f78987c0f2548d924c5be1a5e30d2
                                          • Instruction Fuzzy Hash: A9316F725093846FEB22CF64DC84F97BFB8AF46310F08899AE9859B152D364A509CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA8D9, Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 013FA989
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: f613db876a66a33291089c53c921b1c23f5dfedf9758e2e88760d2bbfea9fb29
                                          • Instruction ID: 775276a2677e7b92a79fa0e6ddf802e645e3bc02af3df5540f032bc422e52fc6
                                          • Opcode Fuzzy Hash: f613db876a66a33291089c53c921b1c23f5dfedf9758e2e88760d2bbfea9fb29
                                          • Instruction Fuzzy Hash: 4F3184764087846FE7228F65DC84F57FFBCEF06310F08859BEA859B152D224A948CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED214C, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                          Download Yara Rule
                                          APIs
                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 05ED21E3
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: DescriptorSecurity$ConvertString
                                          • String ID:
                                          • API String ID: 3907675253-0
                                          • Opcode ID: abdb701e57e1a3a0f57253f907a4e6150d6173cae53c798a33d7a609e27f8079
                                          • Instruction ID: af51533fbc7541a15819e842623eed5717f1d8eab64d56032e492a52df2a6119
                                          • Opcode Fuzzy Hash: abdb701e57e1a3a0f57253f907a4e6150d6173cae53c798a33d7a609e27f8079
                                          • Instruction Fuzzy Hash: 6D3181715043446FEB218F65DC45F67BFA8EF05320F0884AAF984DB152D264A909CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA9D1, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FAA8C
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 78bc5fed409a36fa12292ac74a8ffdb8cf132c6f744c4c77d3c9c7f3206bc33d
                                          • Instruction ID: 4c84c8214f5243c98456b6c74bcad1e82f1c31f1c976de7b42dd50938b1b0429
                                          • Opcode Fuzzy Hash: 78bc5fed409a36fa12292ac74a8ffdb8cf132c6f744c4c77d3c9c7f3206bc33d
                                          • Instruction Fuzzy Hash: 263184715097846FEB22CB65CC84F52BFB8EF06314F08849AEA858B252D264E94DCB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED23E4, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: FileView
                                          • String ID:
                                          • API String ID: 3314676101-0
                                          • Opcode ID: 507f60470f8dc6e88193bb16680781d99ff696341b53e4bc13b2a60151577169
                                          • Instruction ID: 5252e9b4bdbea6270557b01f611393724aa77da701e69e814823ea0a1bf1a895
                                          • Opcode Fuzzy Hash: 507f60470f8dc6e88193bb16680781d99ff696341b53e4bc13b2a60151577169
                                          • Instruction Fuzzy Hash: 0931E2B2404784AFE722CF55DC84F56FFF8FF06320F08859AE9848B252D364A909CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2E97, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAEventSelect.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2F3E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: EventSelect
                                          • String ID:
                                          • API String ID: 31538577-0
                                          • Opcode ID: f03f16d2c9193e8ea2c1a7c5e39cedb769be2587b6ed429eee11a2eb9586e91d
                                          • Instruction ID: 8e460c56fad23e55df5612b40973231a13f2bfc960f047a8b439bcf6e4b35715
                                          • Opcode Fuzzy Hash: f03f16d2c9193e8ea2c1a7c5e39cedb769be2587b6ed429eee11a2eb9586e91d
                                          • Instruction Fuzzy Hash: 1A319FB64093846FE7138B65DC90B96FFA8EF06214F0884DBEA849B153D224A509C771
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED204E, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED20F8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 06a48a3570e25a4f115550660950bac18d9082eecda3044f16b46b5b772c0888
                                          • Instruction ID: 4266590167665047e5437468caaedcad3e1d8e2808e985313369262d5e9ad2a3
                                          • Opcode Fuzzy Hash: 06a48a3570e25a4f115550660950bac18d9082eecda3044f16b46b5b772c0888
                                          • Instruction Fuzzy Hash: FB31D1764093806FEB22CF65CC40F96BFB8EF06314F0884DAEA859B153D264A409C771
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB21C, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                          • TerminateProcess.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FB2B0
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ProcessTerminate
                                          • String ID:
                                          • API String ID: 560597551-0
                                          • Opcode ID: 86b705c2af8b137285a485ae23d2fc38f64621af9b3d578acb39c4df51f0edb9
                                          • Instruction ID: 2c9bb557b2642b89fbec0295ee6c9dc37bd61c9bae0da1a2e4f461919f313d32
                                          • Opcode Fuzzy Hash: 86b705c2af8b137285a485ae23d2fc38f64621af9b3d578acb39c4df51f0edb9
                                          • Instruction Fuzzy Hash: F521F9B55093806FE7128F65DC85B96BFB8EF46320F0884EBE984CF193D264A505C771
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2699, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 05ED2739
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: e7aa05fa7dddab4feafcb96b2212354b9fca8f3942aee9767464b6c011f4626a
                                          • Instruction ID: 735d5ecbff6985bd02bd16737dae1d42fa796267dd58bb1f50184fb4e109110e
                                          • Opcode Fuzzy Hash: e7aa05fa7dddab4feafcb96b2212354b9fca8f3942aee9767464b6c011f4626a
                                          • Instruction Fuzzy Hash: 9D318675509380AFE722CF65DC85F56FFF8EF05214F0884AAE9848B252D365E905CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA120, Relevance: 1.6, APIs: 1, Instructions: 85networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 013FA1C2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: Startup
                                          • String ID:
                                          • API String ID: 724789610-0
                                          • Opcode ID: ba061315ac2d4d42b84efd067bcf51d1c1f9a53468cbf1e9f4b5773c3be724ff
                                          • Instruction ID: 988cce6b005598b220c421d4d2749e04db7627d8e79b70ffae19a66402aca400
                                          • Opcode Fuzzy Hash: ba061315ac2d4d42b84efd067bcf51d1c1f9a53468cbf1e9f4b5773c3be724ff
                                          • Instruction Fuzzy Hash: 9931B17140D3C05FD3138B758C55AA6BFB4EF47620F1D85DBD9848F193D229A809CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB309, Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 013FB3B6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: FormatMessage
                                          • String ID:
                                          • API String ID: 1306739567-0
                                          • Opcode ID: c85f6b62988259f289ac42cb29c2054e8b702b89d72ae1e57ce95ebc28c07219
                                          • Instruction ID: 6a7378cc643342d0fb68627fe2c3717a3023473d5f3b09261f04285d6126dc62
                                          • Opcode Fuzzy Hash: c85f6b62988259f289ac42cb29c2054e8b702b89d72ae1e57ce95ebc28c07219
                                          • Instruction Fuzzy Hash: 52319E7254E3C05FD7138B658C55A66BFB4EF47610F0980DBE884CF2A3E624A909C7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2B16, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          • getaddrinfo.WS2_32(?,00000E2C), ref: 05ED2BBB
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: getaddrinfo
                                          • String ID:
                                          • API String ID: 300660673-0
                                          • Opcode ID: 244519f82bf0f8074c8160bfcee58159fd1f1a0e851cfee53848257e704dd69e
                                          • Instruction ID: 2aa6ee7330e64a72516561e0d45cf1fb6950ce7f4b0da87a2da58efd3ed27c54
                                          • Opcode Fuzzy Hash: 244519f82bf0f8074c8160bfcee58159fd1f1a0e851cfee53848257e704dd69e
                                          • Instruction Fuzzy Hash: 3121F7B1500204AFFB20DF64DC85FAAFBACEF04310F10885AFA859A181D6B4A5058BB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED13DA, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 05ED146E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: b8702431fa127db5dd1077a0d366c453a2f9cd22baf7c54bdc8d204fbdc5da5f
                                          • Instruction ID: ded1cf8bc2bffe2a28a793f26b54f5bfa6b95d20eaaa2bb42bd007102759ce12
                                          • Opcode Fuzzy Hash: b8702431fa127db5dd1077a0d366c453a2f9cd22baf7c54bdc8d204fbdc5da5f
                                          • Instruction Fuzzy Hash: 1A2180B15053446FE7218F65DC45F6BFFB8EF05310F18859AED84DB152D264A908CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB711, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32GetModuleInformation.KERNEL32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FB7A2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: InformationModule
                                          • String ID:
                                          • API String ID: 3425974696-0
                                          • Opcode ID: 05dd6cb5a6901eec32c628c314f024c919309e9489a65e061ab9f8afdee05243
                                          • Instruction ID: 63ee3b9d8ebd5f8f9c5280ec41fdffc649c71f3302ecf39acad8a2c239ec86f0
                                          • Opcode Fuzzy Hash: 05dd6cb5a6901eec32c628c314f024c919309e9489a65e061ab9f8afdee05243
                                          • Instruction Fuzzy Hash: 0321B1B15053846FE7228F65CC84F66FFACEF02220F0884AAEA44CB152D264E808CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2790, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                          Download Yara Rule
                                          APIs
                                          • shutdown.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2824
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: shutdown
                                          • String ID:
                                          • API String ID: 2510479042-0
                                          • Opcode ID: 5ee258d77d5b50dac967fab2fc04401d8048987985a097d5518124fd258d296f
                                          • Instruction ID: 0bfbc9ec711a869fadf2f3471ab313935d350fa5356880ca1137ec02d6c47dea
                                          • Opcode Fuzzy Hash: 5ee258d77d5b50dac967fab2fc04401d8048987985a097d5518124fd258d296f
                                          • Instruction Fuzzy Hash: A121D6B54053846FE712CB54DC85F96BFA8FF41724F0884AAEA849F193D3746406C771
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB808, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 013FB8AE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: FileModuleName
                                          • String ID:
                                          • API String ID: 514040917-0
                                          • Opcode ID: 426f190fabfc2ec0c76f1419455e5e791c7e551fc49eaf9553f048d9fbcb2962
                                          • Instruction ID: 3e7451b19e2afd31142152e11d0c1811bd0b49f1fb58ff1fca2d023a0cfe9048
                                          • Opcode Fuzzy Hash: 426f190fabfc2ec0c76f1419455e5e791c7e551fc49eaf9553f048d9fbcb2962
                                          • Instruction Fuzzy Hash: 7121B1715093C06FD312CB65CC55B66BFB4EF47610F0980DBD8848F193D624A909C7B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2874, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessTimes.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED28FD
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: ProcessTimes
                                          • String ID:
                                          • API String ID: 1995159646-0
                                          • Opcode ID: 63cb7c2f2f3b0d3a722ced32b74c82b17207afec99295e1b11978ef64b8306bd
                                          • Instruction ID: 89d9493deae67349a730c28f5eabc0ee65ec7840e749b60e7120fd0c9f9cf567
                                          • Opcode Fuzzy Hash: 63cb7c2f2f3b0d3a722ced32b74c82b17207afec99295e1b11978ef64b8306bd
                                          • Instruction Fuzzy Hash: BA21B575505380AFEB228F65DC44F66FFB8EF06310F0884AAFA859B152D234A409C775
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED0F08, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED0F9D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: 14dafda7c2cfd3ae8fc3e3cde03867834d112bd9baf35fc5a2852b62954a0817
                                          • Instruction ID: d8e368fc257f1a8c979c633fa040177a3707a7985addddc618ad06d4bb2bb7f2
                                          • Opcode Fuzzy Hash: 14dafda7c2cfd3ae8fc3e3cde03867834d112bd9baf35fc5a2852b62954a0817
                                          • Instruction Fuzzy Hash: 1C2128B64087806FE712CB25DC81BA2FFB8EF42320F1884DAE9848B153D224A909C771
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1308, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegEnumKeyExW.KERNELBASE(?,00000E2C,?,?), ref: 05ED13AE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Enum
                                          • String ID:
                                          • API String ID: 2928410991-0
                                          • Opcode ID: dbce95b6bf1fdcecfa7664fd4c90c77a6662bee17ef055278ba692c32d2962af
                                          • Instruction ID: 9ad14b1a311603401c6a89e1d0e0f512a6a3441879f479bccb318d4be3b3bfec
                                          • Opcode Fuzzy Hash: dbce95b6bf1fdcecfa7664fd4c90c77a6662bee17ef055278ba692c32d2962af
                                          • Instruction Fuzzy Hash: B721916540E3C06FC3138B358C55A15BFB4EF47A10F1D81CFD8848B5A3D225A919C7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2302, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                          Download Yara Rule
                                          APIs
                                          • OpenFileMappingW.KERNELBASE(?,?), ref: 05ED238D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: FileMappingOpen
                                          • String ID:
                                          • API String ID: 1680863896-0
                                          • Opcode ID: 85c781c98e38a7cdb9900a273c1cc70d0c4496c42ea29eb4320464bfa9cfdc16
                                          • Instruction ID: 77e75ea66a0791b38f051cdf32e8e1d48b63375a44248e33c7ddecabdbab0988
                                          • Opcode Fuzzy Hash: 85c781c98e38a7cdb9900a273c1cc70d0c4496c42ea29eb4320464bfa9cfdc16
                                          • Instruction Fuzzy Hash: A62191715053806FE721CF65DC44F66FFE8EF05220F0884AAED849B252D375A508CB75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED069C, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05ED0737
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 3dcd776c5e3632b60f72471ac75dd5901aa2bfa42664b3b4ca7eae791447149f
                                          • Instruction ID: 7061f172ab20625fa1935c0b0a3f83c58dcf08c18a162387e3035a78f2e541dd
                                          • Opcode Fuzzy Hash: 3dcd776c5e3632b60f72471ac75dd5901aa2bfa42664b3b4ca7eae791447149f
                                          • Instruction Fuzzy Hash: 7721C8711093806FE7228B25CC85FA6FFB8EF06724F1884DAE9855F192D2646949CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2172, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                          Download Yara Rule
                                          APIs
                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 05ED21E3
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: DescriptorSecurity$ConvertString
                                          • String ID:
                                          • API String ID: 3907675253-0
                                          • Opcode ID: 10f7bd70a972c197760e9ae35b06b7196723f9f22b62a4cbfbab5c9c873aa155
                                          • Instruction ID: 54d0c5a9ab85d510f8c985702713233874fb1084a0555f577a899edee0535ceb
                                          • Opcode Fuzzy Hash: 10f7bd70a972c197760e9ae35b06b7196723f9f22b62a4cbfbab5c9c873aa155
                                          • Instruction Fuzzy Hash: ED21A176500204AFEB20DF69DC85F6AFBACEF04320F14D46AEE85DB241D674E5098B75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED0E32, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05ED0EB1
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: eefb92db55679e7d286301bc4fc957c718be910cffc3a9dcbaf4ede48e340d13
                                          • Instruction ID: 661d056ae6aef079018ee8f33b4d37f1a0dab84551644c2f8facaa53b5e7f079
                                          • Opcode Fuzzy Hash: eefb92db55679e7d286301bc4fc957c718be910cffc3a9dcbaf4ede48e340d13
                                          • Instruction Fuzzy Hash: 76218E71504240AFEB21DF69DC84B66FBE8FF08324F18846AED859B252E771E405CB75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB570, Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 013FB60A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: c606da3c5fe4dfc096a741d33858cf857795e2d141ce010fd3972a15dc37a9b1
                                          • Instruction ID: c8828e8ddd53db67963e90a4912ebc59b89bf575982eaf6e97c5811b378c3bae
                                          • Opcode Fuzzy Hash: c606da3c5fe4dfc096a741d33858cf857795e2d141ce010fd3972a15dc37a9b1
                                          • Instruction Fuzzy Hash: 0B21D7755093C06FD3138B25DC51B62BFB8EF87A20F0981DBE9848B653D225A919C7B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2CC6, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          • ioctlsocket.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2D4F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: ioctlsocket
                                          • String ID:
                                          • API String ID: 3577187118-0
                                          • Opcode ID: 6159a13f0fbd88acce8c6f8c4aec9d66e8a68fc685f62381b3b495d4993ee155
                                          • Instruction ID: d3a8fcb0bf5fa60347f3e636b4ad5fa40498b6512054bac9e96a0411d27947f9
                                          • Opcode Fuzzy Hash: 6159a13f0fbd88acce8c6f8c4aec9d66e8a68fc685f62381b3b495d4993ee155
                                          • Instruction Fuzzy Hash: 212171B54093846FE7128B65DC84F96BFB8EF46314F0884ABEA849F152D264A509C771
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA90A, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 013FA989
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: dae88e91e843e3fe9cf20dc7e59a98ba09ec777bff98adddea5393f290ee98c8
                                          • Instruction ID: 1f968a3ee8f06bd91a12ed1f9febb1bd960913f83d035796545084a5c02d4c67
                                          • Opcode Fuzzy Hash: dae88e91e843e3fe9cf20dc7e59a98ba09ec777bff98adddea5393f290ee98c8
                                          • Instruction Fuzzy Hash: 2E21C6B6500208AFE7219F59DC84F6BFBECEF04310F14856EEE459B641D674E5088B71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED13FA, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 05ED146E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: 31f5a68d434127b5ec44ee84e267d9566b69c115a896180c18672e986bc26100
                                          • Instruction ID: 07e6bc496ee27f2d59cdf292d37d69488b6daaa49fc0eb21445993d5bcf78f96
                                          • Opcode Fuzzy Hash: 31f5a68d434127b5ec44ee84e267d9566b69c115a896180c18672e986bc26100
                                          • Instruction Fuzzy Hash: FF21A1B1900204AFEB20DF55DC85F7BFBA8EF04710F14886AED85DB241D674A505CA71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2F88, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED301D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: AdaptersAddresses
                                          • String ID:
                                          • API String ID: 2506852604-0
                                          • Opcode ID: 158064ce144925512c53f2d09cf8cc7afeed5772ee76c4e42c544d7523ae682d
                                          • Instruction ID: fc441152f4b5d1010c6bd050545742988c1cf5f3afcff50f51bb4ec307f63c40
                                          • Opcode Fuzzy Hash: 158064ce144925512c53f2d09cf8cc7afeed5772ee76c4e42c544d7523ae682d
                                          • Instruction Fuzzy Hash: EE21D6714093846FEB228F15DC84F66FFB8EF06314F08849BEA845B153C265A908CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB636, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32EnumProcessModules.KERNEL32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FB6B2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: EnumModulesProcess
                                          • String ID:
                                          • API String ID: 1082081703-0
                                          • Opcode ID: a037460e37b7cb204730a98042714f2b19efddf916cd8847da93ca572f3d33aa
                                          • Instruction ID: 050e81f15427f51883e0fcb02fac038a73f0dda07fb5145eebff88a616b3d926
                                          • Opcode Fuzzy Hash: a037460e37b7cb204730a98042714f2b19efddf916cd8847da93ca572f3d33aa
                                          • Instruction Fuzzy Hash: A92192B15053846FEB22CF65DC85F56FFB8EF45220F0884AAFA45DB152D264A848CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED26C6, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 05ED2739
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 3ea0abd5802356e88c094805da3c45d658a17bf52948ae860d04602d4870e754
                                          • Instruction ID: 2d81f31c818dea2073712c70aaf2303fb49dc50f718aa96ca04430df6eb74b9b
                                          • Opcode Fuzzy Hash: 3ea0abd5802356e88c094805da3c45d658a17bf52948ae860d04602d4870e754
                                          • Instruction Fuzzy Hash: 8D21CF76504240AFF721DF69DC84BAAFBE8EF04314F04846AEE898B282D770E405CA71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2DD2, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAIoctl.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2E4D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Ioctl
                                          • String ID:
                                          • API String ID: 3041054344-0
                                          • Opcode ID: fdeaf510448cc49cf153f0372da19f6edeba76e9102264c2a7a40feb7fb3621f
                                          • Instruction ID: cacd0d9e212e412859f2846e5464abd1ad43d6309eead9bced3c79d051cb6bde
                                          • Opcode Fuzzy Hash: fdeaf510448cc49cf153f0372da19f6edeba76e9102264c2a7a40feb7fb3621f
                                          • Instruction Fuzzy Hash: BC219F75504204AFEB22CF55DC84FA6FBE8EF04710F04896AEE898B251D730E405CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FACEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 013FAD6A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 9aca1dad25c22da2fa1e78664d0018f9e07fac3bc37c8b94ec4672636a94e815
                                          • Instruction ID: dfefd637f814adc067f048adbbd564cf11bcb7b5280f45b5919e1cb3b9afae23
                                          • Opcode Fuzzy Hash: 9aca1dad25c22da2fa1e78664d0018f9e07fac3bc37c8b94ec4672636a94e815
                                          • Instruction Fuzzy Hash: D32183755093805FD7128F69DC95B96BFB8EF06214F0984EBE989CF293D264D808C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED10BA, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                          Download Yara Rule
                                          APIs
                                          • setsockopt.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED1139
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: setsockopt
                                          • String ID:
                                          • API String ID: 3981526788-0
                                          • Opcode ID: b77b1c475bb2b7ed02f288ba17dab578124c889a08347a324c4c1d9eaddd5f2e
                                          • Instruction ID: 1f0c1f5254b856b65b37c8023031a21d0e85521944dbb95ce5bafaac1e675390
                                          • Opcode Fuzzy Hash: b77b1c475bb2b7ed02f288ba17dab578124c889a08347a324c4c1d9eaddd5f2e
                                          • Instruction Fuzzy Hash: 7F216271405384AFEB22CF65DC84F57FFB8EF45310F0884AAEA859B152D274A409CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED305A, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05ED30DE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Connect
                                          • String ID:
                                          • API String ID: 3144859779-0
                                          • Opcode ID: 8f1f21de5de448d497d14e4a96a1b4312da90d1ae31a2d5b38c044b8eebc3dc3
                                          • Instruction ID: dcbb84f96cc07ee980d81ce31298644838a8b1b8f1bf454ded0a0a40571477e6
                                          • Opcode Fuzzy Hash: 8f1f21de5de448d497d14e4a96a1b4312da90d1ae31a2d5b38c044b8eebc3dc3
                                          • Instruction Fuzzy Hash: 972190754093849FDB22CF61DC84A92FFB4EF0A214F0984DEE9858B163D275A809CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1506, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED1578
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 980428db8704a20eaeacdd72c15d4ee7526e241881cb1464c0cf215e3fe2a4dc
                                          • Instruction ID: 17b9dba9155837012b6ea45f8ab98aa808146a7294bfbdc671dc6df38d4c8706
                                          • Opcode Fuzzy Hash: 980428db8704a20eaeacdd72c15d4ee7526e241881cb1464c0cf215e3fe2a4dc
                                          • Instruction Fuzzy Hash: 22219DB1504204AFEB21CF55DD84FA6FBACEF04710F04996AED869B242D778E409CA71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAA12, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FAA8C
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: f3fad7f38769393d4717f60cc26e111235a9063d5816fef8cf074db1ed004170
                                          • Instruction ID: 9870c3425ed320fbe80e4fcb95c48f6597fad0085abda39796ce98367f2448f0
                                          • Opcode Fuzzy Hash: f3fad7f38769393d4717f60cc26e111235a9063d5816fef8cf074db1ed004170
                                          • Instruction Fuzzy Hash: A5215CB1600604AFFB21CE59DD84F66BBECEF04724F08846AEA499B651D764E90CCA71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1B67, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetNetworkParams.IPHLPAPI(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED1BE8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: NetworkParams
                                          • String ID:
                                          • API String ID: 2134775280-0
                                          • Opcode ID: 2fc01f29ef5d9c54e310a23a201646a20bd3fb4a5b7a96237772fe79ae9def50
                                          • Instruction ID: f1e50e5d66ab7ff0e4eb896386b443fabe183c2146041cc3500a5aaa9de1fd47
                                          • Opcode Fuzzy Hash: 2fc01f29ef5d9c54e310a23a201646a20bd3fb4a5b7a96237772fe79ae9def50
                                          • Instruction Fuzzy Hash: 9B2190714093846FEB128B55DC84FA6FFB8EF46324F0884DAE9849B192C264A549CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2322, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • OpenFileMappingW.KERNELBASE(?,?), ref: 05ED238D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: FileMappingOpen
                                          • String ID:
                                          • API String ID: 1680863896-0
                                          • Opcode ID: 64cd13c68dfd1ffa1892ad6a09177e29b8cdcdcc8bf76da211c8963aa6fd928e
                                          • Instruction ID: 32671e51c28bd2d0a2134fb411588966169339e599afd4deb8aa4920fa720fc8
                                          • Opcode Fuzzy Hash: 64cd13c68dfd1ffa1892ad6a09177e29b8cdcdcc8bf76da211c8963aa6fd928e
                                          • Instruction Fuzzy Hash: D921F0B5500240AFFB20DF69DC84B6AFBE8FF04320F04806AEE848B241D371E404CA75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAFD4, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 013FB040
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: ef3726316c0ef438ee3ff1d93119cf4ce5a8072f120f4bf3aefbcd5342fc40dc
                                          • Instruction ID: b825d1f06da920371468c7aab630ff537499315deb2ed44ef4d07bbd9dbb6d92
                                          • Opcode Fuzzy Hash: ef3726316c0ef438ee3ff1d93119cf4ce5a8072f120f4bf3aefbcd5342fc40dc
                                          • Instruction Fuzzy Hash: 3621A1725093C05FDB138F25DC94692BFB4AF07224F0980DAED858F263D264A908CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1D6A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 05ED1DD6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Socket
                                          • String ID:
                                          • API String ID: 38366605-0
                                          • Opcode ID: 980133495c0834f0e6b603f9e538bcf2ba02ac1c9999f4fccf862f15f1c655a0
                                          • Instruction ID: 50c7d63de65913ea032a741c0dd4db53957bbfd8669b6c0cbc59ea0e070f3685
                                          • Opcode Fuzzy Hash: 980133495c0834f0e6b603f9e538bcf2ba02ac1c9999f4fccf862f15f1c655a0
                                          • Instruction Fuzzy Hash: AD21A171500640AFEB21DF65DD44B66FFE9EF08310F14846AED859B651D375A408CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1E2F, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • setsockopt.WS2_32(?,?,?,?,?), ref: 05ED1EAC
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: setsockopt
                                          • String ID:
                                          • API String ID: 3981526788-0
                                          • Opcode ID: 75807746f8eb61d13745672000cf6e8d6a9c6173c4ff8748a79c54131ad5614d
                                          • Instruction ID: 2175462764c1dcec9708ba41e3e8a5ed8b5d4138e38e25390a347a94c338796d
                                          • Opcode Fuzzy Hash: 75807746f8eb61d13745672000cf6e8d6a9c6173c4ff8748a79c54131ad5614d
                                          • Instruction Fuzzy Hash: 022189314093C0AFDB228F61D844AA6FFB4EF07320F0985DAE9C48F163C235A859CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2422, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: FileView
                                          • String ID:
                                          • API String ID: 3314676101-0
                                          • Opcode ID: df3a2d5d6cf9ef71fbca0e55323f20960a5d32040ac8b23ba425622c29b1e4f9
                                          • Instruction ID: 7d4a61740b56b132780e1f4559dabd5c3cb30a93d7c4b7f636fe91c39e4758aa
                                          • Opcode Fuzzy Hash: df3a2d5d6cf9ef71fbca0e55323f20960a5d32040ac8b23ba425622c29b1e4f9
                                          • Instruction Fuzzy Hash: 5821DE71400204AFE721CF59DC84FAAFBE8EF08324F04845EEA849B241D771B509CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB73E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32GetModuleInformation.KERNEL32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FB7A2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: InformationModule
                                          • String ID:
                                          • API String ID: 3425974696-0
                                          • Opcode ID: dad5ee27778c0767c5e8b0821571de3d5be4a5849a34db6d6077ff424603802c
                                          • Instruction ID: b254b4d43e6d639925ed59007ac6c1764aa5f01f53611c1f3b3e79525f83bcf5
                                          • Opcode Fuzzy Hash: dad5ee27778c0767c5e8b0821571de3d5be4a5849a34db6d6077ff424603802c
                                          • Instruction Fuzzy Hash: 2C117FB5500204AFEB21CF69DC85F6AFBACEF44324F18846AEE45CB655D664E408CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAAFB, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetWindowsHookExW.USER32(?,00000E2C,?,?), ref: 013FAB7E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: HookWindows
                                          • String ID:
                                          • API String ID: 2559412058-0
                                          • Opcode ID: 83d5ff133af98341f36c2403836c4de3bf17b7453550476366dd8d6d3f9017ca
                                          • Instruction ID: a229eb9debe733b9993550cc1957ea44cb6c05c4127f850bd120dc42e84a088d
                                          • Opcode Fuzzy Hash: 83d5ff133af98341f36c2403836c4de3bf17b7453550476366dd8d6d3f9017ca
                                          • Instruction Fuzzy Hash: 2021D6725493806FD312CB25DC41F72BFB8EF86720F09819AED848B652D231B915CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAC3B, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 013FACA8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: d49b903bc086adab87271b8452f5750ea687c76d150922a61d5abd5db57f9de6
                                          • Instruction ID: dde4fda459a569c3d995e769b149c12024dbf2ea4c193793488aa8c149cda003
                                          • Opcode Fuzzy Hash: d49b903bc086adab87271b8452f5750ea687c76d150922a61d5abd5db57f9de6
                                          • Instruction Fuzzy Hash: 9D218E754093C05FEB138B25D891792BFB4EF07224F0984EBED888F153D264A948CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2086, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED20F8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: d0fe230b0e101cd2173f5221b876b5095ac0d3cde5ec8e3564e092d018cd140d
                                          • Instruction ID: 4a964ab711a4e6c310a68624b718f9e3bd9bcdc4525e1d04cb3995525bc85dc5
                                          • Opcode Fuzzy Hash: d0fe230b0e101cd2173f5221b876b5095ac0d3cde5ec8e3564e092d018cd140d
                                          • Instruction Fuzzy Hash: 5111DFB5500304AFEB21CE55DC81FAAFBA8EF04320F04845AEA869B241D764E409CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED289E, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessTimes.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED28FD
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: ProcessTimes
                                          • String ID:
                                          • API String ID: 1995159646-0
                                          • Opcode ID: b943c3f4bc8df27f04ff06c55edbc5284539f7719653eeabcb00821b358c3c57
                                          • Instruction ID: c952408207805d50199d81c8e35c6434a57ad5ac25c4f3575d5ca95461b2239d
                                          • Opcode Fuzzy Hash: b943c3f4bc8df27f04ff06c55edbc5284539f7719653eeabcb00821b358c3c57
                                          • Instruction Fuzzy Hash: 1A110476900200AFFB21CFA5DC80FAAFBA8EF04320F04C46AEE858B251D774A405CB75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2EDA, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAEventSelect.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2F3E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: EventSelect
                                          • String ID:
                                          • API String ID: 31538577-0
                                          • Opcode ID: b277b503a71003bef5c3b426bdacd224b01be08192d07a6ffed46decef77b742
                                          • Instruction ID: 13137eb32195eeaa50a9eaa9cfea89262dd0561538ded4025f91b2edcbdc57f5
                                          • Opcode Fuzzy Hash: b277b503a71003bef5c3b426bdacd224b01be08192d07a6ffed46decef77b742
                                          • Instruction Fuzzy Hash: 2211B6B2800204AEEB11CF95DC84FAAFBACEF44320F14986BEE459B141D674A4058B71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB656, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32EnumProcessModules.KERNEL32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FB6B2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: EnumModulesProcess
                                          • String ID:
                                          • API String ID: 1082081703-0
                                          • Opcode ID: c5eb942d98a021c3aa3ae3247854bf00cfd533b6ea501074efc7aa37ae555902
                                          • Instruction ID: dd196d01edd5df16f86e6d147f69a8cbb978ca793a22ee98c74ff67abf0b45c9
                                          • Opcode Fuzzy Hash: c5eb942d98a021c3aa3ae3247854bf00cfd533b6ea501074efc7aa37ae555902
                                          • Instruction Fuzzy Hash: C811C1B1500204AFEB21CF69DC85BAAFBACEF44324F14846AFE499B641D774A408CB71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA836, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 013FA8A8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: ff1ef6b74e0b74309b981e18a469bfbcbd120aa56829b02e85aca45d280956a6
                                          • Instruction ID: 84d7c6fe538d0035b6f182f585eb6342ee0f144e050b8321b19769bc740e2bc8
                                          • Opcode Fuzzy Hash: ff1ef6b74e0b74309b981e18a469bfbcbd120aa56829b02e85aca45d280956a6
                                          • Instruction Fuzzy Hash: 4D21587140A3C45FDB138B259C94652BFB4DF07224F0980DBED858B1A3D2695908DB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA78B, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FA7F6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: d389fe8ce0b1f798f93db40ee69c74f5ae9d54aead2ccb45506599200f27d509
                                          • Instruction ID: 485d2a67142986c48c4d3a947013e3f6f5376020ffdd019927cf232c7c9ff1e1
                                          • Opcode Fuzzy Hash: d389fe8ce0b1f798f93db40ee69c74f5ae9d54aead2ccb45506599200f27d509
                                          • Instruction Fuzzy Hash: B2117271409380AFDB228F55DC44A62FFF4EF4A214F08859AED898B153D275A419DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB25A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • TerminateProcess.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 013FB2B0
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ProcessTerminate
                                          • String ID:
                                          • API String ID: 560597551-0
                                          • Opcode ID: e5f8d21f198efe68eeed338cb29f908ed7c2e2dd8a82388e722a68b62a7c71e1
                                          • Instruction ID: 5ca3eadf58e391637c6a5954d594f97a3446a05630e94d34bba9985bf0984412
                                          • Opcode Fuzzy Hash: e5f8d21f198efe68eeed338cb29f908ed7c2e2dd8a82388e722a68b62a7c71e1
                                          • Instruction Fuzzy Hash: E31106B5900204AFEB11CF69DC85BAAFBACEF45320F14C46AEE05CF245D674A4048BB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED10DA, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • setsockopt.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED1139
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: setsockopt
                                          • String ID:
                                          • API String ID: 3981526788-0
                                          • Opcode ID: 12238e34b3b819afdf9b1a1525e6f7eb4ccb5ad0a2ac5251c6c962203d06e8c1
                                          • Instruction ID: 865277cd284d970d299f9fae06ada790d1c3b8e50d80064e25a640af8d6dc1ec
                                          • Opcode Fuzzy Hash: 12238e34b3b819afdf9b1a1525e6f7eb4ccb5ad0a2ac5251c6c962203d06e8c1
                                          • Instruction Fuzzy Hash: F211A371500304AFEB21DF95DC84FAAFFA8EF44720F14946AEE899B251D774A409CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FBAEE, Relevance: 1.6, APIs: 1, Instructions: 60comclipboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OleGetClipboard.OLE32(?,00000E2C,?,?), ref: 013FBB66
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: Clipboard
                                          • String ID:
                                          • API String ID: 220874293-0
                                          • Opcode ID: 530830155f87f32dc532141d4b7547430bd6f91551846646db77946f272f21fa
                                          • Instruction ID: d289bbc920e1c418a8d014d16b56d1f8919f2c13404a5ee8542ec9df3c8e9f3e
                                          • Opcode Fuzzy Hash: 530830155f87f32dc532141d4b7547430bd6f91551846646db77946f272f21fa
                                          • Instruction Fuzzy Hash: C311C4715093806FC311CB65CC45F66FFB8EF86620F09819BED484B692D224B919CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1919, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE(?), ref: 05ED1978
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 046e0e56018f39714a0fa62cf1a4b802eeaf152c267b35a9c85aa9bee5bc402a
                                          • Instruction ID: 8408041f890e529c2b0d7861c418561616a52330d839f9807d39e7fc585447d1
                                          • Opcode Fuzzy Hash: 046e0e56018f39714a0fa62cf1a4b802eeaf152c267b35a9c85aa9bee5bc402a
                                          • Instruction Fuzzy Hash: 24118E715093C49FDB128F65D884A96BFB4EF06220F0884EBEC858F263C274A948CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2CF6, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          APIs
                                          • ioctlsocket.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2D4F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: ioctlsocket
                                          • String ID:
                                          • API String ID: 3577187118-0
                                          • Opcode ID: 06d798e1a49473ad770ce1c293f1dc42ef73c779d6f587f234a8afdda22ac825
                                          • Instruction ID: 5a05c54fcab2c10b12dc0a125b9e7c6a47b0ac56720f92158771e3f70a41214d
                                          • Opcode Fuzzy Hash: 06d798e1a49473ad770ce1c293f1dc42ef73c779d6f587f234a8afdda22ac825
                                          • Instruction Fuzzy Hash: B01125B5800204AFEB21CF55DC84FAAFBA8EF44320F18C46AEE489F241D774A405CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED27CE, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          • shutdown.WS2_32(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED2824
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: shutdown
                                          • String ID:
                                          • API String ID: 2510479042-0
                                          • Opcode ID: 6d23fdb9eb610b13023fcde1223e1e24c6871f87201ee21f78a26d4fd3238225
                                          • Instruction ID: 95f9169ddad873f67ec8e70847392c9d2be1e26e3c5ca56834451f612ca71ff0
                                          • Opcode Fuzzy Hash: 6d23fdb9eb610b13023fcde1223e1e24c6871f87201ee21f78a26d4fd3238225
                                          • Instruction Fuzzy Hash: 7711E975900244AFEB11CF55DC84FAAFB98EF44320F14D4AAEE489F241D774A405CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0300A7C6, Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500722433.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6db40d96f0bdb32433617178667254cc128b838848584b1fcffb31943946779e
                                          • Instruction ID: b5bdde513017c4e494bde5ef5538faa902a86063b05f8fba22d3247230185e6c
                                          • Opcode Fuzzy Hash: 6db40d96f0bdb32433617178667254cc128b838848584b1fcffb31943946779e
                                          • Instruction Fuzzy Hash: 77216D30E01259DFDB14DFA8D988A9EBBB5FF49344F158469D501BB280DB359881CF84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED06CE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05ED0737
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: f4ff0eba27eb1f9ecbd49a981e891cebf4e50efa6eed569e8d2c787b66aa87b7
                                          • Instruction ID: 1c771a145fea228eabb61733c14e53ef717012e11081fd8e9c9221c4da60a696
                                          • Opcode Fuzzy Hash: f4ff0eba27eb1f9ecbd49a981e891cebf4e50efa6eed569e8d2c787b66aa87b7
                                          • Instruction Fuzzy Hash: 4511E971500204AFF720DB15DD89FA6FBA8EF44720F14C45AEE455F281D2B4A545CAB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED2FBE, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED301D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: AdaptersAddresses
                                          • String ID:
                                          • API String ID: 2506852604-0
                                          • Opcode ID: 67c85c6c9878fc90091261109dbbbca1de18e5b30c86e95a370d810e9ee5829d
                                          • Instruction ID: b78e622eb48cb733f8a8abcc4e2bd0830a414932c48f3a386cb915adce37ea02
                                          • Opcode Fuzzy Hash: 67c85c6c9878fc90091261109dbbbca1de18e5b30c86e95a370d810e9ee5829d
                                          • Instruction Fuzzy Hash: 7C11C271400204AFEB21CF55DC80FAAFBA8EF48720F14C85AEE855B251D775A909DBB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED15D2, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: CloseFind
                                          • String ID:
                                          • API String ID: 1863332320-0
                                          • Opcode ID: 2761995e11b5cb4aea2c4a20ae749a63f0ca3f5fabfac94c78105b39fbbd8286
                                          • Instruction ID: 209497132ea9f34306e67f7f9451e287cb4802604f64124fd2923ea3d3c368fa
                                          • Opcode Fuzzy Hash: 2761995e11b5cb4aea2c4a20ae749a63f0ca3f5fabfac94c78105b39fbbd8286
                                          • Instruction Fuzzy Hash: B81191755093849FD7128F65DC85B52FFB8EF06220F0C84DAED898F262D275A848CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA078, Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: recv
                                          • String ID:
                                          • API String ID: 1507349165-0
                                          • Opcode ID: 277e498e0b866fe2a4241a70ba005a0242cb0bb65f7829bfbae5278a6fff78ff
                                          • Instruction ID: afb5a0316ea129ac2dce39760591d704890d4c64d85ac7779ee5e69d2d62f096
                                          • Opcode Fuzzy Hash: 277e498e0b866fe2a4241a70ba005a0242cb0bb65f7829bfbae5278a6fff78ff
                                          • Instruction Fuzzy Hash: 40118F75409384AFDB22CF55DC44B56FFB4EF45224F08C4AEED888B163D275A818DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1B92, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetNetworkParams.IPHLPAPI(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED1BE8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: NetworkParams
                                          • String ID:
                                          • API String ID: 2134775280-0
                                          • Opcode ID: 1574037904b7deec905d6a1a1b850014cc667cdd527e108058e56bbf3136e7e7
                                          • Instruction ID: 274a837a5a8cb60eb5948f7b27d1a505aa2ceadba755f4d696acef5f7c2ed199
                                          • Opcode Fuzzy Hash: 1574037904b7deec905d6a1a1b850014cc667cdd527e108058e56bbf3136e7e7
                                          • Instruction Fuzzy Hash: CF010471404204AEEB20CF55DC80FAAFBA8EF44320F14C49AEE489B281D674A445CAB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAD22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 013FAD6A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 537b7ca4ea585f7c2589e17ba3219df4f71abc3ce350bf8311581bf240522fff
                                          • Instruction ID: c823783eee804c89afd4d93f3314a90b4643c2e45b4e54d94daac5531c8147a6
                                          • Opcode Fuzzy Hash: 537b7ca4ea585f7c2589e17ba3219df4f71abc3ce350bf8311581bf240522fff
                                          • Instruction Fuzzy Hash: A911A1B5A002048FEB61DF69D884B56FBE8EF44225F08C46EEE49CB682D674E404CA71
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED0F4A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(?,00000E2C,DBD15A0B,00000000,00000000,00000000,00000000), ref: 05ED0F9D
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: b34cd42d25c520bebe8653ccb924fc62efaedec1b781e20e25354cbdbc58e042
                                          • Instruction ID: 22c50bd5c5a8af31dec58e8d3274eb8f43bf27172e29c30c25bce70d368230b7
                                          • Opcode Fuzzy Hash: b34cd42d25c520bebe8653ccb924fc62efaedec1b781e20e25354cbdbc58e042
                                          • Instruction Fuzzy Hash: 3701D671504204AEE720CF55DC85FAAFB98EF44720F18D456EE849B241D674A5058AB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED3092, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05ED30DE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Connect
                                          • String ID:
                                          • API String ID: 3144859779-0
                                          • Opcode ID: 2cbfc44705a6b128143cf1c9313ad0df915962d26170bbbce2cb43febb0f6325
                                          • Instruction ID: cd50aa5f15c4b1bc14babba4fb56f30d465aa8b85c59b2f5c6d1894d7209232f
                                          • Opcode Fuzzy Hash: 2cbfc44705a6b128143cf1c9313ad0df915962d26170bbbce2cb43febb0f6325
                                          • Instruction Fuzzy Hash: 1E115A755002049FEB21CF55D884BA6FBE4EF48320F0899AAED898B652D375A419CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 013FA1C2
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: Startup
                                          • String ID:
                                          • API String ID: 724789610-0
                                          • Opcode ID: ad4c5f6fe6f9cff9eb7a4f0c04c09dedc5b03a31d12ef6df99546b044c3b65f1
                                          • Instruction ID: dc92cb91a963230927b14ccdb2c9574701548c88e3db14897704c2fd68f0b638
                                          • Opcode Fuzzy Hash: ad4c5f6fe6f9cff9eb7a4f0c04c09dedc5b03a31d12ef6df99546b044c3b65f1
                                          • Instruction Fuzzy Hash: 09017171900200ABD710DF1ADC85B66FBE8FB88A20F14816AED089B645E675F915CBE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB366, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 013FB3B6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: FormatMessage
                                          • String ID:
                                          • API String ID: 1306739567-0
                                          • Opcode ID: f8046482b0c5ef3d1c10f6021aa5e9ebaead5caa232509b1eb98f46d92835213
                                          • Instruction ID: b804f4784b9db85974d41ef5a76832bbc2bc748a274898836aade51d42ad2085
                                          • Opcode Fuzzy Hash: f8046482b0c5ef3d1c10f6021aa5e9ebaead5caa232509b1eb98f46d92835213
                                          • Instruction Fuzzy Hash: F601B172900200ABD310DF1ADC85B26FBE8FB88B20F14812AED088B645E635F915CBE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB85E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 013FB8AE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: FileModuleName
                                          • String ID:
                                          • API String ID: 514040917-0
                                          • Opcode ID: 85d0b6ed9bce51f32b67a0a8a1eb77066512939da49407365ce02070f7879509
                                          • Instruction ID: b173aa008d325bf1d2812a4be66a4a3cde7f6c9cbb9b77c37cc2aa6928a07e04
                                          • Opcode Fuzzy Hash: 85d0b6ed9bce51f32b67a0a8a1eb77066512939da49407365ce02070f7879509
                                          • Instruction Fuzzy Hash: 3701B172900200ABD310DF1ADC85B26FBE8FB88B20F14812AED088B645E635F915CBE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA7B2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FA7F6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: e5e623c3af435c202625b966149091ef32d622b96c5c7862127f9d89d3c9d4c1
                                          • Instruction ID: 1cc94b5830571dea6885dcff129e1c98c49ce0afeca14b716f9ef3a586e28fc4
                                          • Opcode Fuzzy Hash: e5e623c3af435c202625b966149091ef32d622b96c5c7862127f9d89d3c9d4c1
                                          • Instruction Fuzzy Hash: 4B016D318006449FDB218F95D844B66FFE4EF48324F08C9AEEE494B652D375A419DFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1E6E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • setsockopt.WS2_32(?,?,?,?,?), ref: 05ED1EAC
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: setsockopt
                                          • String ID:
                                          • API String ID: 3981526788-0
                                          • Opcode ID: 20fb58ffa801ebb554eb59aff964826e702efbf7de251419f2b9037dfd6df555
                                          • Instruction ID: 77a3ebd5efbb5540907f46f410d10ed13806c8dd63015bf41d1bdda969de029d
                                          • Opcode Fuzzy Hash: 20fb58ffa801ebb554eb59aff964826e702efbf7de251419f2b9037dfd6df555
                                          • Instruction Fuzzy Hash: 7B019E71900244DFDB21CF95D984B66FFA5EF08320F08D4AAED894B216D375A419CBB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED1946, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE(?), ref: 05ED1978
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 0a93b4733c7fe94dc16460fa759585280abe81028985fcfb92e9ad31235f6f1c
                                          • Instruction ID: 1d9c19b9bbe15d3570898345b063a4784b010ac7214198badd57b5875de09182
                                          • Opcode Fuzzy Hash: 0a93b4733c7fe94dc16460fa759585280abe81028985fcfb92e9ad31235f6f1c
                                          • Instruction Fuzzy Hash: C7018F759142448FEB15CF69E9847A6FBA4EF44220F18D4AADD898B246D274A408CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED135E, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegEnumKeyExW.KERNELBASE(?,00000E2C,?,?), ref: 05ED13AE
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: Enum
                                          • String ID:
                                          • API String ID: 2928410991-0
                                          • Opcode ID: b5a59dbaa03cc38fb5eb4aa7fac9bf269e321393b251a7d27115d0b473f47709
                                          • Instruction ID: e8f9ce58407e116dbd30cbc8546920159188b18c8a6a9ab5d834c39035b24547
                                          • Opcode Fuzzy Hash: b5a59dbaa03cc38fb5eb4aa7fac9bf269e321393b251a7d27115d0b473f47709
                                          • Instruction Fuzzy Hash: 9001AD72500200ABD210DF1ADC86B26FBE8FB88B20F14C11AED084B745E635F915CBE6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB5BA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 013FB60A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 0efac4db3a867ed766911d494855fb006f4603997941b5cf653e50636519a086
                                          • Instruction ID: f8d2eac1083cee2af07dc639d738c053a03cb9119f0d7cffe9454bcf33713f22
                                          • Opcode Fuzzy Hash: 0efac4db3a867ed766911d494855fb006f4603997941b5cf653e50636519a086
                                          • Instruction Fuzzy Hash: AE01AD72500200ABD210DF1ADC86B26FBE8FB88B20F14C11AED084B745E675F915CBE6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAB2E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetWindowsHookExW.USER32(?,00000E2C,?,?), ref: 013FAB7E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: HookWindows
                                          • String ID:
                                          • API String ID: 2559412058-0
                                          • Opcode ID: 60f969937cab27b4e2b0cd479af30d8628a66cde524fb41fde704a45f027290f
                                          • Instruction ID: 172e69a8d11e008e575d3a04adcab2f8c1a22756b7d9be375adb51fee7bf3a7a
                                          • Opcode Fuzzy Hash: 60f969937cab27b4e2b0cd479af30d8628a66cde524fb41fde704a45f027290f
                                          • Instruction Fuzzy Hash: 4B01AD72500200ABD210DF1ADC86B26FBE8FB88B20F14C11AED084B745E635F915CBE6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FBB16, Relevance: 1.5, APIs: 1, Instructions: 43comclipboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OleGetClipboard.OLE32(?,00000E2C,?,?), ref: 013FBB66
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: Clipboard
                                          • String ID:
                                          • API String ID: 220874293-0
                                          • Opcode ID: 856181e47af9793cc9c2ee4cc89507e40113f5e162fe9bcf908256b8bd824f05
                                          • Instruction ID: 6cc91cca03e5e307d18c01bb8c70f088e0ca3c95ed393f7603f316d50b140207
                                          • Opcode Fuzzy Hash: 856181e47af9793cc9c2ee4cc89507e40113f5e162fe9bcf908256b8bd824f05
                                          • Instruction Fuzzy Hash: 5B01AD72500200ABD210DF1ADC86B26FBE8FB88B20F14815AED084B745E635F915CBE6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FB00E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 013FB040
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 50f56cfec1d1c99b3851d1eb012f06534a9d61b4fe0615505733fd4045de4ea1
                                          • Instruction ID: 8068bf213989d07c9e06cebb82119a10d721b5243ae1ebc69831bfd059cfe612
                                          • Opcode Fuzzy Hash: 50f56cfec1d1c99b3851d1eb012f06534a9d61b4fe0615505733fd4045de4ea1
                                          • Instruction Fuzzy Hash: AC01DFB55002458FDB10CF69E884756FBA8EF40224F08C0BADD598B646C374E408CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FAC76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 013FACA8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: a64981527214f2c03ba6f420ada8a7bf4d5de23310f380a99ba03941cbf4bae7
                                          • Instruction ID: 586351f63e7a29ea133e5bc7ec41ac6f217bc0f1f9b41dbab8ca48c0a01cd6f0
                                          • Opcode Fuzzy Hash: a64981527214f2c03ba6f420ada8a7bf4d5de23310f380a99ba03941cbf4bae7
                                          • Instruction Fuzzy Hash: 96018F759002448FDB11CF69E884766FBA8EF44724F18C4BEDD49CB652D278A408CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05ED15FE, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505132231.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                          Similarity
                                          • API ID: CloseFind
                                          • String ID:
                                          • API String ID: 1863332320-0
                                          • Opcode ID: 2a1cfe8f4f70e647c4ece85f0e199299a7f087a0d65426e2bc0b3991f6e10384
                                          • Instruction ID: 9b6c090c9b3ffa6f555c50500b3e2cb5792241855f5bc303529ff51ee1381735
                                          • Opcode Fuzzy Hash: 2a1cfe8f4f70e647c4ece85f0e199299a7f087a0d65426e2bc0b3991f6e10384
                                          • Instruction Fuzzy Hash: 7D01D1755002448FEB14CF19E884765FFA4EF04620F0CC0AADDA98B652D275A408CEB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA47A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: closesocket
                                          • String ID:
                                          • API String ID: 2781271927-0
                                          • Opcode ID: fc322930b1402ddcc938b3f470108a4a1cd5d88bc22817546f530a9a776b2467
                                          • Instruction ID: 7323dc443a9ae2260181b92224c9e93e171d4d663cb3aad8c929645846e07685
                                          • Opcode Fuzzy Hash: fc322930b1402ddcc938b3f470108a4a1cd5d88bc22817546f530a9a776b2467
                                          • Instruction Fuzzy Hash: 8801D1748002448FDB21CF59E888765FFA4EF44324F18C4AADE4C9F342D278A408CBB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013FA876, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 013FA8A8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500099061.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 4735c8ad376897cb4936a6f0a97752177886b559cb74e1c591414ba8539930ac
                                          • Instruction ID: 20f8a7fe7e00ac258bd09aa7dd467b839485fde44be7d214272326c47663cd88
                                          • Opcode Fuzzy Hash: 4735c8ad376897cb4936a6f0a97752177886b559cb74e1c591414ba8539930ac
                                          • Instruction Fuzzy Hash: D6F0FF308002448FEB20CF09D884765FFA4EF04324F08C09ADE490B352D3B8A809CEA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06481CF0, Relevance: .6, Instructions: 638COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2965004e3e2ead76169354fb236df75dc5f665c43659bfe7d4846b639186327d
                                          • Instruction ID: a7e8e54dab17a5d20d48b90840ce18c7701815f76392fb50e7043ff511917643
                                          • Opcode Fuzzy Hash: 2965004e3e2ead76169354fb236df75dc5f665c43659bfe7d4846b639186327d
                                          • Instruction Fuzzy Hash: 0132F120E883818DD7B6932845A476F2F929B93294F15C2D7D0A44F3FBD7B4C686C396
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06482BE8, Relevance: .5, Instructions: 459COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d70117058cf832e61f122b06da331b14a0862a1ca37b0e035ba693919735098e
                                          • Instruction ID: a0c2113e3b97c10f70a10b7491c07db4db3632a907a9b1deaa218ada1afe65e3
                                          • Opcode Fuzzy Hash: d70117058cf832e61f122b06da331b14a0862a1ca37b0e035ba693919735098e
                                          • Instruction Fuzzy Hash: 4CF1AC30B003058FDB56AB79881476E7BE2AF85304F1484BAD509DF396EE75CD86CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06483181, Relevance: .4, Instructions: 384COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af9182abbbfd7efdf2224ccd99e0bac189e531eb84d2ab86b1af77f72d279175
                                          • Instruction ID: 978f9e4c5974139f724a74ca86d7cd7a98ef79a05800d615a08256ccd9159abd
                                          • Opcode Fuzzy Hash: af9182abbbfd7efdf2224ccd99e0bac189e531eb84d2ab86b1af77f72d279175
                                          • Instruction Fuzzy Hash: 96E18F30A002098FDB66DFB8C854B9EBBB2EF85704F1485AAD509EB355DB34DD42CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06484200, Relevance: .3, Instructions: 318COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a27f366b2fbf25d96d7625b30856dfe8850cf66ed96c46ec1b462cc041ace1a6
                                          • Instruction ID: 73bbfbdda6980a487e2974808ffd3aecf987fcc417108dac893bef1dcc61ff53
                                          • Opcode Fuzzy Hash: a27f366b2fbf25d96d7625b30856dfe8850cf66ed96c46ec1b462cc041ace1a6
                                          • Instruction Fuzzy Hash: 73B1D134B042469FCB05ABB9D854AAE7BE6AFC4300F24846AE505DB3A4DF38CD46CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06481320, Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d043825cbd40104418aef0efa5a9cd174677f4a5e0b9e9ecc014c3d2debecf4a
                                          • Instruction ID: 4e83d3221f5da3c5c90eab9b3be8d2ffbe22cfb4b63f8300cb01ab2a3fde49f4
                                          • Opcode Fuzzy Hash: d043825cbd40104418aef0efa5a9cd174677f4a5e0b9e9ecc014c3d2debecf4a
                                          • Instruction Fuzzy Hash: D1A1CF30B0A3815FD75293748818AAA3FA5EFC2354F1580E7E585DF693EA298C4AC761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06483E82, Relevance: .3, Instructions: 300COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82aca58d3206a49ab08c13af8ee47c88218e904fd1037e6806969f6f56c212a6
                                          • Instruction ID: b297010e504d1e40097438d673f6d89602822a807d5d76cf0c3e044aab7f0958
                                          • Opcode Fuzzy Hash: 82aca58d3206a49ab08c13af8ee47c88218e904fd1037e6806969f6f56c212a6
                                          • Instruction Fuzzy Hash: B0A10470F042428FC756ABB894186BF7BE2EF96304F1584BAD645EB781EA35CC42C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064815B0, Relevance: .3, Instructions: 292COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2be107fdf38880d17f5785aca4f81ad07769f54de077a103ebb35ce1f07fbe0
                                          • Instruction ID: 29a54b485447e45aa788086f281ebb483a332fded6afe133aa6662b6c3dea607
                                          • Opcode Fuzzy Hash: d2be107fdf38880d17f5785aca4f81ad07769f54de077a103ebb35ce1f07fbe0
                                          • Instruction Fuzzy Hash: 44B1A230B00215DFCB55ABB8D858B9DBBE2AF84325F158626E1259F3D5DF31D842CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06483B5A, Relevance: .2, Instructions: 236COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f6e807058da91cce4d7043aff3ee17de05536089e8841527b34d2ebc3fad19c
                                          • Instruction ID: fa6b8b6815b54a1cedc18098690ce26695e62f748df6b90353aee6aa22c682fc
                                          • Opcode Fuzzy Hash: 4f6e807058da91cce4d7043aff3ee17de05536089e8841527b34d2ebc3fad19c
                                          • Instruction Fuzzy Hash: 86718D74F105515FEF66ABFCC84476F3ADAEB89B00F10482AE10ACB395CA69CD41D762
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06483B68, Relevance: .2, Instructions: 227COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23d8b34470d76707e66c4e3b9c1d5ec59462c8cba58f5fac0290cb42c720789f
                                          • Instruction ID: 0222953a949e489ec462bd244015035a0916011721ed2c27707c772470c0d8f5
                                          • Opcode Fuzzy Hash: 23d8b34470d76707e66c4e3b9c1d5ec59462c8cba58f5fac0290cb42c720789f
                                          • Instruction Fuzzy Hash: 18717B74F104515FEF66ABFCC44476E3ADAEB89B00F10482AE10ACB395CA69DD41D7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06480006, Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3eabe85cf8b4d44a84773e9842f7f47b9b9c6890112598ac4f222368bb390419
                                          • Instruction ID: bb2ec61ab40363c86e330c41df8dbff21811ef6d5d88162ea16b160f2e81d2aa
                                          • Opcode Fuzzy Hash: 3eabe85cf8b4d44a84773e9842f7f47b9b9c6890112598ac4f222368bb390419
                                          • Instruction Fuzzy Hash: 2351A234E063849FDB16EBB4D85469E7FF2EF86200F0448AAD445EF252DA348D81CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064828A0, Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85da5b0ac15b63d9ac6ed5f2904028a0222f741dc2c46f9cd5d43b32918ee484
                                          • Instruction ID: 11b58d15075e115463f6b5ddc60bb17109b14fa6fa8bb4247e75b09ae7f53ed1
                                          • Opcode Fuzzy Hash: 85da5b0ac15b63d9ac6ed5f2904028a0222f741dc2c46f9cd5d43b32918ee484
                                          • Instruction Fuzzy Hash: 2E51EF30F042459FDB65DBB9C8547AFBBE6AF84304F14846AE405AB3C1DBB89C45C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06484320, Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5521150cbaca66795b03949f7065551920e2433f7ea9329b0db216041c4dc782
                                          • Instruction ID: 69e88387c71887ac491649306a96d671cf973766e08f109c5aae30e0da746988
                                          • Opcode Fuzzy Hash: 5521150cbaca66795b03949f7065551920e2433f7ea9329b0db216041c4dc782
                                          • Instruction Fuzzy Hash: 25518E35B002059FCB05ABB9C4545AEBBA7BF88304B288429E5069B364DE35DD06CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064836CF, Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51207f0e7323039f0ffad03766e3c1d7093e4b6143a580011057c5a8b35144b9
                                          • Instruction ID: b1cb8d2a761c62ec99acab747ceee1e8e5c2a854a92b44bcd50cf0ef54a08793
                                          • Opcode Fuzzy Hash: 51207f0e7323039f0ffad03766e3c1d7093e4b6143a580011057c5a8b35144b9
                                          • Instruction Fuzzy Hash: E741F734B047848FD753A6B88814B6F7BE6DBC6B00F1584A7E509CF392E928CC46C361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06481A08, Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50eebdd7dd5475b3f769119d99ff347cf871a50ca69239ff2dada5ee3030dd02
                                          • Instruction ID: 77892bb09297e6d3f28ca7bdd7f5ff11e98e915d46ee40ede2fb91f63225ea62
                                          • Opcode Fuzzy Hash: 50eebdd7dd5475b3f769119d99ff347cf871a50ca69239ff2dada5ee3030dd02
                                          • Instruction Fuzzy Hash: A441B130F00215CFCB52AFBAD54859EBBF6FF88601B104429E506DB358EF348D028B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064835C8, Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6235ee3d79715f78c30512ae48ad813a37acd0e13c70e0b1b0a72193386adc27
                                          • Instruction ID: daa9e95c2752a6ac1d37df8971c40599a50400aa6230f2bb62cf46d67aa97a02
                                          • Opcode Fuzzy Hash: 6235ee3d79715f78c30512ae48ad813a37acd0e13c70e0b1b0a72193386adc27
                                          • Instruction Fuzzy Hash: 6221BF31F002159FDBA2BFFD891879E7AE5AB88B40F154429D605EB384EF348D41CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 064819A9, Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79b2ffaec0ea10b1471d1c5122cb6d336cc46c15ddebba76e8f20847fd708488
                                          • Instruction ID: 940724841f95cd63426cf3abebb2dec5bee1070cc0f8e3ca34d10882408ed32e
                                          • Opcode Fuzzy Hash: 79b2ffaec0ea10b1471d1c5122cb6d336cc46c15ddebba76e8f20847fd708488
                                          • Instruction Fuzzy Hash: 69210034B013869FC742ABB88814ABF3FE9EB85310B1040ABD545EB341EA24CD42C7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06481BC8, Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5d7f1339c92cdb41efce16f7b520ac76395fbfea58f0447ef3d0a1da1be67e3
                                          • Instruction ID: 2c4d48636ae80d561ece374e4326d18cb1a6c18f4b0df2fb05a5d4ae1b1add5e
                                          • Opcode Fuzzy Hash: c5d7f1339c92cdb41efce16f7b520ac76395fbfea58f0447ef3d0a1da1be67e3
                                          • Instruction Fuzzy Hash: 37210031B042845FC7569BB8C8086EF7FF9EB89300F0480BAE545DB382DA258C02C7E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06482708, Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0dc93b5fed80fabff0d8456c397485c3787126a8b01f1ca922d30eeedbd72a17
                                          • Instruction ID: 2575bc391e432323f50e435d07fe0b7cb255360bec0b85b33a4939713fb91af2
                                          • Opcode Fuzzy Hash: 0dc93b5fed80fabff0d8456c397485c3787126a8b01f1ca922d30eeedbd72a17
                                          • Instruction Fuzzy Hash: 4C21C230E01208AFDB45DBA8D844BEEBBF5FB85314F10807AE404AB791DB759C05CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06483780, Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63f98a991982e52f4deeb250c7fdf85f4e2bb5698cfb5e4ebcf02a5f09643e6e
                                          • Instruction ID: 064cabe228d8dd860b10db632e4ea43ebf781e094a827cdc6a37855edcb855eb
                                          • Opcode Fuzzy Hash: 63f98a991982e52f4deeb250c7fdf85f4e2bb5698cfb5e4ebcf02a5f09643e6e
                                          • Instruction Fuzzy Hash: 62117075F105054FDFA2BAAD8450B2F66D6DBC9B50F24882AE50ACB344EE25DC438791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06481C28, Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9551b37ab8615b5d8fb2ef650a7200f462b4147506de366df2902e1a154a7759
                                          • Instruction ID: ef40a0b354af50baa13e750f622a611717e7d1aa6e842dadceadc5d8c795e1fe
                                          • Opcode Fuzzy Hash: 9551b37ab8615b5d8fb2ef650a7200f462b4147506de366df2902e1a154a7759
                                          • Instruction Fuzzy Hash: 1F115E31F001088FCB95ABB9C4586DEBBEAAB88351B11497AD506E7380EE358D52C7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030F0820, Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500784398.00000000030F0000.00000040.00000040.sdmp, Offset: 030F0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e89bdbaf6a94d7daf0b6bb5475a4500cf437d4a9396d00de63bfc91200470c5d
                                          • Instruction ID: aeadac04297c91d82a1ac45322f6aa476a3be996c2ed25eea2509d37a051618e
                                          • Opcode Fuzzy Hash: e89bdbaf6a94d7daf0b6bb5475a4500cf437d4a9396d00de63bfc91200470c5d
                                          • Instruction Fuzzy Hash: 0221483550E3C18FC303CB60D8506A5BFB1AF47704F1A86DAD9C48B6A3C23A8816DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE300E, Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad70f0a5c150a2395f34f2fd1e66e27fde917ec96953eb14606fc39bd6440a68
                                          • Instruction ID: 6f9e9a98eaa4b812875ecb58121010a574e9b3ae2f6b5b13d07f1dc8607275f1
                                          • Opcode Fuzzy Hash: ad70f0a5c150a2395f34f2fd1e66e27fde917ec96953eb14606fc39bd6440a68
                                          • Instruction Fuzzy Hash: E921E5B5508341AFD340CF19D880A1BFBE4FF89664F04896EF888D7311D234E9088FA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030F0724, Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500784398.00000000030F0000.00000040.00000040.sdmp, Offset: 030F0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60a38828ebc9cf23a17061238a167e6a0488a95a63c7acf93d10175503a94dbb
                                          • Instruction ID: aa1a2e40c849c64af148a92e6bb0c774f77a92b25781d8d31178b528b43961c4
                                          • Opcode Fuzzy Hash: 60a38828ebc9cf23a17061238a167e6a0488a95a63c7acf93d10175503a94dbb
                                          • Instruction Fuzzy Hash: C9217F3550E3C48FC703CB20D850B55BFB1AF47204F1D85DAD8854B6A3C23A981ADB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE3A80, Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b253787f85f1fe08a6bb4e0574f5b842718ee52d0eba5b5b584f0c59b8bea341
                                          • Instruction ID: 466cf343152b8e5dd83f21b96a3c9ed647b4a082d4ced8e5f70bd5e27c961fba
                                          • Opcode Fuzzy Hash: b253787f85f1fe08a6bb4e0574f5b842718ee52d0eba5b5b584f0c59b8bea341
                                          • Instruction Fuzzy Hash: E511C9B5909341AFD350CF19D880A5BFBE4FBC8664F14896EF898D7311D235EA148FA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030F075C, Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500784398.00000000030F0000.00000040.00000040.sdmp, Offset: 030F0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c1d1098f1c7e92afa34edaa3d30fba7501e162ebf9358acb9626150f9e1e8bd
                                          • Instruction ID: 4d39c61e98eaf46d7bcab49f1b7901982c42e687a386c4aec40f80a2207d601c
                                          • Opcode Fuzzy Hash: 3c1d1098f1c7e92afa34edaa3d30fba7501e162ebf9358acb9626150f9e1e8bd
                                          • Instruction Fuzzy Hash: 76119035605344DFD715CB24C984B2ABBD5EB88708F28C9DCEA491BA53C77BD803CA51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06484752, Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2845917b8506cbe5188ca1ed408507e4fe5808917ca21378d2189ff51efe3119
                                          • Instruction ID: 844c2b80c91ef4312490e1db5c322b583cb90b6e4f78614dc4033ce01bc6872d
                                          • Opcode Fuzzy Hash: 2845917b8506cbe5188ca1ed408507e4fe5808917ca21378d2189ff51efe3119
                                          • Instruction Fuzzy Hash: 8E11AD30E402069FCB90EBA9D845BAFFBE5FB85310F10813AC518D7690D7359841CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE3924, Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b648cfaa3023f4368575e578dbd0959cb7fc733fa050ae92ff31c8016046358
                                          • Instruction ID: 8868f4467e704d678c29db5e5be7e2205851c935970f1cb2c8ccf3f9ca9b06e5
                                          • Opcode Fuzzy Hash: 3b648cfaa3023f4368575e578dbd0959cb7fc733fa050ae92ff31c8016046358
                                          • Instruction Fuzzy Hash: C211FAB5508301AFD350CF59DC80A5BFBE8EB88660F14C92EFD9997311D231E9088FA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06484760, Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3d9cff7eb99177cdcce2007bf7a8cc29c9c4e6a5022c991e15bcfb8c2cdec90
                                          • Instruction ID: c9b860cbda0f59e46050e9851aab3aada266bf2732ee7fae35a47fad97edd7ee
                                          • Opcode Fuzzy Hash: f3d9cff7eb99177cdcce2007bf7a8cc29c9c4e6a5022c991e15bcfb8c2cdec90
                                          • Instruction Fuzzy Hash: 69016D70E402069FCB80FBB9C8447AEBBE9FF45314F10443AD508D7240EB359900C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030F05CF, Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500784398.00000000030F0000.00000040.00000040.sdmp, Offset: 030F0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54747d87785d23723e2c0cbcce1f3da04060212db60389cf9f8cae6affee7721
                                          • Instruction ID: e57c4f3e1f0ef27e6fa553a2d7c86f4ee098d91b0018eec74e02f968d1ae9649
                                          • Opcode Fuzzy Hash: 54747d87785d23723e2c0cbcce1f3da04060212db60389cf9f8cae6affee7721
                                          • Instruction Fuzzy Hash: 2501D6725497846FC3128F16EC41857FFE8DF86230B0984ABEC49CB212D225B909CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0648414E, Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505483130.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7476c990022025becf0da65eb591b567abe7d5e75a5520f859ded77b37b197c2
                                          • Instruction ID: 1588c10ce1b1e3ba45cacc7669a1c6d2b11377a353f498f817f567f08dd9b75d
                                          • Opcode Fuzzy Hash: 7476c990022025becf0da65eb591b567abe7d5e75a5520f859ded77b37b197c2
                                          • Instruction Fuzzy Hash: C5F0CD76F005258FCB54BBB8B44826CBAE2AB98214B118878DA4993B44DF318E34C382
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030F0818, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500784398.00000000030F0000.00000040.00000040.sdmp, Offset: 030F0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                          • Instruction ID: 74c6c79b4769c3f64c20b8335560f5848577515dc886fe69f958dc0efad9f26b
                                          • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                          • Instruction Fuzzy Hash: A1F0FB35504645DFC616CB40D940B16FBA6EB89718F24C6E9E9490BA52C3379813DE81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 030F05F6, Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500784398.00000000030F0000.00000040.00000040.sdmp, Offset: 030F0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70de793a9f87a2b9c4ebd5dfb4c94e90dfd209fa0a92b32a054da3f8b367e8e0
                                          • Instruction ID: 49f6f83b76f1a553ac8207015936fc226809b82b55b6c459129ccc874b38089f
                                          • Opcode Fuzzy Hash: 70de793a9f87a2b9c4ebd5dfb4c94e90dfd209fa0a92b32a054da3f8b367e8e0
                                          • Instruction Fuzzy Hash: 81E092B66406044BD650CF0AFC81456F7D8EB84630718C47FDC0D8B701D139B508CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE3AEB, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cc4c276087adc129893f35afca66f3f72cc346f318dbaf8ba94595e84ce2142
                                          • Instruction ID: 012f911877da1b088a585d54fd8787198b7ef5d133e8c4e6feeba73e9da9d511
                                          • Opcode Fuzzy Hash: 2cc4c276087adc129893f35afca66f3f72cc346f318dbaf8ba94595e84ce2142
                                          • Instruction Fuzzy Hash: 83E0D8B25512046BD210CE0AEC81B22FB98DB84A30F14C56BED081F302D075B5148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE3083, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bf9bcbedbab7129cbe70a0d1f1c51c2a043a03187118decbd03aadccfa4cd56
                                          • Instruction ID: f39957e37dbd81741175b07fc5f7ef13d8b8eefa6d25836ba8f01cf775530f70
                                          • Opcode Fuzzy Hash: 6bf9bcbedbab7129cbe70a0d1f1c51c2a043a03187118decbd03aadccfa4cd56
                                          • Instruction Fuzzy Hash: 86E0D8B25512046BD210CF0AEC82B22FB58EB80A30F14C56BED081F302D075B5148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE3397, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b0e7a07d61fdf78e8dda62a499640ab972c280ca97b6e9cb1908cb9ff3768e0
                                          • Instruction ID: 8960d9a158cb50c62834ea36b356fca6d2d4f7eb797bc1e4dba505b11065a349
                                          • Opcode Fuzzy Hash: 2b0e7a07d61fdf78e8dda62a499640ab972c280ca97b6e9cb1908cb9ff3768e0
                                          • Instruction Fuzzy Hash: 02E0D8B25512046BD210DE4AEC81B23FB98DB80A30F14C56BED081F302D076B514CAF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 05EE3973, Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.505150765.0000000005EE0000.00000040.00000001.sdmp, Offset: 05EE0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50257888a9fd104298be97197882f603b44c4da3e9534e6e2f0aede0f4cc2b68
                                          • Instruction ID: 497c2aea8bc18921077351c4ec686636c93d38277c1084b628d4b85c6fa6d099
                                          • Opcode Fuzzy Hash: 50257888a9fd104298be97197882f603b44c4da3e9534e6e2f0aede0f4cc2b68
                                          • Instruction Fuzzy Hash: 9DE0D8B25412046BD250DE0AEC85B23FB98DB40A30F14C56BED0C1F302D176B5148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013F23F4, Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500076523.00000000013F2000.00000040.00000001.sdmp, Offset: 013F2000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5d6ab6cd9588c42e53093e748147a6a9897a8112cf06ee23c0696a10416ed18
                                          • Instruction ID: 0d2afa7263422aca76f6a5736abb1b7c6608d4e0e52edc50951fb4243933a8b8
                                          • Opcode Fuzzy Hash: c5d6ab6cd9588c42e53093e748147a6a9897a8112cf06ee23c0696a10416ed18
                                          • Instruction Fuzzy Hash: 4CD05E79205A818FE3278A1CC1A8B963FA4EF51B08F4644FEE9008B663C3A8D581D210
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013F23BC, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.500076523.00000000013F2000.00000040.00000001.sdmp, Offset: 013F2000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40a9ddd58994fff99f3719323c7061871205281daaf7a1310ea1a349a2a08dfa
                                          • Instruction ID: 95af47152ac07a5af45fd6fb1ee65d65153b043de86b600bc5dfff28b64d656c
                                          • Opcode Fuzzy Hash: 40a9ddd58994fff99f3719323c7061871205281daaf7a1310ea1a349a2a08dfa
                                          • Instruction Fuzzy Hash: 6ED05E742016818BD715DB1CC194F5A3BD4EB41B04F0644EDAD008B262C3A8E881C600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions