Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 03_extracted.exe

Overview

General Information

Sample Name:03_extracted.exe
Analysis ID:412751
MD5:43c4f163196ff02e7aa8c5040375fda4
SHA1:f826b410b31cb251dd85f3663735b2f410906517
SHA256:a585841f956f17925242996a98836b0d08767ddb179b4b41fd18a5de719c531c
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Yara detected AntiVM3
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 03_extracted.exe (PID: 5976 cmdline: 'C:\Users\user\Desktop\03_extracted.exe' MD5: 43C4F163196FF02E7AA8C5040375FDA4)
    • schtasks.exe (PID: 4652 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • 03_extracted.exe (PID: 5548 cmdline: {path} MD5: 43C4F163196FF02E7AA8C5040375FDA4)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "c687c38e-2b2d-4d96-b5eb-9a31ccba", "Group": "Sys", "Domain1": "sys2021.linkpc.net", "Domain2": "", "Port": 11940, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xff8d:$x1: NanoCore.ClientPluginHost
  • 0xffca:$x2: IClientNetworkHost
  • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfcf5:$a: NanoCore
    • 0xfd05:$a: NanoCore
    • 0xff39:$a: NanoCore
    • 0xff4d:$a: NanoCore
    • 0xff8d:$a: NanoCore
    • 0xfd54:$b: ClientPlugin
    • 0xff56:$b: ClientPlugin
    • 0xff96:$b: ClientPlugin
    • 0xfe7b:$c: ProjectData
    • 0x10882:$d: DESCrypto
    • 0x1824e:$e: KeepAlive
    • 0x1623c:$g: LogClientMessage
    • 0x12437:$i: get_Connected
    • 0x10bb8:$j: #=q
    • 0x10be8:$j: #=q
    • 0x10c04:$j: #=q
    • 0x10c34:$j: #=q
    • 0x10c50:$j: #=q
    • 0x10c6c:$j: #=q
    • 0x10c9c:$j: #=q
    • 0x10cb8:$j: #=q
    00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x33e5:$a: NanoCore
      • 0x343e:$a: NanoCore
      • 0x347b:$a: NanoCore
      • 0x34f4:$a: NanoCore
      • 0x16b9f:$a: NanoCore
      • 0x16bb4:$a: NanoCore
      • 0x16be9:$a: NanoCore
      • 0x2f663:$a: NanoCore
      • 0x2f678:$a: NanoCore
      • 0x2f6ad:$a: NanoCore
      • 0x3447:$b: ClientPlugin
      • 0x3484:$b: ClientPlugin
      • 0x3d82:$b: ClientPlugin
      • 0x3d8f:$b: ClientPlugin
      • 0x1695b:$b: ClientPlugin
      • 0x16976:$b: ClientPlugin
      • 0x169a6:$b: ClientPlugin
      • 0x16bbd:$b: ClientPlugin
      • 0x16bf2:$b: ClientPlugin
      • 0x2f41f:$b: ClientPlugin
      • 0x2f43a:$b: ClientPlugin
      Click to see the 15 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.03_extracted.exe.3dee43c.5.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xf7ad:$x1: NanoCore.ClientPluginHost
      • 0x28271:$x1: NanoCore.ClientPluginHost
      • 0xf7da:$x2: IClientNetworkHost
      • 0x2829e:$x2: IClientNetworkHost
      6.2.03_extracted.exe.3dee43c.5.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xf7ad:$x2: NanoCore.ClientPluginHost
      • 0x28271:$x2: NanoCore.ClientPluginHost
      • 0x10888:$s4: PipeCreated
      • 0x2934c:$s4: PipeCreated
      • 0xf7c7:$s5: IClientLoggingHost
      • 0x2828b:$s5: IClientLoggingHost
      6.2.03_extracted.exe.3dee43c.5.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        6.2.03_extracted.exe.5654629.11.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xb184:$x1: NanoCore.ClientPluginHost
        • 0xb1b1:$x2: IClientNetworkHost
        6.2.03_extracted.exe.5654629.11.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0xb184:$x2: NanoCore.ClientPluginHost
        • 0xc25f:$s4: PipeCreated
        • 0xb19e:$s5: IClientLoggingHost
        Click to see the 37 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\03_extracted.exe, ProcessId: 5548, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\03_extracted.exe, ProcessId: 5548, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\03_extracted.exe, ProcessId: 5548, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\03_extracted.exe, ProcessId: 5548, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "c687c38e-2b2d-4d96-b5eb-9a31ccba", "Group": "Sys", "Domain1": "sys2021.linkpc.net", "Domain2": "", "Port": 11940, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\LiydYED.exeReversingLabs: Detection: 41%
        Multi AV Scanner detection for submitted fileShow sources
        Source: 03_extracted.exeVirustotal: Detection: 41%Perma Link
        Source: 03_extracted.exeReversingLabs: Detection: 41%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORY
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPE
        Source: 6.2.03_extracted.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 6.2.03_extracted.exe.5650000.12.unpackAvira: Label: TR/NanoCore.fadte
        Source: 03_extracted.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: C:\Users\user\Desktop\03_extracted.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: 03_extracted.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: mscorrc.pdb source: 03_extracted.exe, 00000000.00000002.261775568.0000000007810000.00000002.00000001.sdmp, 03_extracted.exe, 00000006.00000002.497026294.00000000051D0000.00000002.00000001.sdmp

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs:
        Source: Malware configuration extractorURLs: sys2021.linkpc.net
        Source: global trafficTCP traffic: 192.168.2.5:49708 -> 79.137.109.121:11940
        Source: global trafficTCP traffic: 192.168.2.5:49716 -> 191.96.25.26:11940
        Source: Joe Sandbox ViewIP Address: 79.137.109.121 79.137.109.121
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownDNS traffic detected: queries for: sys2021.linkpc.net
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmp, 03_extracted.exe, 00000000.00000003.228394931.0000000005AAD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: 03_extracted.exe, 00000000.00000003.228394931.0000000005AAD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers4
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: 03_extracted.exe, 00000000.00000002.254191981.0000000005AA0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrita
        Source: 03_extracted.exe, 00000000.00000002.254191981.0000000005AA0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
        Source: 03_extracted.exe, 00000000.00000002.254191981.0000000005AA0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comt
        Source: 03_extracted.exe, 00000000.00000003.223324934.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: 03_extracted.exe, 00000000.00000003.223303861.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com0
        Source: 03_extracted.exe, 00000000.00000003.223286632.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comlo
        Source: 03_extracted.exe, 00000000.00000003.225848525.0000000005AAC000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: 03_extracted.exe, 00000000.00000003.224453104.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn#
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: 03_extracted.exe, 00000000.00000003.224684993.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnLog
        Source: 03_extracted.exe, 00000000.00000003.224684993.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cne
        Source: 03_extracted.exe, 00000000.00000003.224439658.0000000005ADD000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cng
        Source: 03_extracted.exe, 00000000.00000003.224439658.0000000005ADD000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnk-s
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/;
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a-e
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a-e$
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ita
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/-
        Source: 03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
        Source: 03_extracted.exe, 00000000.00000003.223195518.0000000005ABB000.00000004.00000001.sdmp, 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: 03_extracted.exe, 00000000.00000003.223195518.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com-d
        Source: 03_extracted.exe, 00000000.00000003.223195518.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comhe
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: 03_extracted.exe, 00000000.00000003.224075054.0000000005AA6000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krense
        Source: 03_extracted.exe, 00000000.00000003.224075054.0000000005AA6000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krt
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmp, 03_extracted.exe, 00000000.00000003.223530764.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: 03_extracted.exe, 00000000.00000003.223493292.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com.
        Source: 03_extracted.exe, 00000000.00000003.223512202.0000000005ABB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comc
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: 03_extracted.exe, 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORY
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000006.00000002.497217215.0000000005290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 6.2.03_extracted.exe.5290000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 6.2.03_extracted.exe.2db12e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_077A28A2 NtQuerySystemInformation,0_2_077A28A2
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_077A2868 NtQuerySystemInformation,0_2_077A2868
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_0504116A NtQuerySystemInformation,6_2_0504116A
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_0504112F NtQuerySystemInformation,6_2_0504112F
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_00FB608D0_2_00FB608D
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_00FB62810_2_00FB6281
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2ADE80_2_01C2ADE8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C269980_2_01C26998
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C225980_2_01C22598
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E5580_2_01C2E558
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2C0300_2_01C2C030
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C23BD80_2_01C23BD8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C24B400_2_01C24B40
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C25B600_2_01C25B60
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C236A00_2_01C236A0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C252680_2_01C25268
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2ADD80_2_01C2ADD8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C269800_2_01C26980
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C225880_2_01C22588
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E5440_2_01C2E544
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2A1500_2_01C2A150
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2A9500_2_01C2A950
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2A1600_2_01C2A160
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2A9600_2_01C2A960
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2B1080_2_01C2B108
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C281080_2_01C28108
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E91C0_2_01C2E91C
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E9240_2_01C2E924
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C280F80_2_01C280F8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2B0F80_2_01C2B0F8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E8FF0_2_01C2E8FF
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C288800_2_01C28880
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C288900_2_01C28890
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E8A30_2_01C2E8A3
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C28C480_2_01C28C48
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C28C580_2_01C28C58
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C240080_2_01C24008
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C240180_2_01C24018
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2C0200_2_01C2C020
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C29BC00_2_01C29BC0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2DFC00_2_01C2DFC0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2DFD00_2_01C2DFD0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E7800_2_01C2E780
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C29BB00_2_01C29BB0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C25B520_2_01C25B52
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E7560_2_01C2E756
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C24B280_2_01C24B28
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C276C00_2_01C276C0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2368F0_2_01C2368F
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C28A980_2_01C28A98
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C286A00_2_01C286A0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C28AA80_2_01C28AA8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C286B00_2_01C286B0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C276BA0_2_01C276BA
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C252590_2_01C25259
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2EE600_2_01C2EE60
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2E63E0_2_01C2E63E
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_07F3366F0_2_07F3366F
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_07F31BB80_2_07F31BB8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_07F31BA90_2_07F31BA9
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_07F317100_2_07F31710
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_07F317000_2_07F31700
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_07F32E270_2_07F32E27
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_0068608D6_2_0068608D
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_006862816_2_00686281
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_00F27AC16_2_00F27AC1
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F184686_2_04F18468
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F190686_2_04F19068
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F138506_2_04F13850
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F1AD386_2_04F1AD38
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F123A06_2_04F123A0
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F12FA86_2_04F12FA8
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F1306F6_2_04F1306F
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F1912F6_2_04F1912F
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_04F199106_2_04F19910
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\LiydYED.exe A585841F956F17925242996A98836B0D08767DDB179B4B41FD18A5DE719C531C
        Source: 03_extracted.exe, 00000000.00000002.263108086.00000000082B0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs 03_extracted.exe
        Source: 03_extracted.exe, 00000000.00000002.263108086.00000000082B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs 03_extracted.exe
        Source: 03_extracted.exe, 00000000.00000002.260983147.0000000007390000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs 03_extracted.exe
        Source: 03_extracted.exe, 00000000.00000002.261775568.0000000007810000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 03_extracted.exe
        Source: 03_extracted.exe, 00000000.00000000.222021679.0000000001072000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMXvDG34.exe< vs 03_extracted.exe
        Source: 03_extracted.exe, 00000000.00000002.260517395.0000000007190000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSmartFormat.dll8 vs 03_extracted.exe
        Source: 03_extracted.exe, 00000000.00000002.262495313.00000000081C0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000000.245773708.0000000000742000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMXvDG34.exe< vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000002.497026294.00000000051D0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000002.497543872.0000000005640000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000002.497327707.0000000005500000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000002.496826648.0000000005030000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000002.494608328.0000000002DA1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs 03_extracted.exe
        Source: 03_extracted.exe, 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 03_extracted.exe
        Source: 03_extracted.exeBinary or memory string: OriginalFilenameMXvDG34.exe< vs 03_extracted.exe
        Source: 03_extracted.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000006.00000002.497217215.0000000005290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000006.00000002.497217215.0000000005290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 6.2.03_extracted.exe.5290000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.5290000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 6.2.03_extracted.exe.2db12e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 03_extracted.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: LiydYED.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: classification engineClassification label: mal100.troj.evad.winEXE@6/4@9/2
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_077A27D2 AdjustTokenPrivileges,0_2_077A27D2
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_077A279B AdjustTokenPrivileges,0_2_077A279B
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_05040F2A AdjustTokenPrivileges,6_2_05040F2A
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_05040EF3 AdjustTokenPrivileges,6_2_05040EF3
        Source: C:\Users\user\Desktop\03_extracted.exeFile created: C:\Users\user\AppData\Roaming\LiydYED.exeJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Users\user\Desktop\03_extracted.exeMutant created: \Sessions\1\BaseNamedObjects\lsPvaxhQEBvPAUaKmBBEq
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5476:120:WilError_01
        Source: C:\Users\user\Desktop\03_extracted.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c687c38e-2b2d-4d96-b5eb-9a31ccba603d}
        Source: C:\Users\user\Desktop\03_extracted.exeFile created: C:\Users\user\AppData\Local\Temp\tmpE7C8.tmpJump to behavior
        Source: 03_extracted.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\03_extracted.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: 03_extracted.exeVirustotal: Detection: 41%
        Source: 03_extracted.exeReversingLabs: Detection: 41%
        Source: C:\Users\user\Desktop\03_extracted.exeFile read: C:\Users\user\Desktop\03_extracted.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\03_extracted.exe 'C:\Users\user\Desktop\03_extracted.exe'
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp'
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Users\user\Desktop\03_extracted.exe {path}
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Users\user\Desktop\03_extracted.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: 03_extracted.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: C:\Users\user\Desktop\03_extracted.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: 03_extracted.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: 03_extracted.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: mscorrc.pdb source: 03_extracted.exe, 00000000.00000002.261775568.0000000007810000.00000002.00000001.sdmp, 03_extracted.exe, 00000006.00000002.497026294.00000000051D0000.00000002.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: 03_extracted.exe, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: LiydYED.exe.0.dr, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.03_extracted.exe.fb0000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.2.03_extracted.exe.fb0000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 6.0.03_extracted.exe.680000.0.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 6.2.03_extracted.exe.680000.1.unpack, MainForm.cs.Net Code: _N_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 03_extracted.exeStatic PE information: 0xE963C9E9 [Fri Jan 29 19:18:01 2094 UTC]
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C285F8 pushfd ; retf 0_2_01C285F9
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_01C2DA2A push E9FFFFFFh; iretd 0_2_01C2DA2F
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_00F12BBD push cs; ret 6_2_00F12BEA
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_00F12BEC push cs; ret 6_2_00F12BEA
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_00F29D30 pushad ; retf 6_2_00F29D31
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_00F29D2C push eax; retf 6_2_00F29D2D
        Source: initial sampleStatic PE information: section name: .text entropy: 7.33039162712
        Source: initial sampleStatic PE information: section name: .text entropy: 7.33039162712
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 6.2.03_extracted.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\03_extracted.exeFile created: C:\Users\user\AppData\Roaming\LiydYED.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\03_extracted.exeFile opened: C:\Users\user\Desktop\03_extracted.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM3Show sources
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORY
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
        Source: C:\Users\user\Desktop\03_extracted.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: C:\Users\user\Desktop\03_extracted.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeWindow / User API: threadDelayed 386Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeWindow / User API: foregroundWindowGot 982Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 484Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 5308Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 5552Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 5552Thread sleep count: 177 > 30Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 5552Thread sleep count: 340 > 30Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 2832Thread sleep count: 386 > 30Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 5552Thread sleep count: 42 > 30Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 5552Thread sleep count: 39 > 30Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exe TID: 2200Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_05040BB6 GetSystemInfo,6_2_05040BB6
        Source: C:\Users\user\Desktop\03_extracted.exeThread delayed: delay time: 31500Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: 03_extracted.exe, 00000000.00000002.248085000.0000000001777000.00000004.00000001.sdmpBinary or memory string: VMware
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
        Source: 03_extracted.exe, 00000006.00000002.497327707.0000000005500000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: (r#"SOFTWARE\VMware, Inc.\VMware Tools
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: (r&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: 03_extracted.exe, 00000000.00000002.248085000.0000000001777000.00000004.00000001.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwarePOM8ROR6Win32_VideoControllerCG2C6NP_VideoController120060621000000.000000-00078815997display.infMSBDA59MHOK6SPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsL_AN_91M(U
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: 03_extracted.exe, 00000006.00000002.497327707.0000000005500000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: 03_extracted.exe, 00000006.00000002.497327707.0000000005500000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: 03_extracted.exe, 00000000.00000002.248945960.00000000038E1000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
        Source: 03_extracted.exe, 00000006.00000002.497327707.0000000005500000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\Desktop\03_extracted.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\03_extracted.exeMemory written: C:\Users\user\Desktop\03_extracted.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeProcess created: C:\Users\user\Desktop\03_extracted.exe {path}Jump to behavior
        Source: 03_extracted.exe, 00000006.00000003.361963605.00000000060AD000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: 03_extracted.exe, 00000006.00000002.492878895.0000000001410000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: 03_extracted.exe, 00000006.00000002.492878895.0000000001410000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: 03_extracted.exe, 00000006.00000002.492878895.0000000001410000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
        Source: 03_extracted.exe, 00000006.00000002.495587124.0000000002E5A000.00000004.00000001.sdmpBinary or memory string: Program Managerp
        Source: 03_extracted.exe, 00000006.00000002.495587124.0000000002E5A000.00000004.00000001.sdmpBinary or memory string: Program Manager0
        Source: 03_extracted.exe, 00000006.00000002.492878895.0000000001410000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
        Source: 03_extracted.exe, 00000006.00000002.492878895.0000000001410000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: 03_extracted.exe, 00000006.00000002.495587124.0000000002E5A000.00000004.00000001.sdmpBinary or memory string: Program Manager`p
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 0_2_077A1382 GetUserNameA,0_2_077A1382
        Source: C:\Users\user\Desktop\03_extracted.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORY
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: 03_extracted.exe, 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 03_extracted.exe, 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 03_extracted.exe, 00000006.00000002.494608328.0000000002DA1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5976, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 03_extracted.exe PID: 5548, type: MEMORY
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5654629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3dee43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3de9606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.3df2a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.03_extracted.exe.5650000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4c88090.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4a679c8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.03_extracted.exe.4b68c38.2.raw.unpack, type: UNPACKEDPE
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_0504247A bind,6_2_0504247A
        Source: C:\Users\user\Desktop\03_extracted.exeCode function: 6_2_05042428 bind,6_2_05042428

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools1Input Capture11Account Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information2Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing13NTDSSecurity Software Discovery311Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsVirtualization/Sandbox Evasion131VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion131DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection112/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Hidden Files and Directories1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        03_extracted.exe41%VirustotalBrowse
        03_extracted.exe41%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\LiydYED.exe41%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        6.2.03_extracted.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        6.2.03_extracted.exe.5650000.12.unpack100%AviraTR/NanoCore.fadteDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/a-e0%Avira URL Cloudsafe
        http://www.sandoll.co.krense0%Avira URL Cloudsafe
        http://www.tiro.com.0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.fontbureau.comgrita0%URL Reputationsafe
        http://www.fontbureau.comgrita0%URL Reputationsafe
        http://www.fontbureau.comgrita0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/a-e$0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.sajatypeworks.comhe0%Avira URL Cloudsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.founder.com.cn/cng0%Avira URL Cloudsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.founder.com.cn/cne0%Avira URL Cloudsafe
        http://www.founder.com.cn/cnLog0%Avira URL Cloudsafe
        http://www.sandoll.co.krt0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.sajatypeworks.com-d0%Avira URL Cloudsafe
        http://www.fonts.comlo0%Avira URL Cloudsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/;0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/;0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/;0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
        http://www.fontbureau.comt0%URL Reputationsafe
        http://www.fontbureau.comt0%URL Reputationsafe
        http://www.fontbureau.comt0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/ita0%Avira URL Cloudsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/-0%Avira URL Cloudsafe
        http://www.fonts.com00%Avira URL Cloudsafe
        http://www.founder.com.cn/cnk-s0%Avira URL Cloudsafe
        http://www.tiro.comc0%URL Reputationsafe
        http://www.tiro.comc0%URL Reputationsafe
        http://www.tiro.comc0%URL Reputationsafe
        http://www.founder.com.cn/cn#0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        sys2021.linkpc.net
        		79.137.109.121
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          true
          • Avira URL Cloud: safe
          		low
          sys2021.linkpc.netfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.fontbureau.com/designersG03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
              		high
              http://www.fontbureau.com/designers/?03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                		high
                http://www.founder.com.cn/cn/bThe03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/a-e03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fontbureau.com/designers?03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                  		high
                  http://www.sandoll.co.krense03_extracted.exe, 00000000.00000003.224075054.0000000005AA6000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.tiro.com.03_extracted.exe, 00000000.00000003.223493292.0000000005ABB000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.tiro.com03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmp, 03_extracted.exe, 00000000.00000003.223530764.0000000005ABB000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmp, 03_extracted.exe, 00000000.00000003.228394931.0000000005AAD000.00000004.00000001.sdmpfalse
                    		high
                    http://www.goodfont.co.kr03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.sajatypeworks.com03_extracted.exe, 00000000.00000003.223195518.0000000005ABB000.00000004.00000001.sdmp, 03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netD03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cThe03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htm03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.com03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.comgrita03_extracted.exe, 00000000.00000002.254191981.0000000005AA0000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/a-e$03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.galapagosdesign.com/DPlease03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.sajatypeworks.comhe03_extracted.exe, 00000000.00000003.223195518.0000000005ABB000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fonts.com03_extracted.exe, 00000000.00000003.223324934.0000000005ABB000.00000004.00000001.sdmpfalse
                      		high
                      http://www.sandoll.co.kr03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.urwpp.deDPlease03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cn03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cng03_extracted.exe, 00000000.00000003.224439658.0000000005ADD000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.sakkal.com03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cne03_extracted.exe, 00000000.00000003.224684993.0000000005AA4000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.003_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                          		high
                          http://www.founder.com.cn/cnLog03_extracted.exe, 00000000.00000003.224684993.0000000005AA4000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.sandoll.co.krt03_extracted.exe, 00000000.00000003.224075054.0000000005AA6000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/jp/03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.sajatypeworks.com-d03_extracted.exe, 00000000.00000003.223195518.0000000005ABB000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fonts.comlo03_extracted.exe, 00000000.00000003.223286632.0000000005ABB000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.carterandcone.coml03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/;03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/cabarga.htmlN03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn03_extracted.exe, 00000000.00000003.225848525.0000000005AAC000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-jones.html03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                              		high
                              http://www.jiyu-kobo.co.jp/s03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comt03_extracted.exe, 00000000.00000002.254191981.0000000005AA0000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/03_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/ita03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.como03_extracted.exe, 00000000.00000002.254191981.0000000005AA0000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/jp/-03_extracted.exe, 00000000.00000003.226058625.0000000005AA4000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers803_extracted.exe, 00000000.00000002.254230229.0000000005B90000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fonts.com003_extracted.exe, 00000000.00000003.223303861.0000000005ABB000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.founder.com.cn/cnk-s03_extracted.exe, 00000000.00000003.224439658.0000000005ADD000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.tiro.comc03_extracted.exe, 00000000.00000003.223512202.0000000005ABB000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn#03_extracted.exe, 00000000.00000003.224453104.0000000005AA4000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.com/designers403_extracted.exe, 00000000.00000003.228394931.0000000005AAD000.00000004.00000001.sdmpfalse
                                  		high

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  191.96.25.26
                                  		unknownChile
                                  		40676AS40676USfalse
                                  79.137.109.121
                                  		sys2021.linkpc.netFrance
                                  		16276OVHFRfalse

                                  General Information

                                  Joe Sandbox Version:32.0.0 Black Diamond
                                  Analysis ID:412751
                                  Start date:12.05.2021
                                  Start time:22:39:18
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 8m 0s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:03_extracted.exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:29
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@6/4@9/2
                                  EGA Information:Failed
                                  HDC Information:
                                  • Successful, ratio: 0.1% (good quality ratio 0%)
                                  • Quality average: 0%
                                  • Quality standard deviation: 0%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 428
                                  • Number of non-executed functions: 32
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .exe
                                  Warnings:
                                  Show All
                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                  • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 13.64.90.137, 20.82.209.183, 93.184.220.29, 184.30.21.144, 104.43.193.48, 23.57.80.111, 20.49.157.6, 92.122.213.247, 92.122.213.194, 2.20.142.209, 2.20.143.16, 20.54.26.129, 20.50.102.62
                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  22:40:14API Interceptor945x Sleep call for process: 03_extracted.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  191.96.25.26Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                    Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                      Spec_PDF.vbsGet hashmaliciousBrowse
                                        SpecPDF.vbsGet hashmaliciousBrowse
                                          79.137.109.121Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                            Transcation03232016646pdf.exeGet hashmaliciousBrowse
                                              NEW SC #ORDER.exeGet hashmaliciousBrowse
                                                NEW SC #ORDER.exeGet hashmaliciousBrowse
                                                  NEW SC.exeGet hashmaliciousBrowse
                                                    NEW SC.exeGet hashmaliciousBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      sys2021.linkpc.netInvoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                      • 87.98.245.48
                                                      Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                      • 79.137.109.121
                                                      Spec_PDF.vbsGet hashmaliciousBrowse
                                                      • 105.112.11.245
                                                      SpecPDF.vbsGet hashmaliciousBrowse
                                                      • 179.43.166.32

                                                      ASN

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      AS40676US0987654332.exeGet hashmaliciousBrowse
                                                      • 107.160.232.135
                                                      POI09876OIUY.exeGet hashmaliciousBrowse
                                                      • 107.160.232.135
                                                      Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                      • 191.96.25.26
                                                      GLqbDRKePPp16Zr.exeGet hashmaliciousBrowse
                                                      • 107.160.234.116
                                                      f41e9f9d_by_Libranalysis.exeGet hashmaliciousBrowse
                                                      • 107.160.177.197
                                                      Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                      • 191.96.25.26
                                                      2f50000.exeGet hashmaliciousBrowse
                                                      • 38.39.192.78
                                                      PT6-1152.docGet hashmaliciousBrowse
                                                      • 45.61.136.72
                                                      PT6-1152.docGet hashmaliciousBrowse
                                                      • 45.61.136.72
                                                      wMqdemYyHm.exeGet hashmaliciousBrowse
                                                      • 104.217.141.249
                                                      70pGP1JaCf6M0kf.exeGet hashmaliciousBrowse
                                                      • 107.160.232.135
                                                      Spec_PDF.vbsGet hashmaliciousBrowse
                                                      • 191.96.25.26
                                                      8CgG2kY3Ow.dllGet hashmaliciousBrowse
                                                      • 45.61.138.153
                                                      DHL_S390201.exeGet hashmaliciousBrowse
                                                      • 45.34.249.30
                                                      978463537_BL FOR APPROVAL.docGet hashmaliciousBrowse
                                                      • 45.34.114.71
                                                      SpecPDF.vbsGet hashmaliciousBrowse
                                                      • 191.96.25.26
                                                      7mB68AZqJs.exeGet hashmaliciousBrowse
                                                      • 104.217.143.44
                                                      q3uHPdoxWP.exeGet hashmaliciousBrowse
                                                      • 172.107.55.6
                                                      NMpDBwHJP8.exeGet hashmaliciousBrowse
                                                      • 172.107.55.6
                                                      OrSxEMsYDA.exeGet hashmaliciousBrowse
                                                      • 107.160.118.15
                                                      OVHFRhLrFhmoMMg.exeGet hashmaliciousBrowse
                                                      • 51.195.61.169
                                                      350969bc_by_Libranalysis.exeGet hashmaliciousBrowse
                                                      • 51.222.80.112
                                                      Copy-384955799-05102021.xlsmGet hashmaliciousBrowse
                                                      • 167.114.48.59
                                                      Copy-384955799-05102021.xlsmGet hashmaliciousBrowse
                                                      • 167.114.48.59
                                                      Copy-384955799-05102021.xlsmGet hashmaliciousBrowse
                                                      • 167.114.48.59
                                                      DHL_Shipment11052021pdf.exeGet hashmaliciousBrowse
                                                      • 51.210.201.99
                                                      A6FAm1ae1j.exeGet hashmaliciousBrowse
                                                      • 217.182.77.10
                                                      INV74321.exeGet hashmaliciousBrowse
                                                      • 87.98.148.38
                                                      aa04cdcc_by_Libranalysis.exeGet hashmaliciousBrowse
                                                      • 46.105.217.100
                                                      correct invoice.exeGet hashmaliciousBrowse
                                                      • 213.186.33.5
                                                      Kb0p7FYmN0yNdzP.exeGet hashmaliciousBrowse
                                                      • 66.70.204.222
                                                      551f47ac_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                      • 193.70.33.51
                                                      guluh4pYFQybxL8.exeGet hashmaliciousBrowse
                                                      • 66.70.204.222
                                                      qA9D8QVC4LrzlPR.exeGet hashmaliciousBrowse
                                                      • 66.70.204.222
                                                      OLy4KI85kB3HENF.exeGet hashmaliciousBrowse
                                                      • 66.70.204.222
                                                      generated purchase order 6149057.xlsmGet hashmaliciousBrowse
                                                      • 158.69.48.225
                                                      scan of document 5336227.xlsmGet hashmaliciousBrowse
                                                      • 145.239.93.251
                                                      67w7Ez6lvb.exeGet hashmaliciousBrowse
                                                      • 91.121.251.178
                                                      generated check 8460.xlsmGet hashmaliciousBrowse
                                                      • 145.239.93.251
                                                      export of bill 896621.xlsmGet hashmaliciousBrowse
                                                      • 193.70.33.51

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      C:\Users\user\AppData\Roaming\LiydYED.exeInvoice No F1019855_PDF.vbsGet hashmaliciousBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\03_extracted.exe.log
                                                        Process:C:\Users\user\Desktop\03_extracted.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):655
                                                        Entropy (8bit):5.273171405160065
                                                        Encrypted:false
                                                        SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
                                                        MD5:2703120C370FBB4A8BA08C6D1754039E
                                                        SHA1:EC0DB47BF00A4A828F796147619386C0BBEA66A1
                                                        SHA-256:F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
                                                        SHA-512:BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
                                                        Malicious:true
                                                        Reputation:moderate, very likely benign file
                                                        Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..
                                                        C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp
                                                        Process:C:\Users\user\Desktop\03_extracted.exe
                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1644
                                                        Entropy (8bit):5.168034599644377
                                                        Encrypted:false
                                                        SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBhtn:cbhC7ZlNQF/rydbz9I3YODOLNdq3d
                                                        MD5:774DF64BD8637D20678EC5B636C078F6
                                                        SHA1:027CD9FEB42E61AF4A6A7E4C13F7835CC9FAB454
                                                        SHA-256:5B86A79F159C9724A9AC8BCE9E68D56FB54092931B5656B626D19AAE1D68929B
                                                        SHA-512:87EF5A78C8A50A3D98F72B229E5B4C6FA23198E572C03723345FB7CCE7001753D073085D8A3F09E2196F610EA4606FE4378262F97A7BC8358BE04B4D78194DC7
                                                        Malicious:true
                                                        Reputation:low
                                                        Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                                                        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                        Process:C:\Users\user\Desktop\03_extracted.exe
                                                        File Type:International EBCDIC text, with NEL line terminators
                                                        Category:dropped
                                                        Size (bytes):8
                                                        Entropy (8bit):3.0
                                                        Encrypted:false
                                                        SSDEEP:3:gw8n:gj
                                                        MD5:D24B6D1F3C25FABB06DAD0E517C8684F
                                                        SHA1:A8BA98E9F68D2563C94CBAE5D26B7C4DFE5AD3F2
                                                        SHA-256:BB554C96F80D4024210AA29BABC04017C642382793EAE8992541466E7A9ECDAF
                                                        SHA-512:E8FE15EDABC35C61D88243C39FF0C174D0BA0AC065A0908270D31672B208046C181BEC769654614D40635625CCFE7D659997E4B6651795AC4189BB46B42BEE99
                                                        Malicious:true
                                                        Reputation:low
                                                        Preview: .e....H
                                                        C:\Users\user\AppData\Roaming\LiydYED.exe
                                                        Process:C:\Users\user\Desktop\03_extracted.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):784896
                                                        Entropy (8bit):7.328703413450174
                                                        Encrypted:false
                                                        SSDEEP:12288:OoLLoS60/K7yh036vCww4Scd3IGj483ESuvkuDKsjLtZTMfLodiMW2G:OoLA3AScdYKSvkItxeUdinh
                                                        MD5:43C4F163196FF02E7AA8C5040375FDA4
                                                        SHA1:F826B410B31CB251DD85F3663735B2F410906517
                                                        SHA-256:A585841F956F17925242996A98836B0D08767DDB179B4B41FD18A5DE719C531C
                                                        SHA-512:264FB4514257080068CEC2915BE6F81EA759812F059B9B969B2F40EE6E502497F22F66C0EFE9B2F5736D6C61F1C7967E9F801B1DF33D100261D4A1B560DDEF7E
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 41%
                                                        Joe Sandbox View:
                                                        • Filename: Invoice No F1019855_PDF.vbs, Detection: malicious, Browse
                                                        Reputation:low
                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c...............0.............:.... ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text...@.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........e..,~......v...$....)...........................................0...........r...p.+..*..0...........r...p.+..*".(.....*.0..C........(L...&............(....h}........( ...h}.......(!... ......(V...&*>...("...(.....*..0..C........(L...&............(....h}........( ...h}.......(!... ......(V...&*>...("...(.....*..0..2..........(#.....($........,...(!......(%....(&...(.....*>...("...(.....*...0................b`.+..*...(!... .......(....h..( ...h(....(Q...&*..0..........

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.328703413450174
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Windows Screen Saver (13104/52) 0.07%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        File name:03_extracted.exe
                                                        File size:784896
                                                        MD5:43c4f163196ff02e7aa8c5040375fda4
                                                        SHA1:f826b410b31cb251dd85f3663735b2f410906517
                                                        SHA256:a585841f956f17925242996a98836b0d08767ddb179b4b41fd18a5de719c531c
                                                        SHA512:264fb4514257080068cec2915be6f81ea759812f059b9b969b2f40ee6e502497f22f66c0efe9b2f5736d6c61f1c7967e9f801b1df33d100261d4a1b560ddef7e
                                                        SSDEEP:12288:OoLLoS60/K7yh036vCww4Scd3IGj483ESuvkuDKsjLtZTMfLodiMW2G:OoLA3AScdYKSvkItxeUdinh
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c...............0.............:.... ... ....@.. .......................`............@................................

                                                        File Icon

                                                        Icon Hash:00828e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4c0e3a
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                        Time Stamp:0xE963C9E9 [Fri Jan 29 19:18:01 2094 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:v2.0.50727
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc0de80x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc20000x5b4.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc40000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xc0dcc0x1c.text
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000xbee400xbf000False0.734753354058data7.33039162712IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                        .rsrc0xc20000x5b40x600False0.422526041667data4.1233888382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xc40000xc0x200False0.041015625data0.0776331623432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        RT_VERSION0xc20900x324data
                                                        RT_MANIFEST0xc23c40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Version Infos

                                                        DescriptionData
                                                        Translation0x0000 0x04b0
                                                        LegalCopyrightCopyright 2021
                                                        Assembly Version1.0.0.0
                                                        InternalNameMXvDG34.exe
                                                        FileVersion1.0.0.0
                                                        CompanyName
                                                        LegalTrademarks
                                                        Comments
                                                        ProductNameHandle Leaker
                                                        ProductVersion1.0.0.0
                                                        FileDescriptionHandle Leaker
                                                        OriginalFilenameMXvDG34.exe

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 12, 2021 22:40:20.181857109 CEST4970811940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:20.394779921 CEST119404970879.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:20.950453043 CEST4970811940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:21.189028025 CEST119404970879.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:21.841078997 CEST4970811940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:22.051414013 CEST119404970879.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:26.391540051 CEST4971111940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:26.647887945 CEST119404971179.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:27.153624058 CEST4971111940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:27.435940027 CEST119404971179.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:27.950536013 CEST4971111940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:28.265122890 CEST119404971179.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:32.368869066 CEST4971311940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:32.684233904 CEST119404971379.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:33.275163889 CEST4971311940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:33.567784071 CEST119404971379.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:34.169770002 CEST4971311940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:34.445559025 CEST119404971379.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:38.557212114 CEST4971611940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:38.746800900 CEST1194049716191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:39.342087984 CEST4971611940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:39.532274008 CEST1194049716191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:40.045340061 CEST4971611940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:40.235362053 CEST1194049716191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:44.265254021 CEST4971711940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:44.454807997 CEST1194049717191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:45.155085087 CEST4971711940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:45.344358921 CEST1194049717191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:45.952081919 CEST4971711940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:46.143121004 CEST1194049717191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:50.316963911 CEST4971811940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:50.506433010 CEST1194049718191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:51.155723095 CEST4971811940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:51.345418930 CEST1194049718191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:51.952533960 CEST4971811940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:40:52.142770052 CEST1194049718191.96.25.26192.168.2.5
                                                        May 12, 2021 22:40:56.248692036 CEST4972111940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:56.577107906 CEST119404972179.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:57.172049999 CEST4972111940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:57.421186924 CEST119404972179.137.109.121192.168.2.5
                                                        May 12, 2021 22:40:57.984330893 CEST4972111940192.168.2.579.137.109.121
                                                        May 12, 2021 22:40:58.203782082 CEST119404972179.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:02.311530113 CEST4972211940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:02.654825926 CEST119404972279.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:03.156591892 CEST4972211940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:03.392868042 CEST119404972279.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:03.906749010 CEST4972211940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:04.130737066 CEST119404972279.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:08.254611969 CEST4972411940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:08.598133087 CEST119404972479.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:09.110224962 CEST4972411940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:09.371365070 CEST119404972479.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:09.876256943 CEST4972411940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:10.128433943 CEST119404972479.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:14.143450975 CEST4972711940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:14.332782984 CEST1194049727191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:14.845030069 CEST4972711940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:15.034599066 CEST1194049727191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:15.548228979 CEST4972711940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:15.738030910 CEST1194049727191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:19.753288984 CEST4973311940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:19.942635059 CEST1194049733191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:20.454910994 CEST4973311940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:20.644310951 CEST1194049733191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:21.158118963 CEST4973311940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:21.348942995 CEST1194049733191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:25.364053965 CEST4973411940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:25.555480003 CEST1194049734191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:26.064924955 CEST4973411940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:26.254933119 CEST1194049734191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:26.768134117 CEST4973411940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:41:26.958157063 CEST1194049734191.96.25.26192.168.2.5
                                                        May 12, 2021 22:41:32.345263004 CEST4973511940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:32.657366991 CEST119404973579.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:33.159749031 CEST4973511940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:39.159621954 CEST4973511940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:49.543638945 CEST4973711940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:49.747009993 CEST119404973779.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:50.254332066 CEST4973711940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:50.544728994 CEST119404973779.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:51.051290989 CEST4973711940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:51.286560059 CEST119404973779.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:55.388365984 CEST4973911940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:55.648849964 CEST119404973979.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:56.162950993 CEST4973911940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:56.385699034 CEST119404973979.137.109.121192.168.2.5
                                                        May 12, 2021 22:41:56.895621061 CEST4973911940192.168.2.579.137.109.121
                                                        May 12, 2021 22:41:57.121793985 CEST119404973979.137.109.121192.168.2.5
                                                        May 12, 2021 22:42:01.133452892 CEST4974011940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:01.322891951 CEST1194049740191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:01.833502054 CEST4974011940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:02.022944927 CEST1194049740191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:02.536616087 CEST4974011940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:02.726476908 CEST1194049740191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:06.742265940 CEST4974111940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:06.935261965 CEST1194049741191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:07.443434954 CEST4974111940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:07.636456013 CEST1194049741191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:08.146445036 CEST4974111940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:08.339524031 CEST1194049741191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:12.350824118 CEST4974211940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:12.544262886 CEST1194049742191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:13.053170919 CEST4974211940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:13.247064114 CEST1194049742191.96.25.26192.168.2.5
                                                        May 12, 2021 22:42:13.756397963 CEST4974211940192.168.2.5191.96.25.26
                                                        May 12, 2021 22:42:13.950043917 CEST1194049742191.96.25.26192.168.2.5

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 12, 2021 22:39:59.130805016 CEST5430253192.168.2.58.8.8.8
                                                        May 12, 2021 22:39:59.170433998 CEST5378453192.168.2.58.8.8.8
                                                        May 12, 2021 22:39:59.195631027 CEST6530753192.168.2.58.8.8.8
                                                        May 12, 2021 22:39:59.198559999 CEST53543028.8.8.8192.168.2.5
                                                        May 12, 2021 22:39:59.219163895 CEST53537848.8.8.8192.168.2.5
                                                        May 12, 2021 22:39:59.253983021 CEST53653078.8.8.8192.168.2.5
                                                        May 12, 2021 22:39:59.303869009 CEST6434453192.168.2.58.8.8.8
                                                        May 12, 2021 22:39:59.355463982 CEST53643448.8.8.8192.168.2.5
                                                        May 12, 2021 22:39:59.490895987 CEST6206053192.168.2.58.8.8.8
                                                        May 12, 2021 22:39:59.549663067 CEST53620608.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:00.382235050 CEST6180553192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:00.430938005 CEST53618058.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:01.343189955 CEST5479553192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:01.402440071 CEST53547958.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:01.485665083 CEST4955753192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:01.534554005 CEST53495578.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:02.369940042 CEST6173353192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:02.418869972 CEST53617338.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:03.499629974 CEST6544753192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:03.548351049 CEST53654478.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:04.678842068 CEST5244153192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:04.737075090 CEST53524418.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:05.802606106 CEST6217653192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:05.851377010 CEST53621768.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:06.729510069 CEST5959653192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:06.778430939 CEST53595968.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:07.734236956 CEST6529653192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:07.786509037 CEST53652968.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:08.685148954 CEST6318353192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:08.735106945 CEST53631838.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:09.624185085 CEST6015153192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:09.675853968 CEST53601518.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:19.997391939 CEST5696953192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:20.157730103 CEST53569698.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:26.209935904 CEST5516153192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:26.390404940 CEST53551618.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:27.417108059 CEST5475753192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:27.476603031 CEST53547578.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:32.305219889 CEST4999253192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:32.367516041 CEST53499928.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:37.018873930 CEST6007553192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:37.093877077 CEST53600758.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:51.300076962 CEST5501653192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:51.362493038 CEST53550168.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:54.686959028 CEST6434553192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:54.748883963 CEST53643458.8.8.8192.168.2.5
                                                        May 12, 2021 22:40:56.189538002 CEST5712853192.168.2.58.8.8.8
                                                        May 12, 2021 22:40:56.247328043 CEST53571288.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:02.251971960 CEST5479153192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:02.310091972 CEST53547918.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:03.510574102 CEST5046353192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:03.661768913 CEST53504638.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:08.195278883 CEST5039453192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:08.252734900 CEST53503948.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:12.564413071 CEST5853053192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:12.630131960 CEST53585308.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:15.441653013 CEST5381353192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:15.506529093 CEST53538138.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:32.280656099 CEST6373253192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:32.342036963 CEST53637328.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:48.390013933 CEST5734453192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:48.462822914 CEST53573448.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:49.484816074 CEST5445053192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:49.542527914 CEST53544508.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:50.027245045 CEST5926153192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:50.084286928 CEST53592618.8.8.8192.168.2.5
                                                        May 12, 2021 22:41:55.326957941 CEST5715153192.168.2.58.8.8.8
                                                        May 12, 2021 22:41:55.386250973 CEST53571518.8.8.8192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        May 12, 2021 22:40:19.997391939 CEST192.168.2.58.8.8.80xe9bcStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:40:26.209935904 CEST192.168.2.58.8.8.80x79c1Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:40:32.305219889 CEST192.168.2.58.8.8.80x641cStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:40:56.189538002 CEST192.168.2.58.8.8.80x6c41Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:02.251971960 CEST192.168.2.58.8.8.80x3616Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:08.195278883 CEST192.168.2.58.8.8.80x91cStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:32.280656099 CEST192.168.2.58.8.8.80x4eddStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:49.484816074 CEST192.168.2.58.8.8.80x6b4aStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:55.326957941 CEST192.168.2.58.8.8.80x6736Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        May 12, 2021 22:40:20.157730103 CEST8.8.8.8192.168.2.50xe9bcNo error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:40:26.390404940 CEST8.8.8.8192.168.2.50x79c1No error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:40:32.367516041 CEST8.8.8.8192.168.2.50x641cNo error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:40:56.247328043 CEST8.8.8.8192.168.2.50x6c41No error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:02.310091972 CEST8.8.8.8192.168.2.50x3616No error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:08.252734900 CEST8.8.8.8192.168.2.50x91cNo error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:32.342036963 CEST8.8.8.8192.168.2.50x4eddNo error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:49.542527914 CEST8.8.8.8192.168.2.50x6b4aNo error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)
                                                        May 12, 2021 22:41:55.386250973 CEST8.8.8.8192.168.2.50x6736No error (0)sys2021.linkpc.net79.137.109.121A (IP address)IN (0x0001)

                                                        Code Manipulations

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        Analysis Process: 03_extracted.exe PID: 5976 Parent PID: 5744

                                                        General

                                                        Start time:22:40:06
                                                        Start date:12/05/2021
                                                        Path:C:\Users\user\Desktop\03_extracted.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\03_extracted.exe'
                                                        Imagebase:0xfb0000
                                                        File size:784896 bytes
                                                        MD5 hash:43C4F163196FF02E7AA8C5040375FDA4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, Author: Florian Roth
                                                        • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.252199912.00000000048E1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                        Reputation:low

                                                        Chronological Activities

                                                        Analysis Process: schtasks.exe PID: 4652 Parent PID: 5976

                                                        General

                                                        Start time:22:40:16
                                                        Start date:12/05/2021
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LiydYED' /XML 'C:\Users\user\AppData\Local\Temp\tmpE7C8.tmp'
                                                        Imagebase:0xbc0000
                                                        File size:185856 bytes
                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Chronological Activities

                                                        Analysis Process: conhost.exe PID: 5476 Parent PID: 4652

                                                        General

                                                        Start time:22:40:16
                                                        Start date:12/05/2021
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7ecfc0000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Chronological Activities

                                                        Analysis Process: 03_extracted.exe PID: 5548 Parent PID: 5976

                                                        General

                                                        Start time:22:40:17
                                                        Start date:12/05/2021
                                                        Path:C:\Users\user\Desktop\03_extracted.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:{path}
                                                        Imagebase:0x680000
                                                        File size:784896 bytes
                                                        MD5 hash:43C4F163196FF02E7AA8C5040375FDA4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                        • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: NanoCore, Description: unknown, Source: 00000006.00000002.489322816.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                        • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: NanoCore, Description: unknown, Source: 00000006.00000002.496381211.0000000003DE7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000006.00000002.497217215.0000000005290000.00000004.00000001.sdmp, Author: Florian Roth
                                                        • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000006.00000002.497217215.0000000005290000.00000004.00000001.sdmp, Author: Florian Roth
                                                        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, Author: Florian Roth
                                                        • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, Author: Florian Roth
                                                        • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000006.00000002.497557539.0000000005650000.00000004.00000001.sdmp, Author: Joe Security
                                                        Reputation:low

                                                        Chronological Activities

                                                        Disassembly

                                                        Code Analysis

                                                        Reset < >

                                                          Analysis Process: 03_extracted.exe PID: 5976 Parent PID: 5744 03_extracted.exeCOMMON

                                                          Executed Functions

                                                          Function 07F3366F, Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: q=S$q=S$kCd
                                                          • API String ID: 0-4131342096
                                                          • Opcode ID: 7d581ea167d769f1c5353e07d71049b4068addbdd10fc9e2ac07ed3ac53fac2e
                                                          • Instruction ID: a31e0e65c204fe800aefadf46503624b9c4abbd089e0480eaf4811aca034252c
                                                          • Opcode Fuzzy Hash: 7d581ea167d769f1c5353e07d71049b4068addbdd10fc9e2ac07ed3ac53fac2e
                                                          • Instruction Fuzzy Hash: DF7144B1C29219CFCB14CFA5D580AADFBB5FF4A341F14691AD416BB214D334A902CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25259, Relevance: 3.9, Strings: 3, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: lbhl$lbhlv _$v _
                                                          • API String ID: 0-2807443833
                                                          • Opcode ID: 36f24746525822d3488b29669764b843bad248e705cb9f5e72877021515eef21
                                                          • Instruction ID: 0da873309c0ca1d2f9cb3c1dd0a6247f7df78f48c16986af43799f1420269a8a
                                                          • Opcode Fuzzy Hash: 36f24746525822d3488b29669764b843bad248e705cb9f5e72877021515eef21
                                                          • Instruction Fuzzy Hash: D15105B1D04619CFCB08CFAAC8455EEFBF2FB89310F15A06AD415BB254D7788A41CB69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25268, Relevance: 3.9, Strings: 3, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: lbhl$lbhlv _$v _
                                                          • API String ID: 0-2807443833
                                                          • Opcode ID: f6542d13918fe8d51cca268c293f17c556d3e9c2cb7326abc96f24c5b457fe6a
                                                          • Instruction ID: 6e62a2b06098ae3b6f8bc61a1abf0fd8836be3e773085c46e862b5c849d04b88
                                                          • Opcode Fuzzy Hash: f6542d13918fe8d51cca268c293f17c556d3e9c2cb7326abc96f24c5b457fe6a
                                                          • Instruction Fuzzy Hash: A14114B1D04219CFCB08CFAAC8415EEFBB2FB88301F24E06AD815B7254D7749A41CB68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2368F, Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r$X1(r
                                                          • API String ID: 0-542892166
                                                          • Opcode ID: 7fa9874bbdbe95635f57641fc8f0034f7fa4b657333c93df73207b5318b5d5d6
                                                          • Instruction ID: 033beb47d05760a1173ea3c72d309285e2e4939e9e91c30c1ef46ac31adc4ff7
                                                          • Opcode Fuzzy Hash: 7fa9874bbdbe95635f57641fc8f0034f7fa4b657333c93df73207b5318b5d5d6
                                                          • Instruction Fuzzy Hash: 3051B2B4E01218DFDB58DFAAD940AAEBBF2FF88700F14806AE505AB354DB359941CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23BD8, Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r$X1(r
                                                          • API String ID: 0-542892166
                                                          • Opcode ID: e65d5e66fe88e3e44f2f5b43ec5c9289516fe0ad6ae4aeaa26419fb3debb10e0
                                                          • Instruction ID: b4a6de858a7d44e3ef2cc8f91e8a7d87da7e62b428e81620e47993cd81489eae
                                                          • Opcode Fuzzy Hash: e65d5e66fe88e3e44f2f5b43ec5c9289516fe0ad6ae4aeaa26419fb3debb10e0
                                                          • Instruction Fuzzy Hash: 1D51B1B4E04259DFDB04DFAAC980AAEFBF2FF88300F249569D514AB255D7349A41CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C236A0, Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r$X1(r
                                                          • API String ID: 0-542892166
                                                          • Opcode ID: 1b7dc721b0438448a4f899adb227ad6fa7ad112ad2c60c4b10512c6414563218
                                                          • Instruction ID: 3bc11ddfe8030af6a82daf84d3709d9bc158ca59503f6976603110383e8d71ef
                                                          • Opcode Fuzzy Hash: 1b7dc721b0438448a4f899adb227ad6fa7ad112ad2c60c4b10512c6414563218
                                                          • Instruction Fuzzy Hash: 9751B3B4E01218DFDB58DFAAD940AAEFBF2BF88700F14806AE515AB354DB349941CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C22598, Relevance: 2.2, Strings: 1, Instructions: 910COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r
                                                          • API String ID: 0-3909273932
                                                          • Opcode ID: 8e1f09c0077724f93f90ee2d585087ed7665b8d9dce0ed1c4aa50872224c8ec0
                                                          • Instruction ID: 5914a54e78530dcc549d8b2aa1d42cec935ca651857aaf8ebe4b905725ec6e4d
                                                          • Opcode Fuzzy Hash: 8e1f09c0077724f93f90ee2d585087ed7665b8d9dce0ed1c4aa50872224c8ec0
                                                          • Instruction Fuzzy Hash: 5F92B571D05268CFEB68CFAAC8487EDFAF5BB89305F1480EAD509A6251D7744AC9CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C22588, Relevance: 1.8, Strings: 1, Instructions: 568COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r
                                                          • API String ID: 0-3909273932
                                                          • Opcode ID: 912d6c91206cc07eb3122c0049654975faa108ce62845184eb74bbd72162c018
                                                          • Instruction ID: 4be0514339c4133c7e32ddd9ee1dffd954a8590f2575abbbbae71c9d0b3c181b
                                                          • Opcode Fuzzy Hash: 912d6c91206cc07eb3122c0049654975faa108ce62845184eb74bbd72162c018
                                                          • Instruction Fuzzy Hash: 1152F575D05268CFEB28CFA6C8587EDBAF6BB88305F1480E9C509A7291D7744B89CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A279B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 077A281B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: AdjustPrivilegesToken
                                                          • String ID:
                                                          • API String ID: 2874748243-0
                                                          • Opcode ID: 1332d66f33d4c8292e717d29523668f56f16c3d6528e794d26f14faaafff24ec
                                                          • Instruction ID: 7af902524d7fa761f110f44f61771b48b98bff5aebeb09ebbe3e4ef034b72cd1
                                                          • Opcode Fuzzy Hash: 1332d66f33d4c8292e717d29523668f56f16c3d6528e794d26f14faaafff24ec
                                                          • Instruction Fuzzy Hash: 4F21B1B5509380AFEB128F25DC40B52BFF4EF46210F0885EAE9848B163D270D908CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1382, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserNameA.ADVAPI32(?,00000E2C), ref: 077A13E9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID:
                                                          • API String ID: 2645101109-0
                                                          • Opcode ID: f0884df46d50940243c4a47b0dc1efe310f48d4793406a917cb1c8b1286e4f58
                                                          • Instruction ID: 5b740da00bc7e0f8041df94655099d17dcdd0262198dde921c42d286ebdb757c
                                                          • Opcode Fuzzy Hash: f0884df46d50940243c4a47b0dc1efe310f48d4793406a917cb1c8b1286e4f58
                                                          • Instruction Fuzzy Hash: B311D6B2500204AFF710DF69DC85FAAFBACEF44310F14896AED45DB281D674A404CBB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2868, Relevance: 1.6, APIs: 1, Instructions: 62nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 077A28DD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 782c2689712a556f614dde1ef6ac6a36e61c9511caaed304a9d69d9c6305b727
                                                          • Instruction ID: 1f09d6d7377622146065704814e90dc1e48cb12c3288b19d3462cc170299d18b
                                                          • Opcode Fuzzy Hash: 782c2689712a556f614dde1ef6ac6a36e61c9511caaed304a9d69d9c6305b727
                                                          • Instruction Fuzzy Hash: 3A2190724097C49FEB128B21DC45A62BFB4EF47714F0D84CAE9C44F163D265A908DB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A27D2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 077A281B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: AdjustPrivilegesToken
                                                          • String ID:
                                                          • API String ID: 2874748243-0
                                                          • Opcode ID: fffec98705398618eac70f70faafbd471d8009056e6620d0613531bce805cd56
                                                          • Instruction ID: 56611d5a0522c58ca29719d7b30037f8e6f5b3d5486148035cc39141547e8bfb
                                                          • Opcode Fuzzy Hash: fffec98705398618eac70f70faafbd471d8009056e6620d0613531bce805cd56
                                                          • Instruction Fuzzy Hash: 23115EB55002059FEB20CF55D884B56FBE4FF84620F08C97AED59CB652D275E418CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A28A2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 077A28DD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 5da59698f9d25e54de614695344e1299f187d528003a41765eeb8b1c5e72b784
                                                          • Instruction ID: 9fdb3c89e9df9ed4871235868a648b232bf4ac4b336c6555626b374f4cf39bf9
                                                          • Opcode Fuzzy Hash: 5da59698f9d25e54de614695344e1299f187d528003a41765eeb8b1c5e72b784
                                                          • Instruction Fuzzy Hash: 73018FB1414204AFEB208F15D884B25FFA4FF88720F08C59AED994B652D275E418CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C26980, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GsX
                                                          • API String ID: 0-3761113861
                                                          • Opcode ID: dfb24f6c3df9c6a427f4a000c4272c4796fe4f500578c6b93e85285cf70235bb
                                                          • Instruction ID: cf8a7dc1ef8f2e1bce4170b041b6de2a43d18fd7d87af166ebfb46d061e12ba1
                                                          • Opcode Fuzzy Hash: dfb24f6c3df9c6a427f4a000c4272c4796fe4f500578c6b93e85285cf70235bb
                                                          • Instruction Fuzzy Hash: 82C15D74D0522ADFCB14DFA5C9808AEFBB1FF49311B1495AAD802BB214C730DA91CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C26998, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GsX
                                                          • API String ID: 0-3761113861
                                                          • Opcode ID: 223c54343e9c0876430e74a93c988901c7e64d5cf513e57cfc41c7f8c2c1aeee
                                                          • Instruction ID: 8cb698840d0ea0829608390bcad90e3953daec254a1218f1910893ce614e6f72
                                                          • Opcode Fuzzy Hash: 223c54343e9c0876430e74a93c988901c7e64d5cf513e57cfc41c7f8c2c1aeee
                                                          • Instruction Fuzzy Hash: 8BC14B7490522ADFCB14DFA5C9808AEFBB1FF49311F2495A9D806BB214C730DA91CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2ADD8, Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: u<B
                                                          • API String ID: 0-3419542075
                                                          • Opcode ID: e3543258dbd282074e14711ce193439ed58de5ab5dbc6f01603b5f6f4fd5100a
                                                          • Instruction ID: fe85e4272de3a12cfc5f64cba7cdb9b2d8b50bfbb2a1c1f4073f892c431daadd
                                                          • Opcode Fuzzy Hash: e3543258dbd282074e14711ce193439ed58de5ab5dbc6f01603b5f6f4fd5100a
                                                          • Instruction Fuzzy Hash: CE516B70D0521ACFCB04CFAAC9409AEFBF2BF89310F14966AD410BB695D738DA41CB65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2ADE8, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: u<B
                                                          • API String ID: 0-3419542075
                                                          • Opcode ID: 80555ee4777b2a604730a167dcc61ddaa6f3f2f6cbc4a345ef0cc49aae60575e
                                                          • Instruction ID: 5ac76633ea5cdcfd2fab35a96fbadeabd56927cbba36c22b03f14f0812149208
                                                          • Opcode Fuzzy Hash: 80555ee4777b2a604730a167dcc61ddaa6f3f2f6cbc4a345ef0cc49aae60575e
                                                          • Instruction Fuzzy Hash: 62515C70D0521ACFCB04CFAAC9409AEFBB6FF89310F149669D414BB694D738DA41CB65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E558, Relevance: .2, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 253edc75d22ff2562675589a93340c53eb66354803693c0f16f49457d3ca133c
                                                          • Instruction ID: 77481bb2094c71556754b80412bada49a747ac83a6e9640fc8b5357917e6f10e
                                                          • Opcode Fuzzy Hash: 253edc75d22ff2562675589a93340c53eb66354803693c0f16f49457d3ca133c
                                                          • Instruction Fuzzy Hash: 93810274D04229CFDF24CFA5C944AAEBBB1BB49304F10916AD80ABB258EB349A41CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E544, Relevance: .2, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e91f3158f69ae519a58e5ae409bc41f5cb100cace6d4699789b76aedc7b61fe6
                                                          • Instruction ID: 42e6df47b123dcbde58b8b89fe4284337c83b7156280d7e376e92398efdf52b9
                                                          • Opcode Fuzzy Hash: e91f3158f69ae519a58e5ae409bc41f5cb100cace6d4699789b76aedc7b61fe6
                                                          • Instruction Fuzzy Hash: B98102B4D04229CFDF64CFA5C944AADBBB1FF49304F10916AD409BB258EB349A41CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C24B28, Relevance: .2, Instructions: 172COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 18068cb8b31e02dafcab72e8ff02b812851a1bcbec09bb3e9d6a4c32a9e006d7
                                                          • Instruction ID: fc1981bdd9d4ad527eab79e15be0b041f33e9a4a99e5b2645611034d85129e45
                                                          • Opcode Fuzzy Hash: 18068cb8b31e02dafcab72e8ff02b812851a1bcbec09bb3e9d6a4c32a9e006d7
                                                          • Instruction Fuzzy Hash: 6C71D274D05619DFDB08CFA9C994AAEFBB2FF89300F10816AD406AB354DB349A42CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C24B40, Relevance: .2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4584c5479acf58600ee5f004a789408393c02ae48d111dddc6e2ff46c77542c0
                                                          • Instruction ID: 6ba1da66f14de7eb43a089147b9ec2db9664e635032805730a88c8fd5620560c
                                                          • Opcode Fuzzy Hash: 4584c5479acf58600ee5f004a789408393c02ae48d111dddc6e2ff46c77542c0
                                                          • Instruction Fuzzy Hash: BE71C174D04619DFDB48CFAAC984AAEBBB2FF89300F10816AD406BB354DB349A418F54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E780, Relevance: .1, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40c15604405601f397819f91041757c1e858aee9214a060fdd6696e97d005bfd
                                                          • Instruction ID: e33d79403ff423f729ebadf34ea72050478750435784fc4615d236e73a4abf55
                                                          • Opcode Fuzzy Hash: 40c15604405601f397819f91041757c1e858aee9214a060fdd6696e97d005bfd
                                                          • Instruction Fuzzy Hash: 2561F474D14229CFCF64CFA5C984AADBBB1FF49300F1095AAD40ABB258EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E8A3, Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88884177d090e1c79d8b072059b3ae45a4593f856f17c8fffb2c600bd310f18b
                                                          • Instruction ID: 75220c3217d134181bd3c3fc62d16709962b59dc266abbdd9c10de8e972b0e75
                                                          • Opcode Fuzzy Hash: 88884177d090e1c79d8b072059b3ae45a4593f856f17c8fffb2c600bd310f18b
                                                          • Instruction Fuzzy Hash: A3512874D18269CFCF54CFA5C984AADBBB1FF49300F1091AAD40ABB259EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E924, Relevance: .1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a836a0dd36c029039accd364481027c8465658381fea3e12de69278f511bfb2
                                                          • Instruction ID: d40d292b924b3d758a62a26b74922474f01567b32a4a407114dc60fbcd518006
                                                          • Opcode Fuzzy Hash: 0a836a0dd36c029039accd364481027c8465658381fea3e12de69278f511bfb2
                                                          • Instruction Fuzzy Hash: B1510674D14229CFCF64CFA5C984AADBBB1FF49300F10956AD90ABB258EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E63E, Relevance: .1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88c168bf485c6f4b7cd9839ffb0c70e27277e9b71341155f57ad6efc08738538
                                                          • Instruction ID: 2d9768ecb6283d786ac3a7c00de580de1461b609021736dd665cd81a048a7d54
                                                          • Opcode Fuzzy Hash: 88c168bf485c6f4b7cd9839ffb0c70e27277e9b71341155f57ad6efc08738538
                                                          • Instruction Fuzzy Hash: 9C510674D18229CFCF54CFA5C984AADBBB1FF49304F10956AD40ABB258EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E756, Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f056d834bf7b0d94d6c141eccd8b1a37a5a36e6d8e64ee5da6340e65a2da05ac
                                                          • Instruction ID: e776ce40b5c9fc266943fcaa511f826fb94fcd708cf84f0b36c77931af46c16f
                                                          • Opcode Fuzzy Hash: f056d834bf7b0d94d6c141eccd8b1a37a5a36e6d8e64ee5da6340e65a2da05ac
                                                          • Instruction Fuzzy Hash: 3151F674D14229CFCF64CFA5C984AADBBB1FF49300F1095AAD50ABB258EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E8FF, Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 290b8cf87deffc4173c33208986188e7f8cbf40cb5ebbe46eb85f7db7b2cfabf
                                                          • Instruction ID: 85aa615b63af51f89563031add8838464c3b2cd8a042f6b26b71363ba09bac73
                                                          • Opcode Fuzzy Hash: 290b8cf87deffc4173c33208986188e7f8cbf40cb5ebbe46eb85f7db7b2cfabf
                                                          • Instruction Fuzzy Hash: 6B51F674D14269CFCF64CFA5C984AADBBB1FF49300F1095AAD40ABB258EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2E91C, Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f284a6e98c5e8f019247b11c65365ee5a76d2f8cc9df6262c5908ace4bb83a4
                                                          • Instruction ID: 07a50d6be6cdb8ef92b6a6a7d9eb493cfd6ce5cbb8963b43961b5adbdc7cd4ed
                                                          • Opcode Fuzzy Hash: 1f284a6e98c5e8f019247b11c65365ee5a76d2f8cc9df6262c5908ace4bb83a4
                                                          • Instruction Fuzzy Hash: 15510674D14229CFCF64CFA5C984AADBBB1FF49300F1095AAD40ABB258EB349A41CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C020, Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a34bf33ab4660c8c1a92489aea8537aa233a439251b79ecc65591765f352662d
                                                          • Instruction ID: 6e174ee1b08da95beda99cadd358c4653935f9838c82cdf093e31c1c18a2ae92
                                                          • Opcode Fuzzy Hash: a34bf33ab4660c8c1a92489aea8537aa233a439251b79ecc65591765f352662d
                                                          • Instruction Fuzzy Hash: F7417C70D1A219DFCB44CFB5C581ADEBBF5FB8A310F20A42AC005B7254D73599148FA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C030, Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9071c6e2b42676e81a50b18c35c35a3644c218abe6cbc857d2213ecb250b570b
                                                          • Instruction ID: 82c584251392f1b7afb002faa9a26d78b5b40e9d40bc2b2bdf3197d13a1d18cb
                                                          • Opcode Fuzzy Hash: 9071c6e2b42676e81a50b18c35c35a3644c218abe6cbc857d2213ecb250b570b
                                                          • Instruction Fuzzy Hash: A6315D70D1A219DFCB44CFB5D581AEEBBF5FB4E310F20A42AD005B7214D73599148BA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25B60, Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd180591cca6abb4ec487f2da7594253682d19e4b9de688efb0173edb91cc937
                                                          • Instruction ID: 3e6ea79c8004b859bcbee7d1d8edf72775f015ca63af9f343cb033f57b37aa6e
                                                          • Opcode Fuzzy Hash: fd180591cca6abb4ec487f2da7594253682d19e4b9de688efb0173edb91cc937
                                                          • Instruction Fuzzy Hash: 9121B5B1E016188BDB18CFABD8442DEFBF7AFC9310F14C06AD509A6268DB741A55CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25B52, Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed5f87487d59378208a2ae27ec900d2c06030a0fc01bcaf64c33664bd0f6ce15
                                                          • Instruction ID: ac836a721ff603d86d6821775c832b21ef84254303025affd02533cd73dbc32a
                                                          • Opcode Fuzzy Hash: ed5f87487d59378208a2ae27ec900d2c06030a0fc01bcaf64c33664bd0f6ce15
                                                          • Instruction Fuzzy Hash: 7931DAB1D016598BDB18CFABC84469EFBF7AFC9300F14C06AD409AA268DB745645CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23BC8, Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r$X1(r
                                                          • API String ID: 0-542892166
                                                          • Opcode ID: 2fbc6622a0c7dc5e5a3da174ec5e3627e5d4cf15cf8c7c46470d2dc64398366a
                                                          • Instruction ID: b87115342b1113a418bac7440d6128b89250e79a73983a0966b3afc1a32ae401
                                                          • Opcode Fuzzy Hash: 2fbc6622a0c7dc5e5a3da174ec5e3627e5d4cf15cf8c7c46470d2dc64398366a
                                                          • Instruction Fuzzy Hash: CF411870E04258DFDB04CFAAC980AADBBF2FF88300F24D1AAD414AB265D7349A41CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F33763, Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: q=S$q=S
                                                          • API String ID: 0-3325465282
                                                          • Opcode ID: 2a8e0ac668b7cccf69ee55221fe3c465c49dde687f248b4f0b31c3a6f38e21b3
                                                          • Instruction ID: a5d60de4ac0348fc19423de34349b48513c0a4ba32caa46e0d2a4736cab4aa8b
                                                          • Opcode Fuzzy Hash: 2a8e0ac668b7cccf69ee55221fe3c465c49dde687f248b4f0b31c3a6f38e21b3
                                                          • Instruction Fuzzy Hash: 3C31F2B5C29219CFCB14CFA5D884AADFBB1FF4A341F04A91AD426BB264D734A402CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1322, Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserNameA.ADVAPI32(?,00000E2C), ref: 077A13E9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID:
                                                          • API String ID: 2645101109-0
                                                          • Opcode ID: 97fd54267580cdcf1cc46a572e2352ae45fe73197bf99deac424e009b570d538
                                                          • Instruction ID: 61ae26942636443b6a41ac5e35c58b4fcc3d5b7670bd493f222b0b8f91099292
                                                          • Opcode Fuzzy Hash: 97fd54267580cdcf1cc46a572e2352ae45fe73197bf99deac424e009b570d538
                                                          • Instruction Fuzzy Hash: F2315C7250E3C46FE7138B648C55BA6BFB89F03210F0985DBE984DF193D2689849C772
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A218B, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 077A223B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: 2f27ac418b60aa1a6b631cdb701db767ab6f37c5c579bef90e5afcbaba1c5fd8
                                                          • Instruction ID: b2c56cb640fbd3ce5dfa11dad668039dccc21ceda6fd97f24d8467a7cab5f665
                                                          • Opcode Fuzzy Hash: 2f27ac418b60aa1a6b631cdb701db767ab6f37c5c579bef90e5afcbaba1c5fd8
                                                          • Instruction Fuzzy Hash: D631B6B14043446FEB128B65DC44F66BFBCEF46310F0489AAF985CB152D724A909DB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1A7A, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.KERNELBASE(?,00000E2C,9901C9AB,00000000,00000000,00000000,00000000), ref: 077A1B24
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationToken
                                                          • String ID:
                                                          • API String ID: 4114910276-0
                                                          • Opcode ID: cf5cbdc53fd0cb89145db169437b79fd7a2aee342faf4bf540833909a3ee3d4a
                                                          • Instruction ID: 2b4e4c0bb10fbaae148fbf76c3a52d669d22e348ae73e759cbd817c467bcbc45
                                                          • Opcode Fuzzy Hash: cf5cbdc53fd0cb89145db169437b79fd7a2aee342faf4bf540833909a3ee3d4a
                                                          • Instruction Fuzzy Hash: A631E7B2409385AFEB228F65DC45F96BFB8EF06310F08889BE9848B153D624A508C771
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1608, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 077A16A9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: c68492fc99060acab1259e08d357c72fa6e5d70f54cffc0e69b7786e5d4dd41d
                                                          • Instruction ID: 4937e9d245f225912f69a5080f642c5eb03ee9f6f7c67fba0048a1192f70a54d
                                                          • Opcode Fuzzy Hash: c68492fc99060acab1259e08d357c72fa6e5d70f54cffc0e69b7786e5d4dd41d
                                                          • Instruction Fuzzy Hash: 53317EB1504384AFE722CF65CC44B66BFF8EF45214F0889AEE9858B252D775E409CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A06CA, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMutexW.KERNELBASE(?,?), ref: 077A0771
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateMutex
                                                          • String ID:
                                                          • API String ID: 1964310414-0
                                                          • Opcode ID: 5505cb1ace2971e427ee93f426fbe4912a62b1302330afecb299d7e429481357
                                                          • Instruction ID: f0f1c7c3f2b0d8833f241b7f90bf2a896941e9aac8976f1014f89715302e56b9
                                                          • Opcode Fuzzy Hash: 5505cb1ace2971e427ee93f426fbe4912a62b1302330afecb299d7e429481357
                                                          • Instruction Fuzzy Hash: E23184B55097806FE712CB25DC84B56FFF8EF06210F0884AAE9848B293D375E909CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A07C8, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 077A087E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: 5a8b79dddc162ea4e2adea8c033a251548046021b0b3e7c8fa90a4956bc49a32
                                                          • Instruction ID: 3a908098314b965d142b2a8a68ffb641fc5d03f0930f19ebfff3689e4e3560b1
                                                          • Opcode Fuzzy Hash: 5a8b79dddc162ea4e2adea8c033a251548046021b0b3e7c8fa90a4956bc49a32
                                                          • Instruction Fuzzy Hash: CC31D7B64097C06FD3138B25DC51B61BFB8EF47720F0A85DBD8848B563E225691AC7B2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1DAB, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 077A1E47
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: OpenPolicy
                                                          • String ID:
                                                          • API String ID: 2030686058-0
                                                          • Opcode ID: 1f117c26d088fbc029a8d16e1e4eaa140709ebbd2f4fb43b95054d827f896f8d
                                                          • Instruction ID: 64f32fc685b8ed27b0477f31fdfa53630f26767eb4d426cde2b49cf75662f26c
                                                          • Opcode Fuzzy Hash: 1f117c26d088fbc029a8d16e1e4eaa140709ebbd2f4fb43b95054d827f896f8d
                                                          • Instruction Fuzzy Hash: 802182B2504344AFEB21CF65DC84F66FFF8EF45310F18899AED849B152D225A508CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1447, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowA.USER32(?,00000E2C), ref: 077A14EA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: FindWindow
                                                          • String ID:
                                                          • API String ID: 134000473-0
                                                          • Opcode ID: 8f9d6f93c022b8e47b12158a923b2187a0139df8971eb99a9b1e473f6625b419
                                                          • Instruction ID: e1652743f7ce80cd20eec4814920920070dd94d898e5ad3e44e5fcd615e1f327
                                                          • Opcode Fuzzy Hash: 8f9d6f93c022b8e47b12158a923b2187a0139df8971eb99a9b1e473f6625b419
                                                          • Instruction Fuzzy Hash: 2121DBB15083846FEB228F14DC41B95BFB8EF46310F1884DAE9448F192D378A949C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A21BE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 077A223B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: f57f538fc2726ba288a1e818c24cb552cc0efb6483b32663443d093584bbacc4
                                                          • Instruction ID: 546372b97154c76f0361c55338aff9ff34876a827031cec43e680092e70cb4e4
                                                          • Opcode Fuzzy Hash: f57f538fc2726ba288a1e818c24cb552cc0efb6483b32663443d093584bbacc4
                                                          • Instruction Fuzzy Hash: FD21C1B2500204AFEB219F65DC84F6AFBECEF48310F14896AEA85CB152D630E4048BB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1700, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileType.KERNELBASE(?,00000E2C,9901C9AB,00000000,00000000,00000000,00000000), ref: 077A1795
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID:
                                                          • API String ID: 3081899298-0
                                                          • Opcode ID: 67eacdfed83f3d753ef45fa52bcaf7506d49c048a1768e50fbfa71c376105bfc
                                                          • Instruction ID: e6f0aa57478003a0d044d0bb708923707a7b195c8ac8a90979d450c0c8dd8f94
                                                          • Opcode Fuzzy Hash: 67eacdfed83f3d753ef45fa52bcaf7506d49c048a1768e50fbfa71c376105bfc
                                                          • Instruction Fuzzy Hash: CA21F8B64087846FF712CB25DC80BA2BFBCEF46720F0885DAE9848B153D224A909C771
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2299, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNELBASE(?), ref: 077A2320
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: df11dd13ddbee73518e379d56ac012a6e5ab0234e50109f4ed3b356eeff41c4e
                                                          • Instruction ID: 3c87c2fafe2d146aa56ea896ab41630bbbb4516615d5b6f0caf18ae4d9cef360
                                                          • Opcode Fuzzy Hash: df11dd13ddbee73518e379d56ac012a6e5ab0234e50109f4ed3b356eeff41c4e
                                                          • Instruction Fuzzy Hash: 5C2171B65093C05FD712CB35DC95B92BFA4EF47610F0984DADC858F263D225A908C762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A162A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 077A16A9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 3e5ec5e1aa59bf9c26fd0b05c03db081de997edcafadc9ff3710f13c910362e6
                                                          • Instruction ID: 637d332f115e561a9a9dd3c1efde95989df2a2c537acf394f8a7b9bf0dcf58cd
                                                          • Opcode Fuzzy Hash: 3e5ec5e1aa59bf9c26fd0b05c03db081de997edcafadc9ff3710f13c910362e6
                                                          • Instruction Fuzzy Hash: 08219AB1500244AFFB21CF69C884B66FBE8EF48314F08896AE9858B252DB71E404CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2618, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 077A269A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 01af2f028fb262e8402cda44004efd9ac6560e37676b818625abb257a139f07d
                                                          • Instruction ID: 95c9bf51d096aef0f4c9ab51be3336d5a95378f8701f72a24170036cb457419c
                                                          • Opcode Fuzzy Hash: 01af2f028fb262e8402cda44004efd9ac6560e37676b818625abb257a139f07d
                                                          • Instruction Fuzzy Hash: 4A21B6B25093855FE712CF25DC45B92BFE8EF46214F0984EBE884CF553D264D448CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A06FE, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMutexW.KERNELBASE(?,?), ref: 077A0771
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateMutex
                                                          • String ID:
                                                          • API String ID: 1964310414-0
                                                          • Opcode ID: 87f0f3e0a25fc89724a5d0bbf2642fd60ca438381e3c23f9eac0d7b9b4dd3e62
                                                          • Instruction ID: c8b4d790b77a055e53b79bd96a837de4adc388f8863aa702d442be40dc4faba7
                                                          • Opcode Fuzzy Hash: 87f0f3e0a25fc89724a5d0bbf2642fd60ca438381e3c23f9eac0d7b9b4dd3e62
                                                          • Instruction Fuzzy Hash: 1F21A1B1500240AFFB21DF69DC85B66FBE8EF45310F14886AED458B242E775E404CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1DD6, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 077A1E47
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: OpenPolicy
                                                          • String ID:
                                                          • API String ID: 2030686058-0
                                                          • Opcode ID: 2b6d375aae7ebf6c0587c3c65a2b6d3a716b1caf6f0f470e9ed243f8004efef0
                                                          • Instruction ID: c3472d2ce60a1b7354f729a1b9691b5a052806b3659d216f58310dd97b58d984
                                                          • Opcode Fuzzy Hash: 2b6d375aae7ebf6c0587c3c65a2b6d3a716b1caf6f0f470e9ed243f8004efef0
                                                          • Instruction Fuzzy Hash: AC21C0B2504204AFFB20DF69DC85F6AFBECEF44711F14896AED449B241D674E5048BB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A18B2, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteFile.KERNELBASE(?,00000E2C,9901C9AB,00000000,00000000,00000000,00000000), ref: 077A1931
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: 6c73f53be4046c4a5e9b13cd9a8c4d2ca97cc741ef1ea7c510e8ce0880695b16
                                                          • Instruction ID: 0b50522b1f397182e717d82ea71d09705d5587d518d18c8263802cd050b8fe97
                                                          • Opcode Fuzzy Hash: 6c73f53be4046c4a5e9b13cd9a8c4d2ca97cc741ef1ea7c510e8ce0880695b16
                                                          • Instruction Fuzzy Hash: DF2165714053846FEB22CF55DC84F56BFB8EF45710F08899AE9859B152D265A408CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1ABA, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.KERNELBASE(?,00000E2C,9901C9AB,00000000,00000000,00000000,00000000), ref: 077A1B24
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationToken
                                                          • String ID:
                                                          • API String ID: 4114910276-0
                                                          • Opcode ID: 14b6ef5272aa5ec32be7526c31d77ac5aca1649cac1cd9ff9e37c79b60217460
                                                          • Instruction ID: 8cce94e70a7b5b9595e26bd87373172aacfa6533d6f7f30c25830623d0888867
                                                          • Opcode Fuzzy Hash: 14b6ef5272aa5ec32be7526c31d77ac5aca1649cac1cd9ff9e37c79b60217460
                                                          • Instruction Fuzzy Hash: 8911AFB2500204AFFB21CF69DC85FAAFBACEF45720F04896AEA55DB251D674E404CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A255C, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077A25DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: c283dd3e19f58b600dff2300f32ca0bd8a89b7c64f3d025b461505ea67209603
                                                          • Instruction ID: 16c33abc3c93b8914803665408d6acf08ead8dd8cf57b02b3f312d60961eb6d4
                                                          • Opcode Fuzzy Hash: c283dd3e19f58b600dff2300f32ca0bd8a89b7c64f3d025b461505ea67209603
                                                          • Instruction Fuzzy Hash: 6C21D0B61093C09FEB12CB25DC84A96FFF4EF47210F0984DEE8858B563D224A848DB21
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A08A7, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 077A0933
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: a9e31f306336214c358f93df8a4458ffeb102deffbe02477eb8347dfac4e2c70
                                                          • Instruction ID: ecd3fe8270e1b9dc6ae51880217e1ab7a24d66d71612d79cbe2657fa10ee2092
                                                          • Opcode Fuzzy Hash: a9e31f306336214c358f93df8a4458ffeb102deffbe02477eb8347dfac4e2c70
                                                          • Instruction Fuzzy Hash: 2021E7715043846FE721CB15DC85F66FFB8DF45720F14849AFD845F192D264A948C762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A0007, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 077A007D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: ExtentPoint32Text
                                                          • String ID:
                                                          • API String ID: 223599850-0
                                                          • Opcode ID: 1f47c7326e22ee5ed4403b02e19f1a0c6b51e3f558d9fdc7345dc7c858c6abfc
                                                          • Instruction ID: 1d26eedef6d08d8f5d127f86e0cf947a82aa1a6a68bbe52cc25794e739d8fdb7
                                                          • Opcode Fuzzy Hash: 1f47c7326e22ee5ed4403b02e19f1a0c6b51e3f558d9fdc7345dc7c858c6abfc
                                                          • Instruction Fuzzy Hash: 172187715053409FD711CF65DC44B63BFF8EF45220F0985AAEC84CB152D275E804CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A29B5, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 077A2A29
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 2de53b9854bc122a286f87bf6312877ac05dac54a7fd2a35f56693e68b7a0f22
                                                          • Instruction ID: 27d8bd9d955da83af83a6db341a5e001dcf32e067b7b5f5c51c6936fda56e45d
                                                          • Opcode Fuzzy Hash: 2de53b9854bc122a286f87bf6312877ac05dac54a7fd2a35f56693e68b7a0f22
                                                          • Instruction Fuzzy Hash: E9218C724093C0AFDB238B25CC44A52BFB4EF47220F0985DAED848F163D225A818DB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A147E, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowA.USER32(?,00000E2C), ref: 077A14EA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: FindWindow
                                                          • String ID:
                                                          • API String ID: 134000473-0
                                                          • Opcode ID: 623f185b0caa069c0ed28d197a116cd9ea198aae2d14acae76b3c06c65a3e52a
                                                          • Instruction ID: e6ce0e1876f644d400b3836351bfe45c781f4191cc7c2f492317952fa5b972a8
                                                          • Opcode Fuzzy Hash: 623f185b0caa069c0ed28d197a116cd9ea198aae2d14acae76b3c06c65a3e52a
                                                          • Instruction Fuzzy Hash: 6111E7B1500204AFFB20DF59DC85BA6FBA8DF44710F14C8AAED459F281D274A504CBB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A18D2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteFile.KERNELBASE(?,00000E2C,9901C9AB,00000000,00000000,00000000,00000000), ref: 077A1931
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: c3c37407ea08eef223106fed1361fd8de30ea879493fc8d2dde556850f11c104
                                                          • Instruction ID: f37752d1d4420117b0850e7db5dc32c6629271f8f9e54310c964954bcc20cc26
                                                          • Opcode Fuzzy Hash: c3c37407ea08eef223106fed1361fd8de30ea879493fc8d2dde556850f11c104
                                                          • Instruction Fuzzy Hash: 5111B2B1400244AFEB21CF55DC84FAAFBE8EF44720F14896AEA599B141C674A404CBB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A24BB, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077A2520
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: b9be8743c60a9fca06eac38286fd2a074af196f390d3929b20e50523b719dd85
                                                          • Instruction ID: 442371675b7482b57da600dc90444ec6b0b460656b12b82001a7330c27636bc0
                                                          • Opcode Fuzzy Hash: b9be8743c60a9fca06eac38286fd2a074af196f390d3929b20e50523b719dd85
                                                          • Instruction Fuzzy Hash: 1811E276109780AFDB228F25DC40A52FFB4EF46220F0885DEED858B563C275E458DB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2D47, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 077A2DB1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 2c664705ed67c1367c205a168fe92fcc3f0fdb567766715f571a484e19154b2e
                                                          • Instruction ID: ca2a0611922de3a389325f43558cf6953332bdbcd00ebaf1fb7cc02abc6346b7
                                                          • Opcode Fuzzy Hash: 2c664705ed67c1367c205a168fe92fcc3f0fdb567766715f571a484e19154b2e
                                                          • Instruction Fuzzy Hash: C311D072409384AFDB228F15DC45B52FFB4EF46224F08849EED854B163C265A418CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A08CA, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 077A0933
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: cdfd365862b4a8706bd6cdc48855977162af842ca20bc84611f381ebdbd94abf
                                                          • Instruction ID: c034d5c4fbbc3d3817ab6c4b38e2d93b9798b63c8af8cac18f22674887f9fcde
                                                          • Opcode Fuzzy Hash: cdfd365862b4a8706bd6cdc48855977162af842ca20bc84611f381ebdbd94abf
                                                          • Instruction Fuzzy Hash: 3B1108B1500204BFF720DB15DC85F76FBA8DF44720F14C85AFE445B281D2B5A504CAB2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2414, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetThreadContext.KERNELBASE(?,?), ref: 077A2473
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: ContextThread
                                                          • String ID:
                                                          • API String ID: 1591575202-0
                                                          • Opcode ID: 2d6d8c46b8014425c4b509dc57a28488360de7bcec2e5133f6962f1a0b0a30d9
                                                          • Instruction ID: db1e476206dd5ed7278430a746962a63f6a0b76dcd3c9d4fccadfeb9ce6955bb
                                                          • Opcode Fuzzy Hash: 2d6d8c46b8014425c4b509dc57a28488360de7bcec2e5133f6962f1a0b0a30d9
                                                          • Instruction Fuzzy Hash: C011C4715043849FE711CF15DC84F52FFE8EF46220F0984AAED858B262D234E808CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2652, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 077A269A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: f1491d49eaf534ff0af7a92f42e65fbbfe1afc55317580d13ce1b23c9e658957
                                                          • Instruction ID: 7e0848443827dc2ea2e987acc34aecb610592f0198c550475684569410b72474
                                                          • Opcode Fuzzy Hash: f1491d49eaf534ff0af7a92f42e65fbbfe1afc55317580d13ce1b23c9e658957
                                                          • Instruction Fuzzy Hash: 3A11A5F16012059FEB20DF29D884756FBD8FF84224F08C56ADC49CB642D670D404CA71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A1742, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileType.KERNELBASE(?,00000E2C,9901C9AB,00000000,00000000,00000000,00000000), ref: 077A1795
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID:
                                                          • API String ID: 3081899298-0
                                                          • Opcode ID: 0276bc1a337b23a373d17c805e67f358abe39d9a1217071bc4b7146a36d81054
                                                          • Instruction ID: 2ebaf7e7eefcb63d28ce30f33be95587e3444c6e577767c93681b929470f0904
                                                          • Opcode Fuzzy Hash: 0276bc1a337b23a373d17c805e67f358abe39d9a1217071bc4b7146a36d81054
                                                          • Instruction Fuzzy Hash: C501F9B1500204AFF710CB55DC85B66FBECDF45720F14C456EE559F241C674A804CAB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A0032, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 077A007D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: ExtentPoint32Text
                                                          • String ID:
                                                          • API String ID: 223599850-0
                                                          • Opcode ID: 42b7c8d3a8491986d99c0b4de69bf4780d0d66988eea3135477ba9c12ba02eca
                                                          • Instruction ID: f467b81c2b29868dec432cc0debb61eb7f0ce1e24ee7429d68e92d183ab3cf85
                                                          • Opcode Fuzzy Hash: 42b7c8d3a8491986d99c0b4de69bf4780d0d66988eea3135477ba9c12ba02eca
                                                          • Instruction Fuzzy Hash: D611A5B55102009FEB20CF65D884B67FBE8EF84250F08C97ADC498B242E375E404CB72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A22E6, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNELBASE(?), ref: 077A2320
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: 256193a9c7889646f3fc0dadb29b4339f931fdaf6c102fa240a3306a3166f1ab
                                                          • Instruction ID: 0ccf7903434697a8ebeef39c67397f0dd69ba24eef210bef822888a28ae8de4c
                                                          • Opcode Fuzzy Hash: 256193a9c7889646f3fc0dadb29b4339f931fdaf6c102fa240a3306a3166f1ab
                                                          • Instruction Fuzzy Hash: 2401B5B1A142059FEB10CF29D885756FBD8EF81220F08C4AADC59CF642D274E404CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2596, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077A25DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 4873eae065701286541cbd020e883c58380d6cd116c30602ea5bad3eed3d9b2f
                                                          • Instruction ID: 1a54d4557fa094c89e0f33db4aeb45dd17647412606eb7435b1accf90f643ace
                                                          • Opcode Fuzzy Hash: 4873eae065701286541cbd020e883c58380d6cd116c30602ea5bad3eed3d9b2f
                                                          • Instruction Fuzzy Hash: CE01C0B5600200AFEB20CF15D884B66FBE4FF84320F08C5AAED558B662D271E458DB72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2436, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetThreadContext.KERNELBASE(?,?), ref: 077A2473
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: ContextThread
                                                          • String ID:
                                                          • API String ID: 1591575202-0
                                                          • Opcode ID: 8df648391eccd1668f0a0b888f93f778a9cf01a1b897f99f98e1e1d76fe3683a
                                                          • Instruction ID: 86223a39086f99efde3cf239120cbd08dba9f59ca02fe8cb0116e4cc25b98706
                                                          • Opcode Fuzzy Hash: 8df648391eccd1668f0a0b888f93f778a9cf01a1b897f99f98e1e1d76fe3683a
                                                          • Instruction Fuzzy Hash: B601D4B55102019FEB10CF15D884B66FBE4FF85320F08C4AADD458B252D274E804CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A082E, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 077A087E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: 0e3758bdfbe9bc7f25319dd8be136d36ce798a7ce517cb0b3946d15717deae83
                                                          • Instruction ID: c31236a3c3388aac4f4df08b9391d002508cd70717260b3a2f167a2d78385894
                                                          • Opcode Fuzzy Hash: 0e3758bdfbe9bc7f25319dd8be136d36ce798a7ce517cb0b3946d15717deae83
                                                          • Instruction Fuzzy Hash: 7C01AD72500200ABD210DF1ADC86B26FBE8FB88B20F14C11AED084BB45E671F915CBE6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A24E2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077A2520
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: fbf73382347c18bf29f662eb90f7b53e99ef79c57f28600e2949e29666b5d7a0
                                                          • Instruction ID: 2559cff445a12478e2b4705d0d3820e3171abc4d81799a4121782cc5f6696509
                                                          • Opcode Fuzzy Hash: fbf73382347c18bf29f662eb90f7b53e99ef79c57f28600e2949e29666b5d7a0
                                                          • Instruction Fuzzy Hash: 730192726006009FEB218F55D844B56FFA4FF84320F08C5AAED554B652C271E418CF62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A2D76, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 077A2DB1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: f718a69e8c1943eea1565323d8008c7db8a8957c21eb8428fb3dfa150ee0215f
                                                          • Instruction ID: 1f57580508e00062cf8bfe1c4b94a568094ebe2e3445b637cb34f426d8e29cab
                                                          • Opcode Fuzzy Hash: f718a69e8c1943eea1565323d8008c7db8a8957c21eb8428fb3dfa150ee0215f
                                                          • Instruction Fuzzy Hash: FB01B1725006009FEB208F15D884B66FFA4FF85320F08C59ADD554B653C271E458CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 077A29EE, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 077A2A29
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.261367355.00000000077A0000.00000040.00000001.sdmp, Offset: 077A0000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: ce9c3773ce19f4e6245da6700fdd03b24573a153f82c65095e55e8bf44a61f55
                                                          • Instruction ID: ba689007b28f9470748f1f23aa2444e735a35aa8cdb3a5b5b11c5c368ac8fe65
                                                          • Opcode Fuzzy Hash: ce9c3773ce19f4e6245da6700fdd03b24573a153f82c65095e55e8bf44a61f55
                                                          • Instruction Fuzzy Hash: FA018F754106049FEB308F15D884B25FFA0FF89320F08C59ADD590B666D275E418CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C20BC0, Relevance: 1.5, Instructions: 1523COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: afe58d9ddc357001d7d79091808af5ddcb122103bbae04ffccf161846acf727d
                                                          • Instruction ID: 2a063b5c8a3c49677e017cd9177ab61ec702b9382433983a60d7fc9c8b9d76b2
                                                          • Opcode Fuzzy Hash: afe58d9ddc357001d7d79091808af5ddcb122103bbae04ffccf161846acf727d
                                                          • Instruction Fuzzy Hash: 47F29134A01219DFDB25DB64C988B99B7B2FF4A300F5585E9E50DAB361CB31AE85CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C20BD0, Relevance: 1.5, Instructions: 1517COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6144ab631d18ba5c3863e801e425976a1c192408683de873089fe98f8712ba6
                                                          • Instruction ID: 21101f4d47960c9aa830c0d2066ee2b5bf326cb7f1c0bd71cd9f2d506f0c0f1c
                                                          • Opcode Fuzzy Hash: e6144ab631d18ba5c3863e801e425976a1c192408683de873089fe98f8712ba6
                                                          • Instruction Fuzzy Hash: 21F29134A01219DFDB25DB64C988B99B7B2FF4A300F5585E9E50DAB361CB31AE85CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C296F8, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (!
                                                          • API String ID: 0-2090601011
                                                          • Opcode ID: 534b8c9c26b65aa71890d06970a8bb65f3ea7aafe4b5d681e1df45357d61f80e
                                                          • Instruction ID: 6d235c28edcf0da36cfaf7b4dfeb7f2f5a97aeef03b24fc169abaf0dfc719b54
                                                          • Opcode Fuzzy Hash: 534b8c9c26b65aa71890d06970a8bb65f3ea7aafe4b5d681e1df45357d61f80e
                                                          • Instruction Fuzzy Hash: 2B514470901329DFCB54DFA9E98499CBBF5FB08319F6494A9E809EB224E7349E40CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C29762, Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (!
                                                          • API String ID: 0-2090601011
                                                          • Opcode ID: 6865b13a4f6adee5fc1848cb8aa1f06ead32259af2fae9497096c27a00a9b26c
                                                          • Instruction ID: 6d824cd3c07926b075e121277ee21495ba10cdb2d71d2a2beb6a24cd76c021a0
                                                          • Opcode Fuzzy Hash: 6865b13a4f6adee5fc1848cb8aa1f06ead32259af2fae9497096c27a00a9b26c
                                                          • Instruction Fuzzy Hash: 61612574901269DFCB50CFA9E98499CBBF1FB48319F6494A9E805EB328E7349E41CF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C296D8, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (!
                                                          • API String ID: 0-2090601011
                                                          • Opcode ID: 72044683de164e67ea4a04c1b967313b53044065fe500b4d5d8357428fa3cfa3
                                                          • Instruction ID: 0aaab6bea85c6de8b43080c271a8648b4c90cdf16307d2c1252f1621955d609b
                                                          • Opcode Fuzzy Hash: 72044683de164e67ea4a04c1b967313b53044065fe500b4d5d8357428fa3cfa3
                                                          • Instruction Fuzzy Hash: 5A515770901325DFDB50CFA9E98499CBBF1FB08318F6894AAE845EB225E7349E40CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31079, Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ]j:*
                                                          • API String ID: 0-2742112570
                                                          • Opcode ID: 04a821ec53be7f4cd814861054fa02ad2b97a430357622c9f666e90098f053a7
                                                          • Instruction ID: 2b7bd01e9037e8fc78d54e6939024c9e3e800ce90087b185360912d467ff28bc
                                                          • Opcode Fuzzy Hash: 04a821ec53be7f4cd814861054fa02ad2b97a430357622c9f666e90098f053a7
                                                          • Instruction Fuzzy Hash: E6119AB5D1924ADFCB40DFA4C5810AEBBF1FF85310F2495AAD405EB214D3388A41CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2D110, Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • hECAHAoEwAABm9GAAAKACVyFwIAcCgTAAAGb0YAAAoAJXIfAgBwKBMAAAZvRgAACgAlciUCAHAoEwAABm9GAAAKACVyKwIAcCgTAAAGb0YAAAoAJXIzAgBwKBMAAAZvRgA, xrefs: 01C2D16A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: hECAHAoEwAABm9GAAAKACVyFwIAcCgTAAAGb0YAAAoAJXIfAgBwKBMAAAZvRgAACgAlciUCAHAoEwAABm9GAAAKACVyKwIAcCgTAAAGb0YAAAoAJXIzAgBwKBMAAAZvRgA
                                                          • API String ID: 0-3521842892
                                                          • Opcode ID: f057eab8baab672ded4bf7bee47807484d0b99af7d0dd8ff0ee4114da25aaceb
                                                          • Instruction ID: 7529d50852516fda0986f40cb6696f06325cda83bf65d50783813a0466154f34
                                                          • Opcode Fuzzy Hash: f057eab8baab672ded4bf7bee47807484d0b99af7d0dd8ff0ee4114da25aaceb
                                                          • Instruction Fuzzy Hash: 49017E74A002688FCB64DF25DC587DEBBB1BB89304F1081EADC0AA6354DB305E81CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C200C8, Relevance: .6, Instructions: 602COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d67b610eb03dea3f3bbe71c5dd451a473d2f585750e969bd7e9752f0384d3836
                                                          • Instruction ID: 967ec014f2db3e0c50053d197777391a1efd7020ba70f8a78d2d8e7e8dc0b813
                                                          • Opcode Fuzzy Hash: d67b610eb03dea3f3bbe71c5dd451a473d2f585750e969bd7e9752f0384d3836
                                                          • Instruction Fuzzy Hash: C652A634A012188FDB64DF68C990BDEB7B6BF89300F1081E9D949AB355CB71AE81CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C200B8, Relevance: .6, Instructions: 565COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2730de1669910f73adba29f133a012c7bcdff78689b8d27c8a5c24ce43ae9be5
                                                          • Instruction ID: b45b7366fe84bb35e4a97add52c7172eecdd53d2ee83933d3f028666496942a7
                                                          • Opcode Fuzzy Hash: 2730de1669910f73adba29f133a012c7bcdff78689b8d27c8a5c24ce43ae9be5
                                                          • Instruction Fuzzy Hash: 1B42B834A012188FDB64DF68C990BDAB7B6BF89300F1081E9D94DAB355CB71AE81CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03590227, Relevance: .5, Instructions: 455COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248329156.0000000003590000.00000040.00000040.sdmp, Offset: 03590000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 59283ba9adbbfe36ac97f18aafcba820cfd7345a937302e95c71fe976cf432dd
                                                          • Instruction ID: a1d737a2677bb73906d6e44cf14fc31adcc818400a8e4ab60ccd23c67879688f
                                                          • Opcode Fuzzy Hash: 59283ba9adbbfe36ac97f18aafcba820cfd7345a937302e95c71fe976cf432dd
                                                          • Instruction Fuzzy Hash: D24136A294E3C14FD7038B359C652907FB0AE53224B2E44EBC4C5CF1B3E219595AC766
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23930, Relevance: .2, Instructions: 188COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8edf5e2a1e8861881e72422cd3b002bbe702f2f7e26b1bc1f088a69ce535436e
                                                          • Instruction ID: 58505dfe7efbae8b75d130135276c57e7a330be6c45651ec1cf847f686bdc242
                                                          • Opcode Fuzzy Hash: 8edf5e2a1e8861881e72422cd3b002bbe702f2f7e26b1bc1f088a69ce535436e
                                                          • Instruction Fuzzy Hash: B381D131D00228DFDB19CFA5D840BDEBBB2BF8A314F5090A9D548BB261DB759A85CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23D98, Relevance: .2, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae2f5aea09b1fd653063bc7b506b39d2619d943dd531a6bc773b77db298ad480
                                                          • Instruction ID: e94bdc22b6bbaa3992e6281b3dc361db0f7f840f3885e7037db7aafdbbe8efe9
                                                          • Opcode Fuzzy Hash: ae2f5aea09b1fd653063bc7b506b39d2619d943dd531a6bc773b77db298ad480
                                                          • Instruction Fuzzy Hash: 8F516F70E00259DFDB58DFA9D850AAEBFB2BF89700F20802AE505BB390DB349D05CB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30E10, Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 269d9571beaed73688b474e51be22996b39fc997658ea6f1c93bfeef208314cc
                                                          • Instruction ID: 353a46489d225d93e9068a99b0c6c5ffc704a84411800983366c749c021015ab
                                                          • Opcode Fuzzy Hash: 269d9571beaed73688b474e51be22996b39fc997658ea6f1c93bfeef208314cc
                                                          • Instruction Fuzzy Hash: 2261D2B4E00209DFCB54DFA8C9546AEBBB6FF89300F24912AD805AB368DB345941CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30E20, Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ecc3900920a3348c06788a7ee8a72c793291f24fcd2c5770ccd60ab073a54f8
                                                          • Instruction ID: c73ea299863b9e7d95f149227c19598022922fec657e06ab2a360e81687e1b7e
                                                          • Opcode Fuzzy Hash: 3ecc3900920a3348c06788a7ee8a72c793291f24fcd2c5770ccd60ab073a54f8
                                                          • Instruction Fuzzy Hash: AD61C0B4E00219DFCB54DFA9C9546AEBBB6FF88300F24912AD80AAB358DB345941CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F319D8, Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f786b32e67d35f04f5bff9de53c26b1e68fbc308194ed14025f9b3a83142a568
                                                          • Instruction ID: c6c2dc556c3e933545a0d70a1b18e9d0e89da16dd82d21049839b455de2eec83
                                                          • Opcode Fuzzy Hash: f786b32e67d35f04f5bff9de53c26b1e68fbc308194ed14025f9b3a83142a568
                                                          • Instruction Fuzzy Hash: 624144B0E1960DDFCB14CFAAE8846EEBBF1EB4A351F18A02AE015B7250D7348551CF58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F319E8, Relevance: .1, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2543dd075a7806661415736e6a1866a305493d319b92081661625734110b110
                                                          • Instruction ID: f3f163973ead40dea3089a4a7d1121a8db3c820ca014bc778f598927661deab1
                                                          • Opcode Fuzzy Hash: d2543dd075a7806661415736e6a1866a305493d319b92081661625734110b110
                                                          • Instruction Fuzzy Hash: 1A4121B1D1560CDFCB14CFAAE8846EEFBB5AB4A351F18A02AE015B6250EB349551CF18
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C27DE2, Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 592904ce6ee667be58b2a26f83917d4d7437ccb34f882eeea36124a95e2b91df
                                                          • Instruction ID: a127b956025c182d2ae68253def0103638eac9a5615b8486c2168b19409b9dc7
                                                          • Opcode Fuzzy Hash: 592904ce6ee667be58b2a26f83917d4d7437ccb34f882eeea36124a95e2b91df
                                                          • Instruction Fuzzy Hash: 6141E4B4D01219DFCB04CFA8D9859AEBBB2FF58310F24816AD901A7315D730AA50CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C27DF0, Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01499c74b3d04353bb121e2937a561dbd0174dc794479c3b7557f5d0f913ad9a
                                                          • Instruction ID: 5b193c74da69561b26e2f6baeb55fd5a0119e388a68db42dcf4565afffcc923c
                                                          • Opcode Fuzzy Hash: 01499c74b3d04353bb121e2937a561dbd0174dc794479c3b7557f5d0f913ad9a
                                                          • Instruction Fuzzy Hash: 9D41D2B4D01219EFCB04DFA8D985AAEBBB2FF58310F209169E505A7314D730AE50CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C240, Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bbc63d5976b697d22cfa7a9fd6764f04411b5ad83b17c478f6be86b7f9bd57cf
                                                          • Instruction ID: 6a86acf5b2efce311e15a76be3135572acfab39d75268f163e55c647ba482a78
                                                          • Opcode Fuzzy Hash: bbc63d5976b697d22cfa7a9fd6764f04411b5ad83b17c478f6be86b7f9bd57cf
                                                          • Instruction Fuzzy Hash: F841C174E012298FDBA4DF25CD8879ABBB6BB99304F1091EAD84DA7254DF305E84CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23920, Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d27bdf8830513ec07d3943bd3235484613e49ebeeb7ffce291d9998ca163451
                                                          • Instruction ID: 735c59ed34a170f576fc673d4108adf19cddd9e58841f43dbf86da180f94ebbf
                                                          • Opcode Fuzzy Hash: 6d27bdf8830513ec07d3943bd3235484613e49ebeeb7ffce291d9998ca163451
                                                          • Instruction Fuzzy Hash: 83418E71E002A8CFDB19CF6AD8407DDBBB2BF8A314F1090AAC548AB251DB745A85CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23578, Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3e1c71e164e860f2689e17f0783c73a360157ab220fc1a92a2674036d0c20cc
                                                          • Instruction ID: 5a3b110f0ee8a5e166d03d7cf87857819a2d235b816cae490da430c90d4b6e9b
                                                          • Opcode Fuzzy Hash: b3e1c71e164e860f2689e17f0783c73a360157ab220fc1a92a2674036d0c20cc
                                                          • Instruction Fuzzy Hash: 06414AB4E01218DFCB44DFAAD584AADBBF5BF48314F60946AE818B7310E7349A418F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2CDDE, Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6af25394c0f90b6bfad86da70ee82d328188a9e846e9b50911cc4cdd59a6c90
                                                          • Instruction ID: d558f27a8fa663c73bb357b6b7cd560180436c9f87eac5242966bf785111b3dd
                                                          • Opcode Fuzzy Hash: c6af25394c0f90b6bfad86da70ee82d328188a9e846e9b50911cc4cdd59a6c90
                                                          • Instruction Fuzzy Hash: 7E3124B0E05269CFDB60CF65C844BEDBBB1BB55304F1091EAC54EAB255DB709A80CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25421, Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 851d69bc1ba53b404b77f7fde619e6f5777cb98b785d5622bfa71b3c4f7237fb
                                                          • Instruction ID: 989a697c404d40c0300fdb4e69dd1418bc622c7da9c948839b089d5e853e6208
                                                          • Opcode Fuzzy Hash: 851d69bc1ba53b404b77f7fde619e6f5777cb98b785d5622bfa71b3c4f7237fb
                                                          • Instruction Fuzzy Hash: 9D31E5B4E04219DFCB54CFAAC580AAEBBF1FF48311F5094AAD815AB315D3789A41CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25430, Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e72eedf5d004e4ac49d168e20e9b7862ed0bf01c16835a2ca61ef025bfd4cc6a
                                                          • Instruction ID: 02aae5484f123aa6364509ae319e9e9ef1c75504a4357b7779f09b0232d55221
                                                          • Opcode Fuzzy Hash: e72eedf5d004e4ac49d168e20e9b7862ed0bf01c16835a2ca61ef025bfd4cc6a
                                                          • Instruction Fuzzy Hash: C421A0B4E04219DFCB54CF9AC580AAEBBF2FB48301F50946AD815A7314D774AA41CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C23A, Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5757dcdeeec6b614c74a25a3e464ccbef7704dd706d35d17882a4e168adff89e
                                                          • Instruction ID: 082dc5eb4be0ec81f06f4b41c64e1ed578e64e7b046c2cf09f5d4e7668194be7
                                                          • Opcode Fuzzy Hash: 5757dcdeeec6b614c74a25a3e464ccbef7704dd706d35d17882a4e168adff89e
                                                          • Instruction Fuzzy Hash: 1231C974E012298FDBA4DF26CC49799BBB2BB89304F14C1AAD44DA7264DB304A85DF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25528, Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5a52eb5142bb6a85904d111140ff0500d276b2eb237800af4ecaeb87a9da750
                                                          • Instruction ID: bae762fec8b0ce25fe6c911d42533b98c084e43e5ac8574613e7ee2a8ce87a81
                                                          • Opcode Fuzzy Hash: d5a52eb5142bb6a85904d111140ff0500d276b2eb237800af4ecaeb87a9da750
                                                          • Instruction Fuzzy Hash: 4721F3B4E0421ADFCB44CFAAC9859AEFBF2FB88310F1584AAD514AB354D734DA418F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25530, Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9ffae4e60de5fcedc7f6192972bdfd7c89771f93a4d102fcabe029f2eb76199
                                                          • Instruction ID: c0328f77551b64714eeb0e914b6d62143c7f488fe098d58809788763c6cc9251
                                                          • Opcode Fuzzy Hash: f9ffae4e60de5fcedc7f6192972bdfd7c89771f93a4d102fcabe029f2eb76199
                                                          • Instruction Fuzzy Hash: 1121F5B0E0421ADFCB44CF9AC9859AEFBB2FB88300F1584AAD414AB314D730DA418F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C26F10, Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1cf11d33e46e4509795f19b79e2209acba7d9f8906dcc20e6e962ee168831064
                                                          • Instruction ID: 9c662a3fe92496f09e76e7a78e12eedc86591f87945cf6804143df7fdeca5e5b
                                                          • Opcode Fuzzy Hash: 1cf11d33e46e4509795f19b79e2209acba7d9f8906dcc20e6e962ee168831064
                                                          • Instruction Fuzzy Hash: 3E216AB0D1522ADBCB04CFA5D880AAEBFB2FF95340F6484AAD815A7254D3309B408B60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C26F20, Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7d32bf3f74619cefe95ac330441ad253fa45bd1016b4f8e6d5083648115dd3c
                                                          • Instruction ID: 0513599585b47bcea6931d07bb1a0f08b8292246e59b0f8349423273661bcfb4
                                                          • Opcode Fuzzy Hash: e7d32bf3f74619cefe95ac330441ad253fa45bd1016b4f8e6d5083648115dd3c
                                                          • Instruction Fuzzy Hash: 35214974E1422ADBCB04CFA6D940AAEFBB5FB85340F50D4A9D819A7254D3309B00CF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 019A1C60, Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248161943.00000000019A0000.00000040.00000001.sdmp, Offset: 019A0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c71d6844669cbc6509dcf3054041ba9bbe2e74f9afb171f39a053bd6526093d
                                                          • Instruction ID: a1fe53685008f2a8f5f8cd2a428a1c798110ac5eb80f9f3caa34df3a007a0a91
                                                          • Opcode Fuzzy Hash: 4c71d6844669cbc6509dcf3054041ba9bbe2e74f9afb171f39a053bd6526093d
                                                          • Instruction Fuzzy Hash: C911B7B5908341AFD350CF19D880A5BFBE4FB88664F04896EF898D7311D231EA148FA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0359075C, Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248329156.0000000003590000.00000040.00000040.sdmp, Offset: 03590000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6393a9a8da92c21fd216028372f643ca103a5711166ec3634209e6d9a7a2130
                                                          • Instruction ID: da61f48ac00ecf61bed25ee27507d32e9861f873a2315f4c53e9454ab0e33aa7
                                                          • Opcode Fuzzy Hash: e6393a9a8da92c21fd216028372f643ca103a5711166ec3634209e6d9a7a2130
                                                          • Instruction Fuzzy Hash: 1C11C335204244EFEB05CB14D980B26BB95FB88718F28C99DE9491B6A2C777D403CA51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2A6F0, Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76507c67ca8fc5d08ee09fd3ab6222800b0eef76bd8849c9fb07cca6f4cede3d
                                                          • Instruction ID: a75a81527f7b3e7529171b75aab167e4a381c5c91dfa6b15dbbb8545a62e061d
                                                          • Opcode Fuzzy Hash: 76507c67ca8fc5d08ee09fd3ab6222800b0eef76bd8849c9fb07cca6f4cede3d
                                                          • Instruction Fuzzy Hash: A92102B4D0420ADFCB44CFA9D98059EFBF1FB88304F20956AD816A7764D7349A02CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03590724, Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248329156.0000000003590000.00000040.00000040.sdmp, Offset: 03590000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3d47b45ff8bdbe0654e1486733cd5918da380e0d974b9f2d7bcf8e2cfcde4d5
                                                          • Instruction ID: 08dd1b1b3635aab5a2b1146517843914733e34a2ad118af9bda1a35e6f8197fa
                                                          • Opcode Fuzzy Hash: b3d47b45ff8bdbe0654e1486733cd5918da380e0d974b9f2d7bcf8e2cfcde4d5
                                                          • Instruction Fuzzy Hash: 1E214C3550D3C48FDB07CB20D890B55BFB1AF46614F2D86DFD4848B6A3C22A9807CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2A6F8, Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c8e192efefe0f981762272b8958443887d3096254ed60f3711c7b44e857b80c
                                                          • Instruction ID: 80fc7688d3c0c94e63d66b540e4f0d850283bbfc5fab8ed70ed2def6b546fced
                                                          • Opcode Fuzzy Hash: 8c8e192efefe0f981762272b8958443887d3096254ed60f3711c7b44e857b80c
                                                          • Instruction Fuzzy Hash: A42110B4D04219EFCB44CFA9C9845AEFBF1FB88300F2095AAD816A7314E7349A41CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F33421, Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3dbc51be97230ddb87a5a496845413206e2d69bb341ecc0f4c7e15b6cc59115
                                                          • Instruction ID: fdab798da51e3d4a27e1806aca3b9e2e1f1b734b3adfdaa918dfb1cf019757fe
                                                          • Opcode Fuzzy Hash: f3dbc51be97230ddb87a5a496845413206e2d69bb341ecc0f4c7e15b6cc59115
                                                          • Instruction Fuzzy Hash: 9711ACB4E15209DFDB44CFB9D9046AEBBB2FF89310F14846AC406A7354EB348A40CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F33430, Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a84b042f774576931d8ff4c17d26d998c94f295584ed70054c8c12abdb0660d
                                                          • Instruction ID: 34260e36cfca69282b00df63ab59395863cbdd147059e30effa6ebf36a2e5707
                                                          • Opcode Fuzzy Hash: 8a84b042f774576931d8ff4c17d26d998c94f295584ed70054c8c12abdb0660d
                                                          • Instruction Fuzzy Hash: 7311ADB4E0520AEFDB44DFB9DD445AEBBBAFF89300F14846AC406A3354DB349A40CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C29932, Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3df84f3f4892f01076c750b4ca012e3d24ca4f108ed1584774a2694bd361e0cf
                                                          • Instruction ID: b67a4c3f706b50c453bdbe6a4507b5d8f799f39247ec0e71081715cc00bffe50
                                                          • Opcode Fuzzy Hash: 3df84f3f4892f01076c750b4ca012e3d24ca4f108ed1584774a2694bd361e0cf
                                                          • Instruction Fuzzy Hash: 62113C7090026ACFCB14DFA8E944A5EBBF1FB04309F249869D80AEB324E7349D01CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 035905CF, Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248329156.0000000003590000.00000040.00000040.sdmp, Offset: 03590000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 347df7c5faa1ed9917baa211c636e3bc6053b53eccf276de81959f72beb8cca2
                                                          • Instruction ID: 3510d2a9c7610c5163c1a919dc820be7dd0d9f85718be6a91deaeac141a63ef4
                                                          • Opcode Fuzzy Hash: 347df7c5faa1ed9917baa211c636e3bc6053b53eccf276de81959f72beb8cca2
                                                          • Instruction Fuzzy Hash: 1501A7765093805FD7118F16DC41853FFE8DF4673070984ABEC488B611D225B909CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2CBB6, Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5ee03880625dee17a8dac0b27c4078146dfd04a75998c5cd9a55635fb87573c
                                                          • Instruction ID: c1dc00ab2fc287d2459e1605705707df9feae36a7ea18fb9daab56cf786c7385
                                                          • Opcode Fuzzy Hash: f5ee03880625dee17a8dac0b27c4078146dfd04a75998c5cd9a55635fb87573c
                                                          • Instruction Fuzzy Hash: F6216F70948668CFCB61DF24CC583DABBB1BB8A305F1441EAD44AAA714DB365AC5CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C20049, Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8048641ad5b21bf6d88441eb938478cfb96433d76391f917dfd8d4bda47a3e35
                                                          • Instruction ID: 679c496b2fd2e74737a24fdcdc29db2c7fe88c0f02f40723253b3bfd33f7fb5b
                                                          • Opcode Fuzzy Hash: 8048641ad5b21bf6d88441eb938478cfb96433d76391f917dfd8d4bda47a3e35
                                                          • Instruction Fuzzy Hash: E4F0E27044B384AFC716ABB49C6566EBFB6DB87200F0518EEA44457193C9291E10C325
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C27008, Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1a0ade14e790f96fad221c08dd27aab38ddb286e16db52acbe82a235c997416
                                                          • Instruction ID: 4575bdfb6e17c519cff78a6c8fcaa86cae73ae6af7ccacd643d6d7211b64fb8c
                                                          • Opcode Fuzzy Hash: c1a0ade14e790f96fad221c08dd27aab38ddb286e16db52acbe82a235c997416
                                                          • Instruction Fuzzy Hash: C901D679A00204DFCB54DFA9C988A9DBFF2EF99300F15C099E908AB361D6319A51CB00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C0F3, Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e49d6b14221aead48375c20a050b8a1172edd5198232c9172074f5210eb0afaf
                                                          • Instruction ID: ebb5636803d9677478b78e3fd34e5841417c205dbd9fa66d7e3a67d7cf94c145
                                                          • Opcode Fuzzy Hash: e49d6b14221aead48375c20a050b8a1172edd5198232c9172074f5210eb0afaf
                                                          • Instruction Fuzzy Hash: 86014270E06219EFCB04CFE8E5805DCBBB1FB88310F20982AE025BA204D73199048F58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2CE97, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d142f866ddcc2e4213cb491e35b20b7d1e85c60b419c9edfe0751a039727b745
                                                          • Instruction ID: 76f3bbff9fce96ea1d84b108ae60667e68bfd35c46a213f968d073eba3dccde6
                                                          • Opcode Fuzzy Hash: d142f866ddcc2e4213cb491e35b20b7d1e85c60b419c9edfe0751a039727b745
                                                          • Instruction Fuzzy Hash: BF11A2B4902228CFDB259F64D86879DBBB5BB58300F1091D9E80AAB21ADB345FC1CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2CC9B, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81a33abdcfaa9e4d96bacdfc1793c2de58a54a69f259d9c55d995eba6c84ddd2
                                                          • Instruction ID: c3b72c1cca0374812ef11f79108aae3cd50ba3806afc856d7ef10b4cd500a277
                                                          • Opcode Fuzzy Hash: 81a33abdcfaa9e4d96bacdfc1793c2de58a54a69f259d9c55d995eba6c84ddd2
                                                          • Instruction Fuzzy Hash: 76119D74A04228CFCF65DF24D94839DBBBABB48245F1051EAD90EAA214DB745E81CF01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C8B8, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc0a3941bbc5f5642c37aa1ae3c3c57d3169a86c60c4e0f292ea821cc1c84e57
                                                          • Instruction ID: aec3c2e2027a28118d957d6db50d463bf75735f3fe5108f1070dbe51018c124a
                                                          • Opcode Fuzzy Hash: fc0a3941bbc5f5642c37aa1ae3c3c57d3169a86c60c4e0f292ea821cc1c84e57
                                                          • Instruction Fuzzy Hash: A111C5B0D4126ADFCB64AFA5ED487ADBBF1BB48740F2041E9D849A7255CB305E81DF08
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2D267, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a33aa5cc9ce0ef348e0455d71becdd68c1485038d42fcf7266bfc77b7022c07
                                                          • Instruction ID: 8c07a0bada09bce147819d62c9c83dc3d83d75bd101c2602ce243a266186a02a
                                                          • Opcode Fuzzy Hash: 4a33aa5cc9ce0ef348e0455d71becdd68c1485038d42fcf7266bfc77b7022c07
                                                          • Instruction Fuzzy Hash: 7011B0B4D9026DCFCF60DF65CC882DDBBB1AB59704F2086DAC80AA7254CA304E818F54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2D025, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8fb528022492185dda47add7a3b3d6172f8779211b35017d84e956e984a8049b
                                                          • Instruction ID: 16e1d10d6c2ac8f27a1d225cc558a39d4b4ef2360fb5fc98cba00ca1ce9ed910
                                                          • Opcode Fuzzy Hash: 8fb528022492185dda47add7a3b3d6172f8779211b35017d84e956e984a8049b
                                                          • Instruction Fuzzy Hash: 1811BD74904228DFCB609F25DC583E9BBB1BB49304F5095EAD90EA7364DB345AC0CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BAC5, Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 41bd8223c0ef016ca1111dbe8dbc2cf07084d8b86e433aa88224b666406eba88
                                                          • Instruction ID: 3ba64696a88abb5d08f61b34df96deabc0363c4f7364b2bb8553e96132c221a0
                                                          • Opcode Fuzzy Hash: 41bd8223c0ef016ca1111dbe8dbc2cf07084d8b86e433aa88224b666406eba88
                                                          • Instruction Fuzzy Hash: 10118A78E152288FCBA0CF64DD80B89BBB5BF5A200F1050DAD84DE7316EA305E808F11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C3B3, Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 730a93b61832eb2b85132e68d8e1b4e16c80a5d2dca1318101fc498958b4c6e9
                                                          • Instruction ID: 2b3afae159ede1281259596a8f7477eb32350cb188e5e9ca38da73017cda3bf4
                                                          • Opcode Fuzzy Hash: 730a93b61832eb2b85132e68d8e1b4e16c80a5d2dca1318101fc498958b4c6e9
                                                          • Instruction Fuzzy Hash: 1501D374A00228CFDB649F20DC547D9B7B2BB99305F108496EA4EA6258CB348E80CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C6B6, Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d97f96605dcd10170b425f2d65ad60c02f0502f3373a10df9c8a58978ebcd024
                                                          • Instruction ID: 1e92f240325cc5b8df19cf34df417ad3688ed3ea80daddc131a5cd0964015a57
                                                          • Opcode Fuzzy Hash: d97f96605dcd10170b425f2d65ad60c02f0502f3373a10df9c8a58978ebcd024
                                                          • Instruction Fuzzy Hash: BA11CE74915228CFDB60DF20DC883EDBBB5EB08744F2051DAE909AA2A4D7744F81CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C27018, Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f302a93214d8fc8ea679fe5d2517319053af81dd72741d1b2b03812390256a4b
                                                          • Instruction ID: 5ddd311aff35b0b373955f2e6db496a0c0e495d1833a3fb9a9aeeda637943dc7
                                                          • Opcode Fuzzy Hash: f302a93214d8fc8ea679fe5d2517319053af81dd72741d1b2b03812390256a4b
                                                          • Instruction Fuzzy Hash: B3F07979A00208AFC754DFA9C988A5DBFF6EF58300F15C099E908AB365D635D950CB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F3276F, Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfce4c01c80f1ebf9d9889bcedd8eb9bc4314f50356eb038ddd3d024f0cce961
                                                          • Instruction ID: ceccc67b9522a742f64c2b8e37c124fc92e719c2e7b4748e13bf7b2a91ea6df9
                                                          • Opcode Fuzzy Hash: dfce4c01c80f1ebf9d9889bcedd8eb9bc4314f50356eb038ddd3d024f0cce961
                                                          • Instruction Fuzzy Hash: 4101DCB191022C8EDB68DF64C8847DDBBB4BB49300F2481EA8629A7255EB305F85CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F3077B, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a486f487e841e9596cd9c8fe46d41f089fed1e5e162ac92c32e369fed8a61f8
                                                          • Instruction ID: b093a8e97d522fe09955661bfe11c884728daaaa0972fdd5d9427ee4ed62abbc
                                                          • Opcode Fuzzy Hash: 1a486f487e841e9596cd9c8fe46d41f089fed1e5e162ac92c32e369fed8a61f8
                                                          • Instruction Fuzzy Hash: 6C0163B4C0662ACFDB64DFA5CD84BADBBB5BB55300F1046DAC0497B280DB305A85CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03590818, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248329156.0000000003590000.00000040.00000040.sdmp, Offset: 03590000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                          • Instruction ID: 9de9e8dfdaa25260268051f0d704d98ebedb72ca88ca94f302bc98db2fe6c313
                                                          • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                          • Instruction Fuzzy Hash: 83F0FB35204645DFD606CB40D940B26FBA6FB89718F28CAA9E9490B662C3379813DE81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23FCF, Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e8a096ba9bb8c689dceb327b8ca87ec61d2a95c1f180d8d465e3dc26cccb33b
                                                          • Instruction ID: 7054d26854e716b09175f50ebf288df504fb16ab25d67bc845d2fe5eb4e86d21
                                                          • Opcode Fuzzy Hash: 6e8a096ba9bb8c689dceb327b8ca87ec61d2a95c1f180d8d465e3dc26cccb33b
                                                          • Instruction Fuzzy Hash: 72F0E231404305DFD726DB69EC0962C7FB8FB06315F10219AE405C70A0C6358581CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C9C4, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4276a5425cd79e5c836ead92a8da0de6fc082d07beda35bf70235def764f8466
                                                          • Instruction ID: cde19ffab6706a3e70dd7a3c49d2e373a8518012f8506d4e22814c461256de04
                                                          • Opcode Fuzzy Hash: 4276a5425cd79e5c836ead92a8da0de6fc082d07beda35bf70235def764f8466
                                                          • Instruction Fuzzy Hash: 3601C474A046688FCF659F20DC542AEBBB9BB49705F1491DAD819A7364DA305E81CF00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2CF89, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51b8dc46308b57985f75ccc56a2bec3b2080bf9b5bf689e3ee02d042238752cf
                                                          • Instruction ID: f028edd0d735f22ec51c9d6358317109578c914d3a7078ab63add2c605067ccb
                                                          • Opcode Fuzzy Hash: 51b8dc46308b57985f75ccc56a2bec3b2080bf9b5bf689e3ee02d042238752cf
                                                          • Instruction Fuzzy Hash: 5901D274A112288FCF65DF24CC9429EBBB9BF48704F1051EAD90AA7714DA305F80CF00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2C7B5, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8689eb6eab3d948522d7739cf6a72f4fabe9f22b667f4a027dd2b0eb79ec865b
                                                          • Instruction ID: b691dcd959cfc60954e2f3332b025ea59caa5ddda9da4a43bc9c90f587f533e7
                                                          • Opcode Fuzzy Hash: 8689eb6eab3d948522d7739cf6a72f4fabe9f22b667f4a027dd2b0eb79ec865b
                                                          • Instruction Fuzzy Hash: 2901807494022ACFCF64DF64CC546EEBBB1AB99308F1081EAC81DA7255DA305E819F40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30A99, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ee2d645c2b33b09ddc1b6934423ebc4b3fe8024aeddf056bbce4aafd989a616
                                                          • Instruction ID: 4afd2a8f418f02a24dc2f4e6ca722d0dfade0e9bd0532f29dc363b5374117d3d
                                                          • Opcode Fuzzy Hash: 8ee2d645c2b33b09ddc1b6934423ebc4b3fe8024aeddf056bbce4aafd989a616
                                                          • Instruction Fuzzy Hash: 670131B1E01329DECF24DF25C85079EBAB1AF46300F1485EAC1896B244DB344A81CF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2CF7A, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fdfea5f0206d82686d5d5bcbc0849f9d321bf9e71befa6624a8feb53ddcf1050
                                                          • Instruction ID: be3a4f90140bc0e32784f45d53762487db36ae5d59b29ff67d2ff3ea69b306db
                                                          • Opcode Fuzzy Hash: fdfea5f0206d82686d5d5bcbc0849f9d321bf9e71befa6624a8feb53ddcf1050
                                                          • Instruction Fuzzy Hash: A901EF749112288FCF65DF25CC946ADBBB9BB48B04F1051EAD90AA7314EA309F80CF04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F32A26, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6645be4397e9808fe626615f67f1f9c7d604f0279a165206f75c6f036742237
                                                          • Instruction ID: a3d89533030ad314c80de5fbe3cdd22c4eeb118f52e6ccd8c3152606909f30de
                                                          • Opcode Fuzzy Hash: b6645be4397e9808fe626615f67f1f9c7d604f0279a165206f75c6f036742237
                                                          • Instruction Fuzzy Hash: 1AF0DA71D503199EDB65CFA0CC45BDDBBB8AB09740F1450A6E609BB2D0DB709B84CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 035905F6, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248329156.0000000003590000.00000040.00000040.sdmp, Offset: 03590000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d50c6bb5335ed2f613d0925beba3083d563ce296aadec3230de590a39e4d653
                                                          • Instruction ID: a5d180aa2a70bb78c4b65f47b1c5cb70edfdc515162fdeab4eb98c451e5e7b0c
                                                          • Opcode Fuzzy Hash: 8d50c6bb5335ed2f613d0925beba3083d563ce296aadec3230de590a39e4d653
                                                          • Instruction Fuzzy Hash: 59E06DB66006004B9650CF0AEC81452F7D8EB84630718C86BDC0D8B701D136F5048EA6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F326E0, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 71e1276b165c9b0be3d01abb63fe49f51ad0552c32cba4d42048e0f2313a75bf
                                                          • Instruction ID: 8cb9586c7a7d1b3f6e43a459f2aa0c31cc73a78c177bd9ca7f8d88eb79a387cc
                                                          • Opcode Fuzzy Hash: 71e1276b165c9b0be3d01abb63fe49f51ad0552c32cba4d42048e0f2313a75bf
                                                          • Instruction Fuzzy Hash: B5018CB181222ACEDB25DF22C984BDCBBB1BB49301F4481D9D54967250C3319B94CF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F316B1, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3999614a2c9f12f0f689773589761f352f5e5c66967e269052435897c788812c
                                                          • Instruction ID: 1ecadd79ac62d4f3648645394da0a284163c95ac55a4d7b855555586e5bb43e9
                                                          • Opcode Fuzzy Hash: 3999614a2c9f12f0f689773589761f352f5e5c66967e269052435897c788812c
                                                          • Instruction Fuzzy Hash: ADF015B5D15208DFDB60DFB4EC196AD7FB0EB16311F1491A9C805A72A1E67A4950CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 019A1CCB, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248161943.00000000019A0000.00000040.00000001.sdmp, Offset: 019A0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31e1371987e60da9258d49494cc2893c8c6ce1beb3ba19c304ec231bc6a2bd53
                                                          • Instruction ID: 71631335a82bcd8b7be9f715b7946df1850744296aa334e97d6422d924e2b970
                                                          • Opcode Fuzzy Hash: 31e1371987e60da9258d49494cc2893c8c6ce1beb3ba19c304ec231bc6a2bd53
                                                          • Instruction Fuzzy Hash: F5E0D8B25512006BD210CE0ADC85B22FB98DB84A30F04C86BED081B702D072B5148AE5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 019A1577, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248161943.00000000019A0000.00000040.00000001.sdmp, Offset: 019A0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c02b9b5c1f453b7cb7974d4955fa88439b68e2cef2f59521cd8f9c4b1f5a03e7
                                                          • Instruction ID: f4f22e24a9a5b5e89d2246d2a49b31b321e2c5b7929bf3c4b3b65fcfad670d0f
                                                          • Opcode Fuzzy Hash: c02b9b5c1f453b7cb7974d4955fa88439b68e2cef2f59521cd8f9c4b1f5a03e7
                                                          • Instruction Fuzzy Hash: DAE0D8B29112046BD210DE0ADC85B23FB98DB80A30F04C867ED081B702D072B514CAE5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31408, Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de3086578f86126cbe0086bad4d83d07aa7f8ac085ad976fd996a6cac332e1a0
                                                          • Instruction ID: 2d3fea5f19b804ae141e1322b4eebc75637f4ca950df97a227d402ba9279f9cc
                                                          • Opcode Fuzzy Hash: de3086578f86126cbe0086bad4d83d07aa7f8ac085ad976fd996a6cac332e1a0
                                                          • Instruction Fuzzy Hash: 20F03970A0830AEFC746DFA8C85468CBBF1EF06214F0540EAD884DB391E3359955CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C20070, Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d6f6ab52e5bafcccaca9c6e1a192c3c326f36ccd657ddaad411621b8065889f
                                                          • Instruction ID: 270b1f2c7375d8536f1f7c0eaa42436c43cdc2f0c13843a1baa4d38c9e672442
                                                          • Opcode Fuzzy Hash: 5d6f6ab52e5bafcccaca9c6e1a192c3c326f36ccd657ddaad411621b8065889f
                                                          • Instruction Fuzzy Hash: A8E08670543104ABD708FBB9ED1566EB7B9DB86200F00286CB10523241CD716E109669
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30DCF, Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8b89997e93eae29bb91656d6e0ead149397327e1bc861483066b15ea5c63be2
                                                          • Instruction ID: 5c4f0483eb86965b2a7e5ea032e2c0c4bfa08c30e2d887168941c4acdff62420
                                                          • Opcode Fuzzy Hash: a8b89997e93eae29bb91656d6e0ead149397327e1bc861483066b15ea5c63be2
                                                          • Instruction Fuzzy Hash: 18F03970D483499FCB96DFB8981419CBFB2AF42310F1881BAC844A7251E6794951CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30C78, Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 066e733a0512522839cd2ceeda3af5084320ff109a5be1ff80cab0b240056e5c
                                                          • Instruction ID: 1c3f5e4e1900d664d861ad970161491cb9817c2c76528650726d13c3b9714249
                                                          • Opcode Fuzzy Hash: 066e733a0512522839cd2ceeda3af5084320ff109a5be1ff80cab0b240056e5c
                                                          • Instruction Fuzzy Hash: 68E09271D483499FCB52DFBC981529CBFF29F41200F1481EAC888D7342E6355911CB82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30D51, Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8d8f6f3fe4badb2177b9c888cbc8ab9def9d18048a8886e9d0765cceae8470c
                                                          • Instruction ID: d48070bce8ac64c89245e4d399232e43c3a00d2f248512daffc6b6f77e1b7a58
                                                          • Opcode Fuzzy Hash: f8d8f6f3fe4badb2177b9c888cbc8ab9def9d18048a8886e9d0765cceae8470c
                                                          • Instruction Fuzzy Hash: A7E0D8B1C08349AFC751DFB4980429C7FF0DF05600F0485EEC88496252FA395711CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F32544, Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7a2de8ec1617e28a09ebe578160daabb34a10e61e1c6e8c580993f7513298c11
                                                          • Instruction ID: b2312c2f50373bff19b773b3d2ca45feeab11bdcd379ed8c13041642c6a2fc64
                                                          • Opcode Fuzzy Hash: 7a2de8ec1617e28a09ebe578160daabb34a10e61e1c6e8c580993f7513298c11
                                                          • Instruction Fuzzy Hash: 7DF0AFB1D016298FCB24DF60CE48BECBBB5BB85302F1040EAD149A7254D7349E84CF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F316C0, Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 290dc622df22bdb43fd5fc4934273eb08397b26c08c9d3572301df78ec02c140
                                                          • Instruction ID: 50be57df79b6e00513279e8f5c7227fdb9381f58b8ffe4604f86c7e59de2bf26
                                                          • Opcode Fuzzy Hash: 290dc622df22bdb43fd5fc4934273eb08397b26c08c9d3572301df78ec02c140
                                                          • Instruction Fuzzy Hash: 1DE01A70D01308DFCB54EFB5ED09A6DBBB8EB45301F1051A9D805A3254E7755950CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2EC38, Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1dfc46642f9f177ee6acd1d3b06adc28a5248baef973ab59d5b0683c86acaf1e
                                                          • Instruction ID: c6a1f00f0998b9aa5ba80bb9935989569de0931ebc9f76b294b27e92ac66e418
                                                          • Opcode Fuzzy Hash: 1dfc46642f9f177ee6acd1d3b06adc28a5248baef973ab59d5b0683c86acaf1e
                                                          • Instruction Fuzzy Hash: 33E0E5B5D04218AFCB54EFA8C8006AEBFB4FB08301F1086AAD958A3340D7759650DF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F315F0, Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a5520bd1d8d900a39e3f42ab47a590b9e8013b071486593e4f7089f163b60f9
                                                          • Instruction ID: f290d2e556fca5985b2cb3f3efe76327ad4a695c46d5b7a0a8fdcc8941a8dcc5
                                                          • Opcode Fuzzy Hash: 4a5520bd1d8d900a39e3f42ab47a590b9e8013b071486593e4f7089f163b60f9
                                                          • Instruction Fuzzy Hash: D4E0E570E282499FCF94DFACD8183ECBBB1EF84314F1481AED848A3251D2355655CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C20B88, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 001ab59487cd2343ae8912da9a62f428f6d292466be679fa6d1144c15ddeff2f
                                                          • Instruction ID: cc23db7131652b8f30a5115c208c9d008c0dea5ccb6c1baa88bfd2fb4c432e48
                                                          • Opcode Fuzzy Hash: 001ab59487cd2343ae8912da9a62f428f6d292466be679fa6d1144c15ddeff2f
                                                          • Instruction Fuzzy Hash: 41E0C271802208DFC319CF64ED466A9BB78EB42308F2011EFD804AB270CA766B11CB10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2254F, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1c72db7c2e91f023c1415adedbe3d9bb632e127eee82e896d92c858e2b109ba
                                                          • Instruction ID: b0645a86b657b41035513031e7a0a4650383aaaff9b095bf4f0d505ffcfade17
                                                          • Opcode Fuzzy Hash: d1c72db7c2e91f023c1415adedbe3d9bb632e127eee82e896d92c858e2b109ba
                                                          • Instruction Fuzzy Hash: FCE02630849304CFCB02EF78EC192A87F70EB03305F0051FBD84457162D2314224CB22
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2EC88, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 85af145328c94345e67aac4278a5ba42a5152989b8d9fcd88067cbd49a0e255c
                                                          • Instruction ID: dcf633e3001820cd2b1b2c9a3516e4919ce3f610165a4741d5c496b033433cd2
                                                          • Opcode Fuzzy Hash: 85af145328c94345e67aac4278a5ba42a5152989b8d9fcd88067cbd49a0e255c
                                                          • Instruction Fuzzy Hash: 3AE012B1D00218EFCB44EFE8C8446ADBBB5FB08300F1086BAD818A3310D7719A51CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F314D1, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bbb3a7f2fae1f80ce7880854fbb0d4099acf672924ed2f2b1d2bed60bcad0a09
                                                          • Instruction ID: 1e5df66d3fe84fdec7beae8ebd11bdeced98f8e6451e584fbccf223921569f1d
                                                          • Opcode Fuzzy Hash: bbb3a7f2fae1f80ce7880854fbb0d4099acf672924ed2f2b1d2bed60bcad0a09
                                                          • Instruction Fuzzy Hash: 54E01A71E08248ABCB95DBB8D8447EDFFB1EF45315F1481AAD84863201E6321965CB44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F33539, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd32c0a63f5feb37850b0a2db643b0f664ced61767cee778695017de18d101bc
                                                          • Instruction ID: 428fc1d1c5cc90f3676eb47d012b9276f706d613590dc5109db6ff76cad2673e
                                                          • Opcode Fuzzy Hash: cd32c0a63f5feb37850b0a2db643b0f664ced61767cee778695017de18d101bc
                                                          • Instruction Fuzzy Hash: 4CE0ECB1C29345DFDB95EBB89805299BFB0EF16306F1405BEC808A62A4F6768A54CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2DBC3, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a54559971e1ca0d2f206bb2561898ed2b34ea1a7b8230b4f486d716d775a2670
                                                          • Instruction ID: ae9c06868285efbb1461da9d01f08742187f2ea55d34703d32b4f075323a4f59
                                                          • Opcode Fuzzy Hash: a54559971e1ca0d2f206bb2561898ed2b34ea1a7b8230b4f486d716d775a2670
                                                          • Instruction Fuzzy Hash: 57F092749052B8CBEBA4CE94C888AACB770AF64341F1082D8D40A67264CF709EC0CF02
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C266D3, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac55fd1a376f8f46c4b1f213a61c451d9a879c0d13b9ca480a3b0f14da91e70c
                                                          • Instruction ID: 68c9d2f732cf9b120e9af445eb717cda642c1009aa9ff65cf60067330a3dbd86
                                                          • Opcode Fuzzy Hash: ac55fd1a376f8f46c4b1f213a61c451d9a879c0d13b9ca480a3b0f14da91e70c
                                                          • Instruction Fuzzy Hash: BDF01F74916328CFCB61CF69C980AD9BBB5FB08304F5051D5E449A7310D7319E81CF00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2F4A8, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 256220fdcc6756ca06812f293a6501e7cf347b5e53cfb196c9189cea728819a9
                                                          • Instruction ID: 0095fad9f6967532716caba05a067137e64e474acbb8f063ccfd548a577090b9
                                                          • Opcode Fuzzy Hash: 256220fdcc6756ca06812f293a6501e7cf347b5e53cfb196c9189cea728819a9
                                                          • Instruction Fuzzy Hash: 15E08631D0420DEFC754EFA8D84465CBBB5EB44204F1081ADC908A7344DB745A40CF46
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30D91, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6cbddfc3888a6a3d245a5fc424f2760e6f2989af4d475fc5de4b07b2a6ea9bcf
                                                          • Instruction ID: 11297c1e4a0ea4164ad8dbb6fb27b0af72b2e7f886c96bc7383ca81d6fb4f78a
                                                          • Opcode Fuzzy Hash: 6cbddfc3888a6a3d245a5fc424f2760e6f2989af4d475fc5de4b07b2a6ea9bcf
                                                          • Instruction Fuzzy Hash: 0CE012B0D14248DECB91DFB8C80929CBFB0EF15308F0441FEC808A3251E6755504CB01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31671, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2212d53e6c4ab7a7df6f2e5f5fda2383d91ca1ee339985e585dca0f03cd6a27c
                                                          • Instruction ID: 5d58d1086f4425882836fd91a0b0200d7999f1f42879bae66a251a1897e3a3a8
                                                          • Opcode Fuzzy Hash: 2212d53e6c4ab7a7df6f2e5f5fda2383d91ca1ee339985e585dca0f03cd6a27c
                                                          • Instruction Fuzzy Hash: BDE08CB6C64208DACB50EBB8DC067AD7FB09F12304F1805AACC08A6290E2794594CB10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2F668, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b3e72751988083359b0fc8f88074f35c12b5a24bb315c68cf764c15432862de
                                                          • Instruction ID: ce56952a944db90812abda99b64bf8d9120cc669a83ee5601bf38aa3dbf6d6e6
                                                          • Opcode Fuzzy Hash: 4b3e72751988083359b0fc8f88074f35c12b5a24bb315c68cf764c15432862de
                                                          • Instruction Fuzzy Hash: 31E0E270E0420CEFCB64EFB8980429CBBB4EB44205F1081AEC908A2350E7759A54CF81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2F620, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ac193c4e4f66c0693f4d40e041c1faf21a7c98bb15c9bcce10d567f5bb6af86
                                                          • Instruction ID: 72bc832fb1d76c3cf56853c2f23378835dfaed1daa1530de7bad37eaa0734e2d
                                                          • Opcode Fuzzy Hash: 8ac193c4e4f66c0693f4d40e041c1faf21a7c98bb15c9bcce10d567f5bb6af86
                                                          • Instruction Fuzzy Hash: 62E0EC74D04208AFC764EBB9940426CBBB5AB04605F1041A9D984A2250E6799650CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30DE0, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d37323fca6e3f6a6d8775be5df601f0823d1ca9cf9f8984ac91899184eecf8ea
                                                          • Instruction ID: ba328b3471583f8866e7c28242dcce5b0a733e7475e90193a14eb7314c2b5744
                                                          • Opcode Fuzzy Hash: d37323fca6e3f6a6d8775be5df601f0823d1ca9cf9f8984ac91899184eecf8ea
                                                          • Instruction Fuzzy Hash: 8BD05B70D0420C9FCB54EFB8D90465DBBF5EB44300F10C1AAC80863340DA345550CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F314E0, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa86f3bed86ae10a69ebbccca4b714e5f6a73cb725be0559f7af05c472dd821a
                                                          • Instruction ID: 1449cede5c9e75e7ec6abb7a7ad62fb2d3c92f58fa28e3b68332cf5f6b2d3e39
                                                          • Opcode Fuzzy Hash: fa86f3bed86ae10a69ebbccca4b714e5f6a73cb725be0559f7af05c472dd821a
                                                          • Instruction Fuzzy Hash: F9D017B1D0420CABCB54EFA8D9486ADBBB5EB44300F1481AAC808A3340E6341A51CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31418, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f716c7635d67d9c80dc0edf15932997b851433e6e96c81a389402dfe27d95a7a
                                                          • Instruction ID: 060df46051a5d851429ab597de06d5fe1e4d25c5eb4db7b9420c1dd6f8097d3c
                                                          • Opcode Fuzzy Hash: f716c7635d67d9c80dc0edf15932997b851433e6e96c81a389402dfe27d95a7a
                                                          • Instruction Fuzzy Hash: 6BE0EC74D042089FC754EFA8D44869CBBF4EB04305F1041E9D84893350E6359954CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2F5A0, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90c9447aa76bd472fbdf788d7c80f54ab5feca3c1936a592677b0b2dd1303117
                                                          • Instruction ID: 487342921575704f60931b1231b691ffc02c82111102c46d0db40535bb047a75
                                                          • Opcode Fuzzy Hash: 90c9447aa76bd472fbdf788d7c80f54ab5feca3c1936a592677b0b2dd1303117
                                                          • Instruction Fuzzy Hash: 65D017B6D0420CAFCB54EFA9D8086ACBBB4EB04204F0081AAD908A3344E6345A51CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BD69, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11d5624ce5574311c741807420092c902039ee7b1f51b59694762c89c4c63c96
                                                          • Instruction ID: 66647ffd7e1d441bf92a187cd3dd19273a03f39bf270ba439cfbdc2122165b9b
                                                          • Opcode Fuzzy Hash: 11d5624ce5574311c741807420092c902039ee7b1f51b59694762c89c4c63c96
                                                          • Instruction Fuzzy Hash: B0E012B4C46229DFCB21CFA0D6842EEBBB0FF06700F20191AD452B2654D3705B42CB22
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BA13, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb4dc956059e05c2863dc7098c05cd39ef6c4cd137259cc8260dba136989c3e8
                                                          • Instruction ID: c32ca1f4419a0132276870953e51c6776a0ec4f5a93673f9068b1398ac1bac49
                                                          • Opcode Fuzzy Hash: eb4dc956059e05c2863dc7098c05cd39ef6c4cd137259cc8260dba136989c3e8
                                                          • Instruction Fuzzy Hash: ECE07575C05268DFCB64DF71D98469CBBF4BB18211F60A4AAE449E3254DA344AC4DF20
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30DA0, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 53707374a5e67fa2dd889eec17c7d2e83e3abbe66522b480c9e3254ad38c7cdd
                                                          • Instruction ID: 86138a1f0abdc50fdc10b4dad371bbaf9064246067f73e2f78147a7e3a07000f
                                                          • Opcode Fuzzy Hash: 53707374a5e67fa2dd889eec17c7d2e83e3abbe66522b480c9e3254ad38c7cdd
                                                          • Instruction Fuzzy Hash: 27D017B0D00208AFCB94EFA8D90829CBBF4EB04304F0081AAC808A3340EA746A50CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30C88, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3f688d50517a12572b7036d75286a075992e978569aab4b5366b3dfc62e3e74c
                                                          • Instruction ID: d79d0fffd5514f29b08e787e1c0c4ac16f4b4a08579a569a5d4725c11cf488c0
                                                          • Opcode Fuzzy Hash: 3f688d50517a12572b7036d75286a075992e978569aab4b5366b3dfc62e3e74c
                                                          • Instruction Fuzzy Hash: 49D017B1D00208AFCB54EFA8D80939CBBF4EB44701F2081AAC848A3340EA355A10CF82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F30D60, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2079755253e2c192cdb642611e1ae133688fcd8838455b4d5c0135ae490823ae
                                                          • Instruction ID: b8476845c129a1386013caff6453ceba203f257714fa52bcbcee8be8b141b613
                                                          • Opcode Fuzzy Hash: 2079755253e2c192cdb642611e1ae133688fcd8838455b4d5c0135ae490823ae
                                                          • Instruction Fuzzy Hash: D2D05BB0D0430C9FCB54EFB9A80436CBFF49B04701F1045EAC88492340EA345650CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31449, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6273b0b8912cfa6e78e31a3c09e22fbccc12d3684921bd366fc23ecc328d3c11
                                                          • Instruction ID: 7fc1b349fdc3752cbc5dac6c07a204e62cb11a66fc0478632ea303965131d9c0
                                                          • Opcode Fuzzy Hash: 6273b0b8912cfa6e78e31a3c09e22fbccc12d3684921bd366fc23ecc328d3c11
                                                          • Instruction Fuzzy Hash: 37E0C2709082899FC740EBBCDC083ACFFB1EB07312F0406D5D48892202E2320168CB82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F33548, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 45acb4affdf66e7f3596aea4651b294c7d12eeec3e636d778d02cfcc7ffc4df1
                                                          • Instruction ID: 93ad393ad9b99d8230354ec36eecc34c3e90ed61b1dabf0041a986dc08e13baf
                                                          • Opcode Fuzzy Hash: 45acb4affdf66e7f3596aea4651b294c7d12eeec3e636d778d02cfcc7ffc4df1
                                                          • Instruction Fuzzy Hash: B4D05EB1C053099FC758EBB89804368BBB4AB00306F1005ADC80852254EA329990CB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31600, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7aa32f77ef8611ed89d4128ccb4c7fc2eb42b2ee3476d2d296ffcf6239feef1f
                                                          • Instruction ID: 46e69c45325a6242dcce73296aff73771d86b3aec714821a1488496783b4a45e
                                                          • Opcode Fuzzy Hash: 7aa32f77ef8611ed89d4128ccb4c7fc2eb42b2ee3476d2d296ffcf6239feef1f
                                                          • Instruction Fuzzy Hash: 5CD017B4D1020CAFCB54EFA8D8052ACBBB4EB44200F0481BAC808A3350E6385A54CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31680, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52e22b84887f908e3667ef9e8cf64cf217adcb135dc5ef9b3903233ee579b92b
                                                          • Instruction ID: b07aacd61465c480889c2fb0dff97e3c8aa05d9b43096ff25867327613ed49f3
                                                          • Opcode Fuzzy Hash: 52e22b84887f908e3667ef9e8cf64cf217adcb135dc5ef9b3903233ee579b92b
                                                          • Instruction Fuzzy Hash: 6AD0A9B4C0020CEBC764FBB89C0837CBBB8AB00301F2009A9C808A3280EA705A90CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F32B1C, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c29545c6f809ada6ad8fd95e93e8169f0c15d660aa31a9a3bb513cdfa17f81ef
                                                          • Instruction ID: 06943fa87e6bc981f57fdacc9df2d16678ed6eeb119057b10c69e1b9874a11ae
                                                          • Opcode Fuzzy Hash: c29545c6f809ada6ad8fd95e93e8169f0c15d660aa31a9a3bb513cdfa17f81ef
                                                          • Instruction Fuzzy Hash: 53E099B6C052298FCF24DFA0CA44BDDBBF6AB59340F1080EAA198B2250D6355B91CF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2D1CF, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b25c1360e2f2d09c0fdc9950ea178ca846d634b6740066aad56fba1b12a3f6b0
                                                          • Instruction ID: 85d0bfd18cbfeacee7c6b75010a7952f82b60b7a3c002b279641dd1c29a2e2e4
                                                          • Opcode Fuzzy Hash: b25c1360e2f2d09c0fdc9950ea178ca846d634b6740066aad56fba1b12a3f6b0
                                                          • Instruction Fuzzy Hash: 24E01AB4904328CFCB60DF20DD4868DB7B0AB05304F0095E6C55AE7221CA305A808F00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C23FE0, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c145557fa057d1c63048518ce4883f9b5ae8ce5e40639227a74e72dec9c21411
                                                          • Instruction ID: bcee0e1b66b300fede9481adbf2f1e76e6c13e4244f935f9516e0a40787471c7
                                                          • Opcode Fuzzy Hash: c145557fa057d1c63048518ce4883f9b5ae8ce5e40639227a74e72dec9c21411
                                                          • Instruction Fuzzy Hash: D2D0C9724442099BC320ABBAAC0D6297AECE70A316F0165A5E909D3164EA7555A0CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C20B98, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7082de004f20187347b29bb713407f05ceec606f17ea002e6a5a49110a993a7b
                                                          • Instruction ID: d1a3eaabbf6b9c20fb98c05ad567dd3a93d990fe2f3dc4125cfbbe9fb09f8e18
                                                          • Opcode Fuzzy Hash: 7082de004f20187347b29bb713407f05ceec606f17ea002e6a5a49110a993a7b
                                                          • Instruction Fuzzy Hash: FBC0127080520CDBC718DF98DD0676DB769D701604F1011A9E80423350DE756E60C6A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C22560, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3448690374fd7ed4bb4435fd49b30045ff795e626dba8e826089cb5167f6b75c
                                                          • Instruction ID: ee826e00025df742945974e5a4f82a119a11e4770915baf5c012489896fc65c7
                                                          • Opcode Fuzzy Hash: 3448690374fd7ed4bb4435fd49b30045ff795e626dba8e826089cb5167f6b75c
                                                          • Instruction Fuzzy Hash: 60D0C970C452089BD714AFA8ED09269BFB4E702306F1051B9E84822254D67556649BAA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C24732, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c14d842f7c4a414a1ebe89c97305a0202623a5a473affc593c9adc3e4b7a3bec
                                                          • Instruction ID: 35f85918bc68b19b76b51c6442fee8f5a989f5d949d0607cfad92ab327f208bb
                                                          • Opcode Fuzzy Hash: c14d842f7c4a414a1ebe89c97305a0202623a5a473affc593c9adc3e4b7a3bec
                                                          • Instruction Fuzzy Hash: 76E0B670912269DFDB54DF64DD80B9CBBB2FB44300F1056DAD80AAB254DB346E80CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F322F5, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f17f30809fa6593209feb05780ae4eca190486becc441b8e89d282f069c08e4e
                                                          • Instruction ID: 66e09de2e3719a1992bea8f787a123cb7193d8c8f2b404e3ad7761b8f06aa020
                                                          • Opcode Fuzzy Hash: f17f30809fa6593209feb05780ae4eca190486becc441b8e89d282f069c08e4e
                                                          • Instruction Fuzzy Hash: 7EE08C74D0561D9BCF20CF90CD90B8DBBB0BB08340F1080DA9628BB280CA306A808F04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31458, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd2732614add97e70c8e6bfa5853ae9ffb2634e1414a0be69f782a32fd450cd5
                                                          • Instruction ID: 70aab4a3cad41c1d7668c3b426dcc31c5dc8dd804a254f01ee0a68f14c214c69
                                                          • Opcode Fuzzy Hash: fd2732614add97e70c8e6bfa5853ae9ffb2634e1414a0be69f782a32fd450cd5
                                                          • Instruction Fuzzy Hash: 23D0A9B1C0421C9FC780FBBCE80925CBBF8EB04201F1009A5C888A3300E6302658CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BE44, Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df9c3a8aa98bb8beef40e6a15b0974d22e7e6a88fc8091b70dbc511e7c8a1e8d
                                                          • Instruction ID: a5c1eb7a4179df7372681f349f8f08023e9317f5fc8525b9311af1d9d6eeea7a
                                                          • Opcode Fuzzy Hash: df9c3a8aa98bb8beef40e6a15b0974d22e7e6a88fc8091b70dbc511e7c8a1e8d
                                                          • Instruction Fuzzy Hash: 10E0B670E05368CFDB60CF64D884B9DBBB1FB49201F20A099E049A3214D7345E90CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31F8B, Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d57918dc0b175dab96b78d426c2db25831973f078025381954209dd3e68c89d
                                                          • Instruction ID: 56207f2aa3d07275d8cc2abefb17a0a5c93c9fc01854df5f9101ba81d7cac343
                                                          • Opcode Fuzzy Hash: 0d57918dc0b175dab96b78d426c2db25831973f078025381954209dd3e68c89d
                                                          • Instruction Fuzzy Hash: 27E0E2B5926229CECB24CF60C9447DABBB0EB12340F4054EA8189A6240DB344BC1CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2B8F1, Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 293b10773c2236c6b28becec6bbec86849ad4e5f620d863eba604ab6cc56a980
                                                          • Instruction ID: 89431758c946b4c38b2fcfc75e79673f82d7f583a9898bbc8949bb940ffb3d44
                                                          • Opcode Fuzzy Hash: 293b10773c2236c6b28becec6bbec86849ad4e5f620d863eba604ab6cc56a980
                                                          • Instruction Fuzzy Hash: 0BD05E35C14219EFCB18CFB1E6886DCBBB0AF64310F40202AE041E2264C7744A80CF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C25FB6, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58a23bd4bbd0a6c95114ed73d080dcb56366be2e1459b85c3636b12f4022ceb5
                                                          • Instruction ID: cfa577d911ea01079e3c48b73b716e196f271b6189bf23833623c5b02e7d94e1
                                                          • Opcode Fuzzy Hash: 58a23bd4bbd0a6c95114ed73d080dcb56366be2e1459b85c3636b12f4022ceb5
                                                          • Instruction Fuzzy Hash: A3D06C74501324CFC7648F28DA949997BB2EB49392F511198E40A5B2A5CB32DAD1CF00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C29454, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 411c2fa98069a36abb358750e602823b6628fd23e9462b397d9afa9b98b05dfb
                                                          • Instruction ID: 89b811ec75a88bd9b12c28c362f489d6516abfde54b6bba16d79b430960dde0e
                                                          • Opcode Fuzzy Hash: 411c2fa98069a36abb358750e602823b6628fd23e9462b397d9afa9b98b05dfb
                                                          • Instruction Fuzzy Hash: 74D05E30D0233ADFCB10DF64EA80B8CB7B2FB44200F0008A48508AB105D7309F41CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F321DF, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27df2c031b7124fb01ffb3a18324fb0815950b5f75ccc06a3399c852fe9b8ce4
                                                          • Instruction ID: 9d7c82f700fb77c016f25feb5a90915007bf675f824e87b66d2d453dfa425b71
                                                          • Opcode Fuzzy Hash: 27df2c031b7124fb01ffb3a18324fb0815950b5f75ccc06a3399c852fe9b8ce4
                                                          • Instruction Fuzzy Hash: BBD06CBA8042288ACB24DF60C8887DCBAB1BB26341F004AEAC08966244CBB45BC0CF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31F4E, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dffb900b54098f6d5d3ac931dcd77ed4151ff8e72de2bee3ca9c6a0072e07fe3
                                                          • Instruction ID: 18431d24c3c4a0e4be317a0b8f55766abe715972c903f1fbee79607e7937d46b
                                                          • Opcode Fuzzy Hash: dffb900b54098f6d5d3ac931dcd77ed4151ff8e72de2bee3ca9c6a0072e07fe3
                                                          • Instruction Fuzzy Hash: 2BD0177480622BCBCB60EF14CE40B99F7B1ABA6200F0004EA8608AB200DA304ED08F04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BB79, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e307a052a5347344dab7eaaffc85650667da187790d3fd229a3b4445347d25b1
                                                          • Instruction ID: 30ab2091a9a7426727fa5771067e78ce70c141a147efbb79a75fc73fa82fde02
                                                          • Opcode Fuzzy Hash: e307a052a5347344dab7eaaffc85650667da187790d3fd229a3b4445347d25b1
                                                          • Instruction Fuzzy Hash: 9AD09274C05249DFCB14CFA1E6814ACBFB0AB4A350F64201AE45AA7254D6384641CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F32473, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eac816e99ce9c95da8ded415da5ada963a7e69e766dfd84d0e9eb44c7222d7f7
                                                          • Instruction ID: 77d1189851b71e7d5b8f5a1f4458200aa5e48cb2b4d4d127cbfc34f73108b6d9
                                                          • Opcode Fuzzy Hash: eac816e99ce9c95da8ded415da5ada963a7e69e766dfd84d0e9eb44c7222d7f7
                                                          • Instruction Fuzzy Hash: 2DD0C9BA8206698FCB20EF64C9402ECBA70AF26360F5092EA8095B71D0DE340BC1DF04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BC5A, Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51fb59ba1ff8540789dd2f8aaae7aad3958e21cdc1b6c8edcdb67430c327da20
                                                          • Instruction ID: 713369ca7d8e549b9815ac6c9c9541514415b2e886a5e48afb499090cc1faf88
                                                          • Opcode Fuzzy Hash: 51fb59ba1ff8540789dd2f8aaae7aad3958e21cdc1b6c8edcdb67430c327da20
                                                          • Instruction Fuzzy Hash: 38C08C30004294EFC7608B20EC8468B3F64EF40310F609140E283A6024C7308D805B00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2B8A2, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55ada59c720be8c41e500925c5ba1fb7f7d823e91a8dde20796c8b4af1ceeb20
                                                          • Instruction ID: 352dcaee26b319755463078ff1eb21c375901d02b9fd91d3c260ff9e6761efe0
                                                          • Opcode Fuzzy Hash: 55ada59c720be8c41e500925c5ba1fb7f7d823e91a8dde20796c8b4af1ceeb20
                                                          • Instruction Fuzzy Hash: 0CC08C304D6A06FBCB428FE1E2814A9FBBCFF10A21B142882900296224EB30D648C7A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BCA3, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef81b5cd74a251f5b9c817ead87463159369d710822cc105c88fcc2ee67c2a24
                                                          • Instruction ID: 0a6207c79a49a6afaa11fa5fdb8667e49eb757c8b3a4bb744fbfb2c593df1536
                                                          • Opcode Fuzzy Hash: ef81b5cd74a251f5b9c817ead87463159369d710822cc105c88fcc2ee67c2a24
                                                          • Instruction Fuzzy Hash: A6C08C31886306DBC300CFB0ECC001DBB39EB12321F103819D00297028CB309990CF70
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F324A4, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be7456fc2aef899b5961812939784d1922c2c1d33519d1a4bcc74f829a0c8a50
                                                          • Instruction ID: 1782449bba1c204441e48379c7656d5622712d8dab84d6f4461a0ac8b64c0e4d
                                                          • Opcode Fuzzy Hash: be7456fc2aef899b5961812939784d1922c2c1d33519d1a4bcc74f829a0c8a50
                                                          • Instruction Fuzzy Hash: D0C08C70C1220A8EC7208E20CE00668B774A717241F007086C10EA7008D630C1518A08
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2BBE0, Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 80b2fdb0e446f8b04a13d98e1aeeab3d5f47575017bce8acdcc983d87e9cd6db
                                                          • Instruction ID: 2c930e1fa8670d2d139eed3116ac9ab176a2651fd9a0c2dc0a3760698adcabe1
                                                          • Opcode Fuzzy Hash: 80b2fdb0e446f8b04a13d98e1aeeab3d5f47575017bce8acdcc983d87e9cd6db
                                                          • Instruction Fuzzy Hash: 6AC09230540294DFC710CF61EC88A5E7B79FF55321F109188D64AA3228CB306C80CF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 01C2A960, Relevance: 4.0, Strings: 3, Instructions: 231COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D$h*gU$h*gU
                                                          • API String ID: 0-407569187
                                                          • Opcode ID: 317d8ebccf59950ee775eeb969022325c4cdb0140afe1b8c9340530fba996b0e
                                                          • Instruction ID: f003cef48fe7252ad2ef9594fce440524eaa5c044888134645dd7ab6351a5513
                                                          • Opcode Fuzzy Hash: 317d8ebccf59950ee775eeb969022325c4cdb0140afe1b8c9340530fba996b0e
                                                          • Instruction Fuzzy Hash: F9A13474D0521ACFCB04DFAAC6819AEFBF2FF89310F24851AD415AB754D634DA418FA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2A950, Relevance: 4.0, Strings: 3, Instructions: 227COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D$h*gU$h*gU
                                                          • API String ID: 0-407569187
                                                          • Opcode ID: bd59d32397584ad2c36de378af122bee64feb12b0ef75aba0aab359c66f50dd5
                                                          • Instruction ID: a89a5262a9f92cf52147acafc3099c3b745a299ef77af15dd12a6bded83cab59
                                                          • Opcode Fuzzy Hash: bd59d32397584ad2c36de378af122bee64feb12b0ef75aba0aab359c66f50dd5
                                                          • Instruction Fuzzy Hash: DAA14374E0521ACFCB04CFAAC5819AEFBF2FF89310F24856AD414AB654D634DA41CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C276C0, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: |Sev
                                                          • API String ID: 0-3485145914
                                                          • Opcode ID: 6162d5fecffe13b909e8b2ee2e15b4c9063d36a198f94540ee458c6ed5737400
                                                          • Instruction ID: fbf18131d58e785d65e3a2340db9413ab95bd2810517b308a5a9620f602f1288
                                                          • Opcode Fuzzy Hash: 6162d5fecffe13b909e8b2ee2e15b4c9063d36a198f94540ee458c6ed5737400
                                                          • Instruction Fuzzy Hash: 7171CD74E25219EFCB44CFAAD485A9DFBF1FF98310F14949AE419AB214D334AA40CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C276BA, Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: |Sev
                                                          • API String ID: 0-3485145914
                                                          • Opcode ID: fca9bdc5eb35f978e45705a380b71a9e87675b5955224950978a497fc1e4e1c0
                                                          • Instruction ID: cf6fc5f9284805df97725ceaf79c2be708774ea9a4b456ee4e2011f4affe3f66
                                                          • Opcode Fuzzy Hash: fca9bdc5eb35f978e45705a380b71a9e87675b5955224950978a497fc1e4e1c0
                                                          • Instruction Fuzzy Hash: 5871CC74E25219EFCB44CFAAD485A9DBBF1FF99310F14D49AE419AB224D334AA40CF11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28A98, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7i_N
                                                          • API String ID: 0-2818163367
                                                          • Opcode ID: 2398a9f678b52e3322133b6a35fcabba733509d7af50e88859ad431e54b8d900
                                                          • Instruction ID: 9a846f1acf2c72c7a178112a21805899d2a7953a7ccc092a72fc4ef0655ba0dc
                                                          • Opcode Fuzzy Hash: 2398a9f678b52e3322133b6a35fcabba733509d7af50e88859ad431e54b8d900
                                                          • Instruction Fuzzy Hash: 9841F7B1D0521ADFCB04CFAAC9824AEFBF1FF88300F24956AD405AB214D7349A41CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28AA8, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7i_N
                                                          • API String ID: 0-2818163367
                                                          • Opcode ID: 53911bba08b0eb7e2a735d52b523d07bb4c3579d50fee271db40a8820aad7bd8
                                                          • Instruction ID: 7eb8ca0fa964d78007321baa48f9f7e73ee974ae5b24c33d97c6bc3d5b720973
                                                          • Opcode Fuzzy Hash: 53911bba08b0eb7e2a735d52b523d07bb4c3579d50fee271db40a8820aad7bd8
                                                          • Instruction Fuzzy Hash: BA41D4B1D0521ADBCB04CFEAC9824AEFBF1FB88301F24956AD515BB214D7349A41CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00FB608D, Relevance: 1.0, Instructions: 1003COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.247452541.0000000000FB2000.00000002.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.247441098.0000000000FB0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000000.00000002.247544065.0000000001072000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c5135edf061b6bf509c06daa38cae76eec530e37efd9f9d0704cffc18f72052
                                                          • Instruction ID: 26dc23d23f81bdd98553a1e3475b863ec50147d54c61ce536d6e33968de371cc
                                                          • Opcode Fuzzy Hash: 5c5135edf061b6bf509c06daa38cae76eec530e37efd9f9d0704cffc18f72052
                                                          • Instruction Fuzzy Hash: EB82286244E3C28FC7134BB49CB55D17FB0AE6722471E09DBD4C08F0A3E25D5A9ADB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00FB6281, Relevance: .7, Instructions: 742COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.247452541.0000000000FB2000.00000002.00020000.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.247441098.0000000000FB0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000000.00000002.247544065.0000000001072000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b6fe9413e0b41640c16929bc6bf8de19ea03336e6b2c2462f6e0ea71ef38a55
                                                          • Instruction ID: f76a78eb6996fd2606ee2398dc9ac32ea768e967589a294afd43e84fbed8206d
                                                          • Opcode Fuzzy Hash: 9b6fe9413e0b41640c16929bc6bf8de19ea03336e6b2c2462f6e0ea71ef38a55
                                                          • Instruction Fuzzy Hash: EF52276244E3C28FC7034B7498B55D17FB0EE6722471E0ADBD4C08F0A3E25D5A9ADB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31710, Relevance: .2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c0b845678961cacb8c505569ca4931b1e9e886ddf4f5751e937c29925ecafe5
                                                          • Instruction ID: ea21077b93ca5fd1057b0b38f09ce1791faba4fa3a65bfc1841329e45b9b87dc
                                                          • Opcode Fuzzy Hash: 6c0b845678961cacb8c505569ca4931b1e9e886ddf4f5751e937c29925ecafe5
                                                          • Instruction Fuzzy Hash: 266106B5D2621ECFCB04CFE4D9804AEBBB1FF4A351F24552AD405B7214DB389A118FA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31700, Relevance: .2, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c7d1a213ef74710679757639fa28314cd88789718ccbf5eee72f47cfdb89535
                                                          • Instruction ID: 01766bf9192d6a9ad90dbc86ff1925de7db2136233e544c5df541f583065faad
                                                          • Opcode Fuzzy Hash: 8c7d1a213ef74710679757639fa28314cd88789718ccbf5eee72f47cfdb89535
                                                          • Instruction Fuzzy Hash: 466117B5D2521ECFCB04CFA4D9405AEBBF1FF4A310F24542AD405B7214DB389A118FA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28880, Relevance: .1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbdf8b0dc62e330e00bb921f0787e2d6b1b8e27a20054f87f63702289a0ec1f1
                                                          • Instruction ID: 33feed57d80ba5e783ac25f59a8f327bf80b047e67d1aa2a556cfff82d425d4f
                                                          • Opcode Fuzzy Hash: cbdf8b0dc62e330e00bb921f0787e2d6b1b8e27a20054f87f63702289a0ec1f1
                                                          • Instruction Fuzzy Hash: CD51D074E1521ADFCF04CFAAD8809AEBBF2FB89310F14D56AD415B7254D3789A018F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28108, Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f26d8d2b4e6bf477949ca84c753364d3180aca1180c0de405c1da888b9b86d91
                                                          • Instruction ID: fb3b8ad8c914df46f15f5ce1f49fc4efe76a1aeee56711652271b5904f96bcf2
                                                          • Opcode Fuzzy Hash: f26d8d2b4e6bf477949ca84c753364d3180aca1180c0de405c1da888b9b86d91
                                                          • Instruction Fuzzy Hash: 4151DE74D1522ADFCB44CFA9C5809AEFBF1BB49310F24859AE805BB254C770EA40CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28890, Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 43a17bdb2e4b96d00b56137f1c14473c2012014feeaf34db579938519a969e6e
                                                          • Instruction ID: a81d1312ebd6425daedfff9ede941d8cd8b4639201de263c01505d8ee4bccd18
                                                          • Opcode Fuzzy Hash: 43a17bdb2e4b96d00b56137f1c14473c2012014feeaf34db579938519a969e6e
                                                          • Instruction Fuzzy Hash: 5851DFB4E1521ADFDF04CFAAD9809AEFBF2FB89300F14956AD415B7214D3389A018F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31BB8, Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 280868d87d44bf8b1297cb33395525f2108e6e36415497d4dee198d1627366ce
                                                          • Instruction ID: eb0aa93f1a93d130d3eb667e8c12922c0f80e0535207189adb0af6938515880e
                                                          • Opcode Fuzzy Hash: 280868d87d44bf8b1297cb33395525f2108e6e36415497d4dee198d1627366ce
                                                          • Instruction Fuzzy Hash: D9512BB1E0562A8FDB68CF25C9447AAF7F6EB89300F1484FAC51DA7214EB345A818F00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C280F8, Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7056c6308e5fad0e6f3fb5986f747cd9f873db1c789fa91504b69e6e0ed9c7af
                                                          • Instruction ID: 731f38b174251bcfaa06e077a6859a99bd9798b1631ef7957f06b551bcf2c4b1
                                                          • Opcode Fuzzy Hash: 7056c6308e5fad0e6f3fb5986f747cd9f873db1c789fa91504b69e6e0ed9c7af
                                                          • Instruction Fuzzy Hash: EC510274D1522ADFCB44CFA9C9808AEFBF1FF49310B24859AD805AB255C374EA40CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C29BC0, Relevance: .1, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ff8937cbde23a3374d6938375525f1dc3d82c719b327817294490fcb90557c2
                                                          • Instruction ID: ca3eef98839c971ce893552ff342cec13d18767874e01d5947d00b843d32b9d2
                                                          • Opcode Fuzzy Hash: 3ff8937cbde23a3374d6938375525f1dc3d82c719b327817294490fcb90557c2
                                                          • Instruction Fuzzy Hash: 5E51E370E00229DBDB14CFAAC5805ADFBF2FB89304F2481A9D819AB256D7349E42DF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C29BB0, Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7eea6b9a4f7760fa661c57a900fbe4dc3cc60d469e2f690e6a89f75b854f7d1f
                                                          • Instruction ID: aaebd3aefc938f77d1a1395f00d2fe71dd3a702858988bd02d67e294c5a7177f
                                                          • Opcode Fuzzy Hash: 7eea6b9a4f7760fa661c57a900fbe4dc3cc60d469e2f690e6a89f75b854f7d1f
                                                          • Instruction Fuzzy Hash: B151E470D00269DFDB14CFAAC58059DBBF2FF89314F2482AAD818AB256D7349A42DF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F31BA9, Relevance: .1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db3487272cc5ba3bf6c6802ca93ca554fe499610a0eb3d24ffb0f5f62fa14df6
                                                          • Instruction ID: 6ed563c7b692619eabccb0a78e64ee33d751b76ac1e25d3985b34071f8238117
                                                          • Opcode Fuzzy Hash: db3487272cc5ba3bf6c6802ca93ca554fe499610a0eb3d24ffb0f5f62fa14df6
                                                          • Instruction Fuzzy Hash: 00410B71D0562A8FDBA8CF69C94479AFBF2BB88300F1484FAC51DA7654EB345A859F00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C286A0, Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b6def6e15521966968a9a50f974bbc9c7f0a1e85005e10532db5469f1f7f3eb
                                                          • Instruction ID: 7a177ec94be1b4cb93d08c8d7b1bcaa80b4d521a20d2573266cc03b34f9d9192
                                                          • Opcode Fuzzy Hash: 0b6def6e15521966968a9a50f974bbc9c7f0a1e85005e10532db5469f1f7f3eb
                                                          • Instruction Fuzzy Hash: 5041F0B5D0421ADFCB04CFAAC4815AEFBF1FF88300F20946AE512AB250D734AA51CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C286B0, Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c71d206a798436d6e5810ad71c413f1a5b89a7db172173103f91d9cbbf6efdfe
                                                          • Instruction ID: 62d3e4b14ccf440696b4a5904b154a472107a3ed85f55a84eaadca4f8a228000
                                                          • Opcode Fuzzy Hash: c71d206a798436d6e5810ad71c413f1a5b89a7db172173103f91d9cbbf6efdfe
                                                          • Instruction Fuzzy Hash: 604102B5D0421ADBCB04CFAAC4815AEFBF1FB98300F20D46AE516AA254D7349A51CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 07F32E27, Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.262216518.0000000007F30000.00000040.00000001.sdmp, Offset: 07F30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7c1d32047a461514829fc43d588ba764b7ff4348e921449c4990103f92bb983c
                                                          • Instruction ID: b3a6f8c97a66705b31a1857bb129d784682ba1acf27034743a0e0b2713264d60
                                                          • Opcode Fuzzy Hash: 7c1d32047a461514829fc43d588ba764b7ff4348e921449c4990103f92bb983c
                                                          • Instruction Fuzzy Hash: 75318DB1E5A22ACFCB64CF60D984BADF7B5FB89300F1094E6C51AA7214D7349A80CF04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C24018, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 66d2fb1d400dcfeeafdb3fff69d30d93dd851ea3ed918c1aea42280a38592d1b
                                                          • Instruction ID: ff05bab8053d7265f239ea616a1ffc944438fea508fadb54cc609886e070e9d7
                                                          • Opcode Fuzzy Hash: 66d2fb1d400dcfeeafdb3fff69d30d93dd851ea3ed918c1aea42280a38592d1b
                                                          • Instruction Fuzzy Hash: BF21D871E01619CBEB58CF6BD84069EFAF3AFC9310F19C07AD548AA214DB745A418F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C24008, Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7b60d3e051e71be874db09efe68cf964a5ec56cc4446378efc5597bcd9ad3de
                                                          • Instruction ID: 2126085d4426a21f7880dcc8049c813220b3421fdfbe0ed2f375795e0a6aa8a5
                                                          • Opcode Fuzzy Hash: d7b60d3e051e71be874db09efe68cf964a5ec56cc4446378efc5597bcd9ad3de
                                                          • Instruction Fuzzy Hash: 5A21C8B1E01619CFEB58CF6BC84469EBAF3AFC9350F19C07AD948AB214E77449818F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28C48, Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7ff33a85dd7a42f093b0df308584d5845465ae2b9adfba7770ab6807f85bb2b8
                                                          • Instruction ID: 5c28f99f1b08abd02553913654f654f983a35f97a7c5f54bd3891649395499d2
                                                          • Opcode Fuzzy Hash: 7ff33a85dd7a42f093b0df308584d5845465ae2b9adfba7770ab6807f85bb2b8
                                                          • Instruction Fuzzy Hash: A921DBB1E11618DFDB18CF6BCC4469EFBF7BFD9200F18C16AD448AA215E77045468B51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C28C58, Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed3bc04dcdd818f5229ebc50a2c2ec16be42451986d2955f66f8d7dcdf04f5ad
                                                          • Instruction ID: 2c5d8e92500042cd6015703f6181f7955ac3a1bcc4cf8ab1d0e476fdb324f111
                                                          • Opcode Fuzzy Hash: ed3bc04dcdd818f5229ebc50a2c2ec16be42451986d2955f66f8d7dcdf04f5ad
                                                          • Instruction Fuzzy Hash: 1C11FB72E016189BEB18CFABDC4069EFAF7BFC8210F04C07AD908A6218EB3045418F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2B108, Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0df8276bcc042863fe59886a826327dd90050ba1071d1cb42ef5fc338344bcae
                                                          • Instruction ID: 0d93166c787d44371c4eb2f106da09e266c1f858621c38265969c2d4486407ea
                                                          • Opcode Fuzzy Hash: 0df8276bcc042863fe59886a826327dd90050ba1071d1cb42ef5fc338344bcae
                                                          • Instruction Fuzzy Hash: EB11FEB1E01619CBDB18CFABC9402AEFBF7BFC8200F14C17AD518AB215D6345A119F40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2B0F8, Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9360a023499f67f71523e205cbb323aa4153e8e1f649090f00df1324d50a9a6d
                                                          • Instruction ID: 22213c676a3ff52077a672700fe1c8bce7be052a726ef377773354be0f3f8fb8
                                                          • Opcode Fuzzy Hash: 9360a023499f67f71523e205cbb323aa4153e8e1f649090f00df1324d50a9a6d
                                                          • Instruction Fuzzy Hash: A611DD71D05655DFDB19CFBB894019EBBF3AFC9204F15C06AC514AB265D63456028F41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2EE60, Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5df6bbb836ecf3931b4048af61563e058aed73817e5bf2eda66ab6d4363b90fe
                                                          • Instruction ID: 65caac2f5d626c524d48e0df1f02a25861eb2d9e5c43702d11c5cb98b39b406b
                                                          • Opcode Fuzzy Hash: 5df6bbb836ecf3931b4048af61563e058aed73817e5bf2eda66ab6d4363b90fe
                                                          • Instruction Fuzzy Hash: 5611C5B1D04619CBDB18CFABC9451AEFBF6BFC9700F24C56AD418AB219D73496018F45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2DFD0, Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fddf58037ec9e935fba25a78fd708ee2c70c7a5d4b8f7d7b94d63d8ffe05779f
                                                          • Instruction ID: 53e2635d574c7db1afc4a032af5b0fb749dad094882d287592f4a40f2372bdf2
                                                          • Opcode Fuzzy Hash: fddf58037ec9e935fba25a78fd708ee2c70c7a5d4b8f7d7b94d63d8ffe05779f
                                                          • Instruction Fuzzy Hash: 7311DBB1D04619CBDB58CFABC9405AEFBF7AFC8204F24C57AC818AB215E63456528F54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2A160, Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27011a9ee60455480caf731a7b87b2992db625b612f209bb4444ddeac659b868
                                                          • Instruction ID: f774efc8f2e9f3edf6c3115f501ea91448fbe3f77818113289182f6f3cde447c
                                                          • Opcode Fuzzy Hash: 27011a9ee60455480caf731a7b87b2992db625b612f209bb4444ddeac659b868
                                                          • Instruction Fuzzy Hash: 9C111BB1D01619CBDB28CFAB89001AEFBF7AFC9700F24C17AD808A7215DB3496018F40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2DFC0, Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 22c8558e70cf8f49459e0fc3683b9ab16127967cdffec4ea464928694d235179
                                                          • Instruction ID: a9a5244c643ce990a05c5997c26027e021ac95581aff43c72835bee447991cf0
                                                          • Opcode Fuzzy Hash: 22c8558e70cf8f49459e0fc3683b9ab16127967cdffec4ea464928694d235179
                                                          • Instruction Fuzzy Hash: 6A11F7B1D046498FDB58CFAB88045DEFBF3AFC9204F28C47AC814AB255D6384602CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01C2A150, Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.248227220.0000000001C20000.00000040.00000001.sdmp, Offset: 01C20000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95f83aa51e84cc39d9a5bbbf93f4b2519e2e0a0a49c291db48f27f9e192dbfc3
                                                          • Instruction ID: f5e20295c6ed002a8ee830f4235a37ebe9b3b8dcfb6a82f89f483a303570837f
                                                          • Opcode Fuzzy Hash: 95f83aa51e84cc39d9a5bbbf93f4b2519e2e0a0a49c291db48f27f9e192dbfc3
                                                          • Instruction Fuzzy Hash: E911E5B1D05619CBEB18CFAB894519EFBF3AFC9300F24C06AC414AB265DB3486028F40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Analysis Process: 03_extracted.exe PID: 5548 Parent PID: 5976 03_extracted.exeCOMMON

                                                          Executed Functions

                                                          Function 04F1AD38, Relevance: 2.2, Strings: 1, Instructions: 903COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: r
                                                          • API String ID: 0-1812594589
                                                          • Opcode ID: e23b0fb04a14143e80143abc6fa25cefbad05124aa1def7f5713cea11b04f888
                                                          • Instruction ID: 725e0ac8f77fb84c0239a1a4daa84eb973dde88902c912f911d8157ced63f1e6
                                                          • Opcode Fuzzy Hash: e23b0fb04a14143e80143abc6fa25cefbad05124aa1def7f5713cea11b04f888
                                                          • Instruction Fuzzy Hash: E8823671A00605CFDB14CF68C984AADBBF2FF88310F158969D41AAB665D734F992CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05042428, Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • bind.WS2_32(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 050424DB
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: bind
                                                          • String ID:
                                                          • API String ID: 1187836755-0
                                                          • Opcode ID: 1a15db337e279deeacac83160188152aa937d9a189928f836da78a71e3801868
                                                          • Instruction ID: 8a21f455ba8acfb5d16a54cc0d1e524aa376c9eec632362fd25c349c7a5457bf
                                                          • Opcode Fuzzy Hash: 1a15db337e279deeacac83160188152aa937d9a189928f836da78a71e3801868
                                                          • Instruction Fuzzy Hash: 28315AB550A3C05FD7138B249C54B56BFB8EF07210F0984EBE984DF193D268A809CB72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040EF3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05040F73
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: AdjustPrivilegesToken
                                                          • String ID:
                                                          • API String ID: 2874748243-0
                                                          • Opcode ID: f4d6ab252b7728811d5e2510dfba6d7dd5c30ac42e6d02c7f7a3597f1923737f
                                                          • Instruction ID: 4af1b82349b33cc3ef4f5d89b79883f71c80b2ce7c20c9b4da946a71bee77e47
                                                          • Opcode Fuzzy Hash: f4d6ab252b7728811d5e2510dfba6d7dd5c30ac42e6d02c7f7a3597f1923737f
                                                          • Instruction Fuzzy Hash: 2321D3755093809FDB138F25DC54B56BFF4EF06310F0884EAE9858F563D270A908CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504112F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 050411A5
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: d5ef33f6356d1741a0704ae95311a025d529bb446957f27dee2f9a2b396a70a6
                                                          • Instruction ID: 68fdd64c49557c9e5721fafb7c72d3f06204f2e23774027d013056529e7b9b48
                                                          • Opcode Fuzzy Hash: d5ef33f6356d1741a0704ae95311a025d529bb446957f27dee2f9a2b396a70a6
                                                          • Instruction Fuzzy Hash: 06219DB14097C09FDB238B21DC51A62FFB4EF16214F0984DBED844B163D265A949CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504247A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • bind.WS2_32(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 050424DB
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: bind
                                                          • String ID:
                                                          • API String ID: 1187836755-0
                                                          • Opcode ID: 123047ababaa15cebb8e3c9307a4ac79d1c0752046c687b96dfd461e4fef8528
                                                          • Instruction ID: daa4730ebfa795c1d5c1fbc6a37fd67331544855cbc9745ad731eaa3d80061a5
                                                          • Opcode Fuzzy Hash: 123047ababaa15cebb8e3c9307a4ac79d1c0752046c687b96dfd461e4fef8528
                                                          • Instruction Fuzzy Hash: 771190B5A00244AFEB10CF55EC84FAABBE8EF44320F1484AAEE459B241D774A404CA71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040F2A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05040F73
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: AdjustPrivilegesToken
                                                          • String ID:
                                                          • API String ID: 2874748243-0
                                                          • Opcode ID: 8068244c090aa8fa9463d6e8498d89b46febeaf82311daa702e357dfefe7d583
                                                          • Instruction ID: 938455a7e26942fcbf7b72582977643b4b926418d59653f90919b904043eb1bd
                                                          • Opcode Fuzzy Hash: 8068244c090aa8fa9463d6e8498d89b46febeaf82311daa702e357dfefe7d583
                                                          • Instruction Fuzzy Hash: 15115EB59002049FDB21CF55E845B6AFBE4EF04220F08C4BAEE4A9F652D375E518CF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040BB6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSystemInfo.KERNELBASE(?), ref: 05040BE8
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: InfoSystem
                                                          • String ID:
                                                          • API String ID: 31276548-0
                                                          • Opcode ID: b42b7921e9a33e93053428e077352f03d53564053c4efa7d4028ee0f93100810
                                                          • Instruction ID: 6d61bc4b67a4e4ae0e33313e070a1880ee335b173822c2ca5e2fdcf398c71460
                                                          • Opcode Fuzzy Hash: b42b7921e9a33e93053428e077352f03d53564053c4efa7d4028ee0f93100810
                                                          • Instruction Fuzzy Hash: EA018BB0804244CFDB10CF15E88876AFFE4EF44220F18C4AADE489F242D274A448CEA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504116A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 050411A5
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 0eef71ab5607e1016fee8386fcbe87541fc8e3674a2ee05865588a924e0601ad
                                                          • Instruction ID: 4aa40ee318887b1dc17705b0446ee66dfc07f04cfdd71aaeb176b20e0bb62cb8
                                                          • Opcode Fuzzy Hash: 0eef71ab5607e1016fee8386fcbe87541fc8e3674a2ee05865588a924e0601ad
                                                          • Instruction Fuzzy Hash: 78018FB55002409FDB20CF55E844B69FFE1EF44320F08C4AADE590B662D375A458CF62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F13850, Relevance: .7, Instructions: 745COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 597052a5b73bd4b175edcfa4bdc52822ca3455dd408b2c934a6e325e4b2f6a4b
                                                          • Instruction ID: a4452a2e2d77fb90ec5bf3b3d440b897b3d803647f8120b0a41883c5f289d2f0
                                                          • Opcode Fuzzy Hash: 597052a5b73bd4b175edcfa4bdc52822ca3455dd408b2c934a6e325e4b2f6a4b
                                                          • Instruction Fuzzy Hash: C352E571A04256CFDB15CF68C8809AEBBB2FF85310B1985AAD8059F266D731FC47CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18468, Relevance: .5, Instructions: 505COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55423ce7b7523c15a0649135a891f20a88d2b47c1e0752d71e535877d683197b
                                                          • Instruction ID: 2fbba12d9cbb78374f965e50ea5f7ef2f6dc441cef7e3bd4cc02fe738f6c16b8
                                                          • Opcode Fuzzy Hash: 55423ce7b7523c15a0649135a891f20a88d2b47c1e0752d71e535877d683197b
                                                          • Instruction Fuzzy Hash: B012AA71E00215CFDB14EF65C68166DBBF2BF88340F548569E4569B3A0EB75E882CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F123A0, Relevance: .5, Instructions: 505COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cac2b6b378ffb87af0f653758d331ef0a522f4f71390d7f5ebac759242d3e5c3
                                                          • Instruction ID: 913ee1cbf725220c352da7ab5612eb6f9669b267c474a9f344378de3f427b6e3
                                                          • Opcode Fuzzy Hash: cac2b6b378ffb87af0f653758d331ef0a522f4f71390d7f5ebac759242d3e5c3
                                                          • Instruction Fuzzy Hash: 5012C272E00215CFC724DFB9C99066EB7F2BF84304F1581A9D405AB365EB74A947EB41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19068, Relevance: .2, Instructions: 239COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50d09dd28c4dba9f884f66536263322739e7c77649ddd10fbfc363f3fd56d97d
                                                          • Instruction ID: 17ffdb1bbab385253c10214112bfdc1f7c441374d24df76f12fa89eab3b086c5
                                                          • Opcode Fuzzy Hash: 50d09dd28c4dba9f884f66536263322739e7c77649ddd10fbfc363f3fd56d97d
                                                          • Instruction Fuzzy Hash: C88181B2F011159FDB14DB69C894A6EBBF3AFC4310F2A8064D415EB365DE71AD02CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F12FA8, Relevance: .2, Instructions: 239COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00983a7316e60472ea1df34fb543067bc32c1745a6acbe4a92d89e433b4d8e7f
                                                          • Instruction ID: 1f540153e88a0c14d82416946520eac01e7dfbbfcb7a8086502d8473d34dc103
                                                          • Opcode Fuzzy Hash: 00983a7316e60472ea1df34fb543067bc32c1745a6acbe4a92d89e433b4d8e7f
                                                          • Instruction Fuzzy Hash: D2816072F001159FD714DB69D954A6EBBF3AFC8310F2A8075E805EB369DE31AC028B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F109A5, Relevance: 5.2, Strings: 4, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r$X1(r$X1(r$X1(r
                                                          • API String ID: 0-1974604117
                                                          • Opcode ID: a143e20ab53115f0f5a23fcaebb209d816e9fe01b9849134475f7af279f726a8
                                                          • Instruction ID: f86f2704f898174081018335d2aadb767315b22fa9e740922b922e55ba2ecdd6
                                                          • Opcode Fuzzy Hash: a143e20ab53115f0f5a23fcaebb209d816e9fe01b9849134475f7af279f726a8
                                                          • Instruction Fuzzy Hash: 2551D332B04255DFCB14DBA8D854AAEB7F2BF84304F208465E506DB6A5DF34AC43EB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F112A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $g%r
                                                          • API String ID: 0-359987751
                                                          • Opcode ID: 9dbf651e842fdf804a1c8ad132dd7f1cdedee8f3e433b931b13ea06e52d36e5b
                                                          • Instruction ID: e63db72a3c2cc0608350d70026459a3e41b9e7ee919aa4bf57e0c035bb4b28d5
                                                          • Opcode Fuzzy Hash: 9dbf651e842fdf804a1c8ad132dd7f1cdedee8f3e433b931b13ea06e52d36e5b
                                                          • Instruction Fuzzy Hash: DA22E439A00A45CFC724DF28D580A6ABBF2BF88300F108999D95A9B755DB34FD86CF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050412B0, Relevance: 1.6, APIs: 1, Instructions: 124networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 050413A6
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: Query_
                                                          • String ID:
                                                          • API String ID: 428220571-0
                                                          • Opcode ID: 10e2c3862b3701ca1223e1223f91aee361c12c1be3201743156c1c6edd1e09f7
                                                          • Instruction ID: 16ca3508048e02773bcbfaa45bb578a153ba0c949b1249a2628b918f61209678
                                                          • Opcode Fuzzy Hash: 10e2c3862b3701ca1223e1223f91aee361c12c1be3201743156c1c6edd1e09f7
                                                          • Instruction Fuzzy Hash: 9141226540E3C05FD3039B758C61A61BFB4EF47614B0A85CBE8C4CF5A3D128690AD7B2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0504045E
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: 72bebde173444fea04cd3c49201b4b7f526eff79cbda467385784a0e5d45135c
                                                          • Instruction ID: 4d02b85862ddea4288236be8c960d8c22cfb0d10fa95bdc0ccc4196e56b73237
                                                          • Opcode Fuzzy Hash: 72bebde173444fea04cd3c49201b4b7f526eff79cbda467385784a0e5d45135c
                                                          • Instruction Fuzzy Hash: 4A31C4B10043446FE7228F25DC41FA6FFB8EF05310F04899EFA859B192D3A5A949CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050407F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05040899
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: b78507201efdd84290e428562880503bc79773aabac39d9f5ad5c239446a5387
                                                          • Instruction ID: cb58e39b17c06bda0f305b4f01a8227c500a2d12d916d25eff49914dc26b5526
                                                          • Opcode Fuzzy Hash: b78507201efdd84290e428562880503bc79773aabac39d9f5ad5c239446a5387
                                                          • Instruction Fuzzy Hash: F0317EB1505380AFE722CF65DD44F66BFE8EF05210F0884AEEA859B252D375E809CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00F1AAB1
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: 7b0bb02d17c0a7b9502a69ffb883463aa01796a22e7eac33feb95e76e6b3ef10
                                                          • Instruction ID: 8f0d64f01dff36fe302fd748fbeed30341027c5a62fb2a184d59a70990ec1b26
                                                          • Opcode Fuzzy Hash: 7b0bb02d17c0a7b9502a69ffb883463aa01796a22e7eac33feb95e76e6b3ef10
                                                          • Instruction Fuzzy Hash: 6D31B6B2504384AFE7128B65CC85FA7BFFCEF05310F08889AED819B152D664A949DB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504270F, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 050427CA
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FormatMessage
                                                          • String ID:
                                                          • API String ID: 1306739567-0
                                                          • Opcode ID: 29e324f26ef4609978f234d643794374ff1145729fa2dbe2f0a294d2b8f6a483
                                                          • Instruction ID: 176b5f4f945cfdcef46665cbd6acaed9766892276fb063d5c98531d443e8954f
                                                          • Opcode Fuzzy Hash: 29e324f26ef4609978f234d643794374ff1145729fa2dbe2f0a294d2b8f6a483
                                                          • Instruction Fuzzy Hash: B3318D7250E3C05FD7038B258C61A56BFB4EF47610F0A80DBD9848F2A3E6246909C7A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050421B0, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcessTimes.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 0504224D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: ProcessTimes
                                                          • String ID:
                                                          • API String ID: 1995159646-0
                                                          • Opcode ID: 72478b484ea2b72af272cdab06aadf4dd58fc65509cf43764152a0f5f6067d85
                                                          • Instruction ID: 0ab7e9f2fa6a019292800b561851624bb87ca424e58e3b11d4fed4b6cb795dc7
                                                          • Opcode Fuzzy Hash: 72478b484ea2b72af272cdab06aadf4dd58fc65509cf43764152a0f5f6067d85
                                                          • Instruction Fuzzy Hash: C431D5B65093806FEB128F65DC45FA6BFB8EF06310F0884AAF9859B153D324A549CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050400F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMutexW.KERNELBASE(?,?), ref: 0504019D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateMutex
                                                          • String ID:
                                                          • API String ID: 1964310414-0
                                                          • Opcode ID: 18b16cc896c2016b6d2f08cf41dfd3855f97051739a2d8c150eac42dc4ae4b84
                                                          • Instruction ID: f20a00d7355da3012c025c6f399d91bed7ec9af065e779a902d13cbee7209bc7
                                                          • Opcode Fuzzy Hash: 18b16cc896c2016b6d2f08cf41dfd3855f97051739a2d8c150eac42dc4ae4b84
                                                          • Instruction Fuzzy Hash: 763184B15097806FE712CB65DC94F56FFF8EF06210F0884AAE9449F292D374A908CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 00F1ABB4
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: d19f268cc9e1917146662fe78e30165df45fc07656f800b2ba0369f84fe47170
                                                          • Instruction ID: e2a79a547443e3284d5eefd7aa19184c5c971249ef2623208ed856f43242d77f
                                                          • Opcode Fuzzy Hash: d19f268cc9e1917146662fe78e30165df45fc07656f800b2ba0369f84fe47170
                                                          • Instruction Fuzzy Hash: B231A4755093846FE722CB65CC84F92BFFCEF46320F08849AE985CB153D264E949DB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05041D44, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FileView
                                                          • String ID:
                                                          • API String ID: 3314676101-0
                                                          • Opcode ID: 5a6ba9e55e776c12527eae435d47b04a3a74cdb0925e9d8c0a3727aa5d4d42ca
                                                          • Instruction ID: 538c5ed44d2ae166ac49513682d40b098d3aede950d594bf82b59ece0aee70f2
                                                          • Opcode Fuzzy Hash: 5a6ba9e55e776c12527eae435d47b04a3a74cdb0925e9d8c0a3727aa5d4d42ca
                                                          • Instruction Fuzzy Hash: AE31D1B2404784AFE722CF55DC84F56FFF8EF06320F08859AE9848B252D364A909CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1AF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00F1AFEA
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID:
                                                          • API String ID: 2645101109-0
                                                          • Opcode ID: 9557eae93bec62daff965cb11f09e8a1ce83d7a08dc00a91ec1d01724c932208
                                                          • Instruction ID: 74bffb0b2cac4ae08d062aad0ad93a7fbc61b5719dceeea08731f7599dc1d7c8
                                                          • Opcode Fuzzy Hash: 9557eae93bec62daff965cb11f09e8a1ce83d7a08dc00a91ec1d01724c932208
                                                          • Instruction Fuzzy Hash: F331807540E3C06FD3138B658C65B66BFB4EF47610F0A45DBE884CB5A3D228A919C7A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050404AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 0504055C
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: 14937b5d59b9ed116d91069fe0235adbaef5ec1b0d0b55a990dbb71a54ddcdb3
                                                          • Instruction ID: b6f18a836ccb9cb241b56989bc248a3c012ba535376da8ebd0d3d7004ebb9283
                                                          • Opcode Fuzzy Hash: 14937b5d59b9ed116d91069fe0235adbaef5ec1b0d0b55a990dbb71a54ddcdb3
                                                          • Instruction Fuzzy Hash: 4131A2B15093C0AFD722CB65DC94F57BFF8EF06210F0884DAEA859B162D264A808CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A120, Relevance: 1.6, APIs: 1, Instructions: 85networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00F1A1C2
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: Startup
                                                          • String ID:
                                                          • API String ID: 724789610-0
                                                          • Opcode ID: e37a8c8740a66e6c54f85bd4a84d6be6d1ac138883619086e05e76111e0539fb
                                                          • Instruction ID: 6428660b739542aa384023eda0ac96e601f4d376aac73b38e0226eb456e3db04
                                                          • Opcode Fuzzy Hash: e37a8c8740a66e6c54f85bd4a84d6be6d1ac138883619086e05e76111e0539fb
                                                          • Instruction Fuzzy Hash: 6C31A27140D3C06FD7138B768C55A66BFB4EF47610F1985DBD8848F193D229A809CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050402AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05040353
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: 5f8fcc771f9c2f5238d889316e6935d3997395601d4eeba513aa55afb9c4fc69
                                                          • Instruction ID: d581066549ce4859ee2cb44c6422b04c55fac0840db2add13d8e3b1af54d716e
                                                          • Opcode Fuzzy Hash: 5f8fcc771f9c2f5238d889316e6935d3997395601d4eeba513aa55afb9c4fc69
                                                          • Instruction Fuzzy Hash: 0D21A8754093806FE7228B11DC45FA6BFB8EF06310F0484DAF9845F192D2656909CB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05041C62, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OpenFileMappingW.KERNELBASE(?,?), ref: 05041CED
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FileMappingOpen
                                                          • String ID:
                                                          • API String ID: 1680863896-0
                                                          • Opcode ID: f6f5aa114bff6677737a76fb16fc9b57179c67447b716f65b551b876c650e385
                                                          • Instruction ID: 8fe9754282937adbfc8d1e224a3a7ee826d595e79f2b60d6c3c44f6761a9a9dc
                                                          • Opcode Fuzzy Hash: f6f5aa114bff6677737a76fb16fc9b57179c67447b716f65b551b876c650e385
                                                          • Instruction Fuzzy Hash: D121A3B15057806FE721CB65DC44F66FFE8EF05210F0884AAED859B252D375A548CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040A9B, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileA.KERNELBASE(?,00000E2C), ref: 05040B3F
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: 4ba3237d5a95898abe315ba6acb85abbbbeeffdae390f4f6dfc10935e7f3eab1
                                                          • Instruction ID: a239bbdabbd541bd40b6e8308adf3b8c43677e65f2684b2d7434d54c893ecb8a
                                                          • Opcode Fuzzy Hash: 4ba3237d5a95898abe315ba6acb85abbbbeeffdae390f4f6dfc10935e7f3eab1
                                                          • Instruction Fuzzy Hash: 2E212BB15093806FE722CB24DC55FA6BFA8EF02314F1880DAFD849F193D364A908CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050408F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileType.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 05040985
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID:
                                                          • API String ID: 3081899298-0
                                                          • Opcode ID: 072aa63c926503a2e120b653f43de8311ee5d6a1852f04749e682e15bf39b5d9
                                                          • Instruction ID: f07ea71100027b918f8a0274f6b796d575baadc9174e12753dabb017fc134450
                                                          • Opcode Fuzzy Hash: 072aa63c926503a2e120b653f43de8311ee5d6a1852f04749e682e15bf39b5d9
                                                          • Instruction Fuzzy Hash: 6621FBB54097846FE7128B259C54BA7BFB8EF46720F0884DAED849F153D224A909C771
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050413D2, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 0504145E
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: Socket
                                                          • String ID:
                                                          • API String ID: 38366605-0
                                                          • Opcode ID: b7b84df50078a368870bdf27a939ef0621770720e9c983b72e0e6c3c0d77b784
                                                          • Instruction ID: 1e72749376bb2513acd380c9a8945e12a4c46e709d3623bbb7ef6733feb7e7e9
                                                          • Opcode Fuzzy Hash: b7b84df50078a368870bdf27a939ef0621770720e9c983b72e0e6c3c0d77b784
                                                          • Instruction Fuzzy Hash: AD218D71505780AFEB22CF65DC44F66FFF8EF05220F0888AEE9859B652D375A408CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05040899
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 116dbf4635e28ef872cedb4085cd66a19da0b261da35ba1ed85ae29e1afed521
                                                          • Instruction ID: 75335deca25cc06929f31b31079d0b3fd2e3eb06a4b2cd7675dc2d73534727aa
                                                          • Opcode Fuzzy Hash: 116dbf4635e28ef872cedb4085cd66a19da0b261da35ba1ed85ae29e1afed521
                                                          • Instruction Fuzzy Hash: D5217CB1504244AFEB21DF65DD44B6AFBE8EF04310F14886DEA859B252D771E404CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050409C0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • setsockopt.WS2_32(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 05040A51
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: setsockopt
                                                          • String ID:
                                                          • API String ID: 3981526788-0
                                                          • Opcode ID: 5c251e0156272a73eed89e5e5b9faa5db33face4ecdedd125ec3b689c62a17a8
                                                          • Instruction ID: d7de526a17bb8f9aed0c8503d6e498a3821d039b6441e3e5f3cbeb5828dc8b9b
                                                          • Opcode Fuzzy Hash: 5c251e0156272a73eed89e5e5b9faa5db33face4ecdedd125ec3b689c62a17a8
                                                          • Instruction Fuzzy Hash: 4E2162B15093806FDB228F65DC54F56BFB8EF46314F0884ABEA849F153C265A419CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050403CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0504045E
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: 9a36f6b08378d016c96f99d03eeb0d851a7a78dc6a2e725697f59987313cc104
                                                          • Instruction ID: 72b23bf73670168a1deace20ee3ee4a3f5da06194d03d58b3c76e751ce335049
                                                          • Opcode Fuzzy Hash: 9a36f6b08378d016c96f99d03eeb0d851a7a78dc6a2e725697f59987313cc104
                                                          • Instruction Fuzzy Hash: 8721F5B1500204AFEB21DF15DC85FAAFBACEF44310F00896AFE459A181D6B5A808CFB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00F1AAB1
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: 604746b9d46457a0737195b50299728be4662f986034e9b41c3ed3d69dc0a2ab
                                                          • Instruction ID: 057395bdae1e0d6324336aea532c41b8130cf2e7a4de2aa0fe9068606d804b8a
                                                          • Opcode Fuzzy Hash: 604746b9d46457a0737195b50299728be4662f986034e9b41c3ed3d69dc0a2ab
                                                          • Instruction Fuzzy Hash: E621A4B2900204AEE7219B55DD84FABFBECEF04320F14885AEE459B241D674E948DB71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMutexW.KERNELBASE(?,?), ref: 0504019D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateMutex
                                                          • String ID:
                                                          • API String ID: 1964310414-0
                                                          • Opcode ID: b51651605bdbc2e2cdc3306e34c787347c4cde47498ffdc2e98da5c8d959d969
                                                          • Instruction ID: 658f9cd199959fb7193bf7997fc6db2a1e5c9f92d71c26c2bc93eceeb4754868
                                                          • Opcode Fuzzy Hash: b51651605bdbc2e2cdc3306e34c787347c4cde47498ffdc2e98da5c8d959d969
                                                          • Instruction Fuzzy Hash: 5B219FB1504240AFE720DF69EC89F6AFBE8EF04310F18846AEE459F252D770E504CA71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateDirectoryW.KERNELBASE(?,?), ref: 0504079F
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateDirectory
                                                          • String ID:
                                                          • API String ID: 4241100979-0
                                                          • Opcode ID: ecb654200322cad3bbacafdcf3e946966546a795972638bdc4713338cccb5903
                                                          • Instruction ID: b6c95b29c0a830b79825b05251e81c2125db4c8bc4072495e74f42e4368decc6
                                                          • Opcode Fuzzy Hash: ecb654200322cad3bbacafdcf3e946966546a795972638bdc4713338cccb5903
                                                          • Instruction Fuzzy Hash: 802183B69093809FD751CB25DC58B56BFE8EF06210F0984EAED45DF153D274D908CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 00F1ABB4
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: fac9f45dd8caf0f6f145571b020fd6adfc566e77509201019671601a0ef9c011
                                                          • Instruction ID: ceec6e63083248d6849ac1b230cd47d0064f789fa28443ac24d862285beebf88
                                                          • Opcode Fuzzy Hash: fac9f45dd8caf0f6f145571b020fd6adfc566e77509201019671601a0ef9c011
                                                          • Instruction Fuzzy Hash: CF2193B1905244AFE720CF65DC80FA6FBECEF44720F14845AED458B251D760E848DB72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05041C82, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OpenFileMappingW.KERNELBASE(?,?), ref: 05041CED
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FileMappingOpen
                                                          • String ID:
                                                          • API String ID: 1680863896-0
                                                          • Opcode ID: dcfa3438c0ca7cb4b14ecd6b313d56e58d91a01415b3e7f73e60106c36eee7a3
                                                          • Instruction ID: c1c29a3377e9cb1179874b9183608b17042bb2b6ce89e4fdb40750b9a2da8851
                                                          • Opcode Fuzzy Hash: dcfa3438c0ca7cb4b14ecd6b313d56e58d91a01415b3e7f73e60106c36eee7a3
                                                          • Instruction Fuzzy Hash: 5721C0B1500640AFEB21DF69EC85B6AFBE8EF04320F14846AED458B241D771A444CA76
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040FC0, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 0504102C
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: 609e5703c55231ab5450167fae7c67ed17fbc74092cce0e431e94c328231ff52
                                                          • Instruction ID: 7faa557d8e0b00d8069cbaa2e34ad9328e5e5938283737e217d1fc74aa11e133
                                                          • Opcode Fuzzy Hash: 609e5703c55231ab5450167fae7c67ed17fbc74092cce0e431e94c328231ff52
                                                          • Instruction Fuzzy Hash: 4621C3B25093C05FDB028B25DC54B96BFB4AF07724F0984EAEC858F663D2749908CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05041075, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • K32EnumProcesses.KERNEL32(?,?,?,38238C5C,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 050410E6
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: EnumProcesses
                                                          • String ID:
                                                          • API String ID: 84517404-0
                                                          • Opcode ID: 458a1bd3c67f28bdd1864abe0672ff19f8e4ca69fec9c892d84e36d655405b16
                                                          • Instruction ID: d738795d5e8186a9102890596f963646f86d61ed68597e4cb6f0dc10d1405f65
                                                          • Opcode Fuzzy Hash: 458a1bd3c67f28bdd1864abe0672ff19f8e4ca69fec9c892d84e36d655405b16
                                                          • Instruction Fuzzy Hash: E12150715093845FDB12CF65DC44A96BFF8EF06210F0984EAED85CF163D274A948CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05041D82, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FileView
                                                          • String ID:
                                                          • API String ID: 3314676101-0
                                                          • Opcode ID: 2d5dac88e4208835c60dbc380edba2f5d3eb4a2c5d3907d2df259710f0bfe370
                                                          • Instruction ID: eb1274dddf816c1fa9dc625716b56a458b1018acf832d3d397e0b92736654fd6
                                                          • Opcode Fuzzy Hash: 2d5dac88e4208835c60dbc380edba2f5d3eb4a2c5d3907d2df259710f0bfe370
                                                          • Instruction Fuzzy Hash: 3B21A1B1500644AFE721DF59DC84F6AFBE8EF08310F048469EA859B241D771A548CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050401F4, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 05040264
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: 70ce279ec6d26c927187d8b5eda9d5738dd9987a4e212b7a1959f00f6cfcb67d
                                                          • Instruction ID: f99a3a5984eefdea68ad42f7f8417c823bd3d3dfebf5df7a8a99551b061952b8
                                                          • Opcode Fuzzy Hash: 70ce279ec6d26c927187d8b5eda9d5738dd9987a4e212b7a1959f00f6cfcb67d
                                                          • Instruction Fuzzy Hash: 16210BB15097845FD702CF64ED59B56BFA8FF02220F0984EBED449F593D274A804CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050413F2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 0504145E
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: Socket
                                                          • String ID:
                                                          • API String ID: 38366605-0
                                                          • Opcode ID: cefc3ff06ae943a5556121e7f80ff15c7843436798b747c536d35f71d9a56f70
                                                          • Instruction ID: 43cd0362c7844eedd2379de844f0610b1abeb73f10882d7f8ecaa0e031d3fa79
                                                          • Opcode Fuzzy Hash: cefc3ff06ae943a5556121e7f80ff15c7843436798b747c536d35f71d9a56f70
                                                          • Instruction Fuzzy Hash: 0121CFB1500240AFEB21DF65EC44B6AFBE9EF44320F04886AEE859A641D371A404CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050404EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 0504055C
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: ace4a346453bc9acc38958ba4a892ef3aa38ea25657c57f65b92bc80ebe7800b
                                                          • Instruction ID: 1af9604e6c92c1c5582985c3512ff64225e713727ca321d1866fc181b73bc62f
                                                          • Opcode Fuzzy Hash: ace4a346453bc9acc38958ba4a892ef3aa38ea25657c57f65b92bc80ebe7800b
                                                          • Instruction Fuzzy Hash: D0117FB2500644AFEB20DE55EC84F6BFBE8EF04710F04886AEE469B251D770E408CE71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040CEC, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05040D56
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: ffff8ed2072ca8ad5704a1608386b7c3319cb6a78a86409e45c0cf971ac08e41
                                                          • Instruction ID: 621f955a20178fe85dfb5afe8afedb26b961f9002e175cfe33358444c59ae0c4
                                                          • Opcode Fuzzy Hash: ffff8ed2072ca8ad5704a1608386b7c3319cb6a78a86409e45c0cf971ac08e41
                                                          • Instruction Fuzzy Hash: 8B117FB55097809FDB61CF25DC95B57BFE8EF05210F0884AAED89DF252D274E808CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050421EE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcessTimes.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 0504224D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: ProcessTimes
                                                          • String ID:
                                                          • API String ID: 1995159646-0
                                                          • Opcode ID: fd91b5125a6ad8670a2976f574b6bd5fac68c8172162f2dace8acc82fe182c43
                                                          • Instruction ID: 2d6a5d5c27a864c085861dcebb6fb3c0ee436c863d98c37d0dd17e5e12aac9f8
                                                          • Opcode Fuzzy Hash: fd91b5125a6ad8670a2976f574b6bd5fac68c8172162f2dace8acc82fe182c43
                                                          • Instruction Fuzzy Hash: 0D1193B5600200AFEB21DF55ED85F6AFBA8EF44320F14886AFE458B151D674A4448B71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,?,?,?), ref: 00F1B841
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 72854719d0c2647ab072b4ae647acbc8fb93ed059739ba974e5935dede438806
                                                          • Instruction ID: 7898db634cff0fd5d12aab588e2ef9fc751309b5490632b16e607917dc66beb7
                                                          • Opcode Fuzzy Hash: 72854719d0c2647ab072b4ae647acbc8fb93ed059739ba974e5935dede438806
                                                          • Instruction Fuzzy Hash: AC219D724097C09FDB128B21DC50AA2BFB4EF17324F0D84DAEDC44F163D265A958DB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F1A58A
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: 4ff7deed691ad9e11e07d30e812d34ad7ae047261730729d888c9d1d0f3a1eb0
                                                          • Instruction ID: 0c3a561f505752ad5bc504f7f487a535f291d1cf511d70b9be605c10e93482bb
                                                          • Opcode Fuzzy Hash: 4ff7deed691ad9e11e07d30e812d34ad7ae047261730729d888c9d1d0f3a1eb0
                                                          • Instruction Fuzzy Hash: 5E118472409380AFDB228F55DC44A62FFF8EF4A320F0884DAED858B153D275A518DB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040AD6, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileA.KERNELBASE(?,00000E2C), ref: 05040B3F
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: 5488ee9c57a5e61436067a66061f47aedbf8246bdc354d9269e479fb11e7aca3
                                                          • Instruction ID: 536ea160f84579252991e4ac0cf8753f1a7c71330b577270318b70db0768eaf0
                                                          • Opcode Fuzzy Hash: 5488ee9c57a5e61436067a66061f47aedbf8246bdc354d9269e479fb11e7aca3
                                                          • Instruction Fuzzy Hash: 1511C6B1600204AFF720DB19DC85B7AFB98DF44720F14C4AAFE459F281D6B4A944CEB5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050402DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05040353
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: 29f8a844963c83f64ba0ce4a36c5ae92e807e36d7271bf7815e1585e9358d5e8
                                                          • Instruction ID: 539b7c5213c05153e7cafc72e359125fb3ffbad578781ee96c579c19a60b2701
                                                          • Opcode Fuzzy Hash: 29f8a844963c83f64ba0ce4a36c5ae92e807e36d7271bf7815e1585e9358d5e8
                                                          • Instruction Fuzzy Hash: 7F119DB1500204AFEB31DF15DC85F6AFFA8EF04711F1488AAFE455A291C2B5A5088AB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050409F2, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • setsockopt.WS2_32(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 05040A51
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: setsockopt
                                                          • String ID:
                                                          • API String ID: 3981526788-0
                                                          • Opcode ID: 717ef6ec99a3806533b2c295457daafe647c5100ea2379af5ac3fcd597a1bf9f
                                                          • Instruction ID: 372c1f4c45cbbdf6738f1f4d4cc8e0ae1613b99c7550243efbf56be0effc26c0
                                                          • Opcode Fuzzy Hash: 717ef6ec99a3806533b2c295457daafe647c5100ea2379af5ac3fcd597a1bf9f
                                                          • Instruction Fuzzy Hash: 1411B2B1501200AFEB21DF55DC84F6AFBA8EF44310F14886AEE499F141C774A4188BB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 00F1BBB9
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 7750ba0c327484e788e6991c4ffe735db5e8a6580876685a8e6726c0987b8b78
                                                          • Instruction ID: 04394ac6a4c6f85a9faac7d3fb089a4eb13b36968cf33ee1717b3e14705dccac
                                                          • Opcode Fuzzy Hash: 7750ba0c327484e788e6991c4ffe735db5e8a6580876685a8e6726c0987b8b78
                                                          • Instruction Fuzzy Hash: DB11D0754093C0AFDB228F25CC45B52FFB4EF16220F0884DEED858B563D265A858DB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DispatchMessageW.USER32(?), ref: 00F1BE70
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: DispatchMessage
                                                          • String ID:
                                                          • API String ID: 2061451462-0
                                                          • Opcode ID: 31db3c660df957ae7799a9575f8548a9c8075272acbd3c41a8357d7e2effedd2
                                                          • Instruction ID: 8dae849c655ee26687f411ed59f49cfb3471b9a160b747158c90909d6d6809d1
                                                          • Opcode Fuzzy Hash: 31db3c660df957ae7799a9575f8548a9c8075272acbd3c41a8357d7e2effedd2
                                                          • Instruction Fuzzy Hash: 52118E758093C0AFDB138B25DC54B62BFB4DF47624F0984DAED848F263D2656848CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateIconFromResourceEx.USER32 ref: 00F1B78A
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateFromIconResource
                                                          • String ID:
                                                          • API String ID: 3668623891-0
                                                          • Opcode ID: 4506c189a4fc909a63483600f43ed96d2fce072fc0eff3f0fd41c0623d6a08f5
                                                          • Instruction ID: a8cb3e3d0d293bccbd421da61431cd7d52734bea51cce3d26f600dd63c53e232
                                                          • Opcode Fuzzy Hash: 4506c189a4fc909a63483600f43ed96d2fce072fc0eff3f0fd41c0623d6a08f5
                                                          • Instruction Fuzzy Hash: 6711A2314093809FDB228F55DC44A92FFF4EF49320F0888AEED858B562C375A458DB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040B83, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSystemInfo.KERNELBASE(?), ref: 05040BE8
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: InfoSystem
                                                          • String ID:
                                                          • API String ID: 31276548-0
                                                          • Opcode ID: a7fe400a37cb07e5941c3fe51e1d12a18afdaeab942a0500bafd872ffa3a3cfe
                                                          • Instruction ID: 3e54ba9d99a7279b5170791110a724ff8331e524e3843cec79a8611c981fa9e7
                                                          • Opcode Fuzzy Hash: a7fe400a37cb07e5941c3fe51e1d12a18afdaeab942a0500bafd872ffa3a3cfe
                                                          • Instruction Fuzzy Hash: 2F1160714093C49FD7128B25DC54B56BFF4EF06224F0984EBED849F153D275A849CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040D0E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05040D56
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: ba92e787f9aaf6877b22f35d661f21ba88fa4d0e6a75beadc47ff7385b2d44d4
                                                          • Instruction ID: 5b28a23bffe8d473d8d78eb7833bf08950433e2f08d22dd0d0ef02c851c41520
                                                          • Opcode Fuzzy Hash: ba92e787f9aaf6877b22f35d661f21ba88fa4d0e6a75beadc47ff7385b2d44d4
                                                          • Instruction Fuzzy Hash: 371165B56046409FDB50DF29E855B6AFBD8EF44610F08C47ADD49DF246D274E408CE71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileType.KERNELBASE(?,00000E2C,38238C5C,00000000,00000000,00000000,00000000), ref: 05040985
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID:
                                                          • API String ID: 3081899298-0
                                                          • Opcode ID: be853e4b1497d6e52942263bc7852a3f5956ffac72abf69c49ecad6cd9de95ba
                                                          • Instruction ID: 9d21acd2d9b3d9c3937c4331698b76265e61f9c0113d653fa7a559d7efe2b3cd
                                                          • Opcode Fuzzy Hash: be853e4b1497d6e52942263bc7852a3f5956ffac72abf69c49ecad6cd9de95ba
                                                          • Instruction Fuzzy Hash: 3E01D6B1500204AEF710DB19EC85F6EFBA8EF44720F14C4AAEF44AF241C674A804CEB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateDirectoryW.KERNELBASE(?,?), ref: 0504079F
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateDirectory
                                                          • String ID:
                                                          • API String ID: 4241100979-0
                                                          • Opcode ID: 1f16f77c547185a5708345f7211e0f350057b2b742c38f72a074407b1537b990
                                                          • Instruction ID: ad0c72a3b63b9d8819ea7731a3b778cb0f61ed5ae37832866a56ec89add51cd1
                                                          • Opcode Fuzzy Hash: 1f16f77c547185a5708345f7211e0f350057b2b742c38f72a074407b1537b990
                                                          • Instruction Fuzzy Hash: B21152B5A052448FDB50DF29E998B6AFBD8EF04210F08C4BADD49DF642D274E404CF62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: closesocket
                                                          • String ID:
                                                          • API String ID: 2781271927-0
                                                          • Opcode ID: b0917d51f729a439355958932d830e882f88ebbb2e8d8f413eb548e2c7ebbb53
                                                          • Instruction ID: 69812c7be78d358ecb7a12f571807879cd3b0be3dd5c42788a993714fb4ba53e
                                                          • Opcode Fuzzy Hash: b0917d51f729a439355958932d830e882f88ebbb2e8d8f413eb548e2c7ebbb53
                                                          • Instruction Fuzzy Hash: 6111A3754093849FDB11CF15DC44B92BFB4EF05320F0884EAED448F253D275A949CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 050410A6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • K32EnumProcesses.KERNEL32(?,?,?,38238C5C,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 050410E6
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: EnumProcesses
                                                          • String ID:
                                                          • API String ID: 84517404-0
                                                          • Opcode ID: 16a85838597e2c35c152d1fd28d1b5ef611bb60f2876643d5c659567a0ab9b7d
                                                          • Instruction ID: bddc37b74fa508f7b0bf7f457c413a2a910dc89b85c40e57fdbc0290f993044b
                                                          • Opcode Fuzzy Hash: 16a85838597e2c35c152d1fd28d1b5ef611bb60f2876643d5c659567a0ab9b7d
                                                          • Instruction Fuzzy Hash: ED1161B56002448FDB50CF66E884B6AFBE4EF04320F08C4BADD498B656D374E444CF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowLongW.USER32(?,?,?), ref: 00F1A926
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: LongWindow
                                                          • String ID:
                                                          • API String ID: 1378638983-0
                                                          • Opcode ID: 2096421f542774599d4069ddbf7e06096110918e146b1cf7183694ca98401603
                                                          • Instruction ID: 63e03128c17a540e7a0853018a2acf8fa0a44fbd0722484e507b5ac68d89a3f0
                                                          • Opcode Fuzzy Hash: 2096421f542774599d4069ddbf7e06096110918e146b1cf7183694ca98401603
                                                          • Instruction Fuzzy Hash: 7B11CE314097849FDB228F15DC85A52FFB4EF06320F09C4DAED854B262C275A848CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0504277A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 050427CA
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: FormatMessage
                                                          • String ID:
                                                          • API String ID: 1306739567-0
                                                          • Opcode ID: c103d5a87cb6b033474f30a3b5de5c45f5cb0dd4f4fdd64bc7d28a5e66dc282c
                                                          • Instruction ID: 700ac1196e63120523c317993cfe086bd20f94442b175866da87d9b22935ed65
                                                          • Opcode Fuzzy Hash: c103d5a87cb6b033474f30a3b5de5c45f5cb0dd4f4fdd64bc7d28a5e66dc282c
                                                          • Instruction Fuzzy Hash: AF01B172900200ABD710DF1ADC85B26FBE8EB88B20F14856AED088B645E671F915CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00F1A1C2
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: Startup
                                                          • String ID:
                                                          • API String ID: 724789610-0
                                                          • Opcode ID: 7322a7ea25f326f5e65f10a1222b96436c1f0d4bf50644208e49fa63d4c81449
                                                          • Instruction ID: fd82134822778e723efcf3f000f9ce57d887b0c5c23c28b14cac724f01c7657a
                                                          • Opcode Fuzzy Hash: 7322a7ea25f326f5e65f10a1222b96436c1f0d4bf50644208e49fa63d4c81449
                                                          • Instruction Fuzzy Hash: A501B171900200ABD710DF1ADC85B26FBE8EB88A20F14856AED088B645E675F915CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F1A58A
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: eefabafa44ec29ef3d6814ccd0fa063542efdaae57b57adc745e8505bf6263a1
                                                          • Instruction ID: cd721047fb3d89b1e6d8f7f5f63ba06314c006054d7e72b7786e93fb15186acb
                                                          • Opcode Fuzzy Hash: eefabafa44ec29ef3d6814ccd0fa063542efdaae57b57adc745e8505bf6263a1
                                                          • Instruction Fuzzy Hash: CB01C0728052009FDB218F55D844B56FFE5EF48320F08C8AAEE494B612C375E458DF62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateIconFromResourceEx.USER32 ref: 00F1B78A
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateFromIconResource
                                                          • String ID:
                                                          • API String ID: 3668623891-0
                                                          • Opcode ID: 3393a6924cbc0f15bbb20beaf5d87b61cb681d4b0aa8e6cc057f46b72ff07dbd
                                                          • Instruction ID: 05d95d1cffd63c6f2ae3164146ec75f87e91cc8a0c1c65da6798a8d08e759c98
                                                          • Opcode Fuzzy Hash: 3393a6924cbc0f15bbb20beaf5d87b61cb681d4b0aa8e6cc057f46b72ff07dbd
                                                          • Instruction Fuzzy Hash: 8E016D72800640DFDB218F55D884B96FFE4EF48320F18C8AEEE894A652D375A458EF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 05040264
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: 513d0483719b79f2f8cd7a9683deddf6e8b8e8555b31697f1462f49065496f9a
                                                          • Instruction ID: 3ee2c7aa00170f5210d0e4fc563dde96c104f1957805d22c7e34ea927a5eac61
                                                          • Opcode Fuzzy Hash: 513d0483719b79f2f8cd7a9683deddf6e8b8e8555b31697f1462f49065496f9a
                                                          • Instruction Fuzzy Hash: 840184B59012409FDB50DF25E98876AFFD4EF44220F08C4BADD499F682D275A444CE61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05041356, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 050413A6
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: Query_
                                                          • String ID:
                                                          • API String ID: 428220571-0
                                                          • Opcode ID: 0a338d44ad6b8b0a47fa6604041dcaa0d5dc6fd59594c6da083e2a031d624103
                                                          • Instruction ID: cecb5d9b9e84d34e7a68f9dba22cec9c329d810014dae9c335d7a08b18f8d9c9
                                                          • Opcode Fuzzy Hash: 0a338d44ad6b8b0a47fa6604041dcaa0d5dc6fd59594c6da083e2a031d624103
                                                          • Instruction Fuzzy Hash: 8901AD72500200ABD210DF1ADC86B26FBE8FB88B20F14855AED084B745E671F915CBE6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 05040FFA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 0504102C
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496841275.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: 784cb6670940aef06e3ead6615ebbace454851f86f6f6d7715b33ce6007176ce
                                                          • Instruction ID: a9dc584192d9a7a1f378198e034f9d13cf0af9d6d1064bcd58b6000db3e33018
                                                          • Opcode Fuzzy Hash: 784cb6670940aef06e3ead6615ebbace454851f86f6f6d7715b33ce6007176ce
                                                          • Instruction Fuzzy Hash: 4C0184B55012808FDB50DF59E88476AFFE4EF44620F18C4BADD498F642D2B5A458CF72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00F1AFEA
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID:
                                                          • API String ID: 2645101109-0
                                                          • Opcode ID: 758ada24b030ee062aef6a7c881f94431b03e7c04be192cbcb13b7afa1b63e9e
                                                          • Instruction ID: aa45702a5c770682dc5c7b86c7dd09a74d05dd40ee7726725316d4a67ee455df
                                                          • Opcode Fuzzy Hash: 758ada24b030ee062aef6a7c881f94431b03e7c04be192cbcb13b7afa1b63e9e
                                                          • Instruction Fuzzy Hash: 5A01D172500200ABD710DF1ADC86B26FBE8FF88B20F14815AED084B745E675F915CBE6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 00F1BBB9
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: a5788784e156c8bd03d9a91028a59341266a93d6db2ce2d217b18260afd66993
                                                          • Instruction ID: 2140ddf8ade030ec63dc96eb7dc9d1d2a93676ed3c30efe7fcc57d6a904b1a8f
                                                          • Opcode Fuzzy Hash: a5788784e156c8bd03d9a91028a59341266a93d6db2ce2d217b18260afd66993
                                                          • Instruction Fuzzy Hash: C101B176504240CFDB20CF16D884B66FFA4EF44320F18C49ADD454BA66C371A458EF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: closesocket
                                                          • String ID:
                                                          • API String ID: 2781271927-0
                                                          • Opcode ID: e5da67b84aec973c92cbebe6e68c51b56b6900d0ca25d5b5d132d53f0a68dfe5
                                                          • Instruction ID: 203caa4f8342663a65b0384ced037c0cbad32bae5d6828b0b7f82ea6f342a2c7
                                                          • Opcode Fuzzy Hash: e5da67b84aec973c92cbebe6e68c51b56b6900d0ca25d5b5d132d53f0a68dfe5
                                                          • Instruction Fuzzy Hash: FC01D1758012408FDB10DF15D8847A6FFE4EF44320F18C4AADD588F282D278A548DFA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,?,?,?), ref: 00F1B841
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 393c0fbbc4edeae63b2ae4015d8fa844c4f90800f78cecdbe330111961bdb281
                                                          • Instruction ID: 5b445c05734fbdc64821e8c343fea3d87c09a07001af00a122189c24f9f886c0
                                                          • Opcode Fuzzy Hash: 393c0fbbc4edeae63b2ae4015d8fa844c4f90800f78cecdbe330111961bdb281
                                                          • Instruction Fuzzy Hash: D801A271800244DFDB208F16D884B65FFA4EF08730F18C49AED494B262D375A459DFA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowLongW.USER32(?,?,?), ref: 00F1A926
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: LongWindow
                                                          • String ID:
                                                          • API String ID: 1378638983-0
                                                          • Opcode ID: f77322109b322809ff7b9376014425ef88da19475ed3e6edd3dbe59308ed772d
                                                          • Instruction ID: 33a3122e272c5ebc61b2d7d80b66a7eed47af112a0a2cfdbb2950faba60b56ce
                                                          • Opcode Fuzzy Hash: f77322109b322809ff7b9376014425ef88da19475ed3e6edd3dbe59308ed772d
                                                          • Instruction Fuzzy Hash: 3201D1718016448FDB208F15D885796FFA4EF04320F18C4AADE8A0B252C275A888EF72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(?), ref: 00F1A3A4
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: f44a61328a861a637157a4eb8f8a84cd264690639e512e80e2b04443826cedcc
                                                          • Instruction ID: 89acd1ee5ddf9679bf9379223680c8671dfe099df178cc67078ba34db4c2cfa3
                                                          • Opcode Fuzzy Hash: f44a61328a861a637157a4eb8f8a84cd264690639e512e80e2b04443826cedcc
                                                          • Instruction Fuzzy Hash: F7F0AF758012449FDB208F15D8847A9FFA4EF44320F18C49ADD594B656D27AA848DEB2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F1BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DispatchMessageW.USER32(?), ref: 00F1BE70
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492473345.0000000000F1A000.00000040.00000001.sdmp, Offset: 00F1A000, based on PE: false
                                                          Similarity
                                                          • API ID: DispatchMessage
                                                          • String ID:
                                                          • API String ID: 2061451462-0
                                                          • Opcode ID: f44a61328a861a637157a4eb8f8a84cd264690639e512e80e2b04443826cedcc
                                                          • Instruction ID: 690ad9c253a7039d4764a1be2f2e42b078b31d3aaa0c9d0cb26f352c5be08dc3
                                                          • Opcode Fuzzy Hash: f44a61328a861a637157a4eb8f8a84cd264690639e512e80e2b04443826cedcc
                                                          • Instruction Fuzzy Hash: 2CF0AF75804244CFDB209F16D8847A5FFA4EF44320F18C4AADE494B252D3B5A848DFA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F120D0, Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: r*+
                                                          • API String ID: 0-3221063712
                                                          • Opcode ID: e848a32f63699c827aee024676eb93e8d71b7be895b923df37f243b188cffded
                                                          • Instruction ID: f845c54789f0a80a5829497d712bd16ca1730e337d9ba4b333202fe328d43579
                                                          • Opcode Fuzzy Hash: e848a32f63699c827aee024676eb93e8d71b7be895b923df37f243b188cffded
                                                          • Instruction Fuzzy Hash: 34718231E08249CFDB54DFE8C9816BEBBB1FF45300F1184AAD502B7265EB34A942DB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F102E8, Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `5(r
                                                          • API String ID: 0-3683955166
                                                          • Opcode ID: 141c751a228885e512d3de32b7194eb2bf09ef1d78ea97c8311f5443ea0bf1d2
                                                          • Instruction ID: e73ef76ac38f211202f7e69ca905ac31ebc131528078945adf4da11fc820dfc2
                                                          • Opcode Fuzzy Hash: 141c751a228885e512d3de32b7194eb2bf09ef1d78ea97c8311f5443ea0bf1d2
                                                          • Instruction Fuzzy Hash: 70518E31B04205CFCB08DF68C4A46AE7BF2EF89310F148069D506AB7A6DF35AC82DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F12D58, Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 948a7346cb40b8cd5648c8d98b35a23fe699f41dd3c2bdbffe6131bd3a2f7ad9
                                                          • Instruction ID: dfb4c659ef437363d32eb6c63a6b3109873cbf365f9b8f0bda0ba4d47ccb0f48
                                                          • Opcode Fuzzy Hash: 948a7346cb40b8cd5648c8d98b35a23fe699f41dd3c2bdbffe6131bd3a2f7ad9
                                                          • Instruction Fuzzy Hash: 4541C331F481558FCB14CFE9C8C05AEBB62EBC1214B2A85BAC416EB665D735F8138792
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18E18, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 89b0321f289aa56e554711b82ec5984aa7abb4d0e70763d7478b31e944b69249
                                                          • Instruction ID: c66b15ca7fe8ba049dbc75ef0a3efd5b9e04a2935b30176d80e69b613a6fd1a4
                                                          • Opcode Fuzzy Hash: 89b0321f289aa56e554711b82ec5984aa7abb4d0e70763d7478b31e944b69249
                                                          • Instruction Fuzzy Hash: 5A41C471F04105CFCB10EFA5CA805AEB772EB84394F24CA66D415DB765E635F8438B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F11458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $g%r
                                                          • API String ID: 0-359987751
                                                          • Opcode ID: cd87a04a3e0b57f728dfec8eadf25d641d23c6848dcfe1e120cb1c83c7433d65
                                                          • Instruction ID: bb00a24d2b5e65251c045fc33d4d3b30afb356bb8aaa12a834fde6d4a2c9f6a3
                                                          • Opcode Fuzzy Hash: cd87a04a3e0b57f728dfec8eadf25d641d23c6848dcfe1e120cb1c83c7433d65
                                                          • Instruction Fuzzy Hash: 67513735A04258CFCB54DF68C994B9DBBB2BF88300F1040E9D50AAB366DB34AD89CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F11290, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $g%r
                                                          • API String ID: 0-359987751
                                                          • Opcode ID: 934e7c4283932119230bfe782d3e0718dca5de499711062de3132846b345353d
                                                          • Instruction ID: 0af676254658e7b340c54d04d7685c2ad3ea866f3a7be45efd22eb55a0296c47
                                                          • Opcode Fuzzy Hash: 934e7c4283932119230bfe782d3e0718dca5de499711062de3132846b345353d
                                                          • Instruction Fuzzy Hash: A4412775A04259CFCB64DF68D980B9DBBB1BF49300F0044A9D50AAB769DB30AD85CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F182C0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: r*+
                                                          • API String ID: 0-3221063712
                                                          • Opcode ID: 38d54626fc891e3321cf07fc00e6cdbdd38e86f20da10621feb08f1204b8d4f5
                                                          • Instruction ID: 766c0fe6f740924bac204aefddf99fb906ec6012d64f231790be2a35dc3d7955
                                                          • Opcode Fuzzy Hash: 38d54626fc891e3321cf07fc00e6cdbdd38e86f20da10621feb08f1204b8d4f5
                                                          • Instruction Fuzzy Hash: 57415D31E04209DFDB48EFA5C6466AEBFF1FF44340F14906AD416A72A0E735AA42DF52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1D947, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l&r
                                                          • API String ID: 0-2436013623
                                                          • Opcode ID: df55178f1a3bc5ee22ab93fc61d1b1ec883e11528ec000d24197a6b7b2f38791
                                                          • Instruction ID: 57386c57674b9027d9491c1e412767720e89fdaeb0dbb7fb567b16b6eed168d3
                                                          • Opcode Fuzzy Hash: df55178f1a3bc5ee22ab93fc61d1b1ec883e11528ec000d24197a6b7b2f38791
                                                          • Instruction Fuzzy Hash: E021C432B08218CBCB05DB6494143BEBBF5BBC9311F54446AD44AAB351EA31BD46D792
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F105B9, Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8bq
                                                          • API String ID: 0-187764589
                                                          • Opcode ID: 256d57ba4b3594910738ebdc358453d36c96a0e23b50dda6ba302d6d133c0254
                                                          • Instruction ID: e5c47748e639fbb91034d54b6465dbaefb18ac4d4c0fce1ab84d0a0684b32783
                                                          • Opcode Fuzzy Hash: 256d57ba4b3594910738ebdc358453d36c96a0e23b50dda6ba302d6d133c0254
                                                          • Instruction Fuzzy Hash: 0D01F4317440600FCA59267C24626FF27CB9FC9210B28403EF44AEB7C6DD699C8753E6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19CEF, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hu&r
                                                          • API String ID: 0-1342936641
                                                          • Opcode ID: 46959b4e79e6f602a22e4f988c3aa78708942e24b1657b7130d42da317eb7a18
                                                          • Instruction ID: 08571ee0a4d884443a0645789a1c194f16895b3d2626fbe2cd5d66aa0ed7b8c7
                                                          • Opcode Fuzzy Hash: 46959b4e79e6f602a22e4f988c3aa78708942e24b1657b7130d42da317eb7a18
                                                          • Instruction Fuzzy Hash: C9F0F9627081905BC641267D5C709B97F96AFC63207644369E459CF2E6ED509C0693A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F105C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8bq
                                                          • API String ID: 0-187764589
                                                          • Opcode ID: 23ee6d2e521cb5f07534205a78465c57823e101a64a69a94f8558ae1a957e970
                                                          • Instruction ID: aa2390f5ad78cbc672971fbea29ebf758f9c6596fdcf34bcff6851cef2104aa3
                                                          • Opcode Fuzzy Hash: 23ee6d2e521cb5f07534205a78465c57823e101a64a69a94f8558ae1a957e970
                                                          • Instruction Fuzzy Hash: C8F0B4317005244FCA49367D64125BF62CF9BC8651B68442EF10AE7795DD75AC8313E6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F14710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: X1(r
                                                          • API String ID: 0-3909273932
                                                          • Opcode ID: 70c5770d56e26379feabc2f91e569758f64ce8dd979366e2099627ab8127e9e1
                                                          • Instruction ID: b2d9d7fc41504d8ef9232f3233f19c66ab208e95e057c7bede68eb711253125a
                                                          • Opcode Fuzzy Hash: 70c5770d56e26379feabc2f91e569758f64ce8dd979366e2099627ab8127e9e1
                                                          • Instruction Fuzzy Hash: EFF0E9333412508FCA2566FD58103BE72CA9BC6765F55007EE20AD77A1ED76E84393A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16FF0, Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hu&r
                                                          • API String ID: 0-1342936641
                                                          • Opcode ID: ab73adbd18b5efb7341cd27598a961a9516d13cf06916d4ee6447bd8c597ffdc
                                                          • Instruction ID: 3243091a17a90ebcd32d3513bd43cd5fd8e9af6508667211b85e04b565d1d38b
                                                          • Opcode Fuzzy Hash: ab73adbd18b5efb7341cd27598a961a9516d13cf06916d4ee6447bd8c597ffdc
                                                          • Instruction Fuzzy Hash: 4BF0467270825046C7507ABC6C507BC2B96ABC5320B64436AA41EDF3DAEE209D0653A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17000, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hu&r
                                                          • API String ID: 0-1342936641
                                                          • Opcode ID: fd2b96ac597ddc6f3cddb4c0858ae69d6990e211c502248e014e6655c8ba3cbb
                                                          • Instruction ID: 50694697440b887f901b61c68cf474190ded02aeef8e15c58fd86e6176a0779f
                                                          • Opcode Fuzzy Hash: fd2b96ac597ddc6f3cddb4c0858ae69d6990e211c502248e014e6655c8ba3cbb
                                                          • Instruction Fuzzy Hash: AAF0523230821043CA5476AD6C90A7E7ACBEBC4330760433DA41E9F3D9EE11EC0213A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15AA1, Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l&r
                                                          • API String ID: 0-2436013623
                                                          • Opcode ID: f79d4b64356bc51673f0d5f3b229854f061e68531116c1df07ac28af2c369039
                                                          • Instruction ID: 245e823143e488737790b0e2930807d505cc6cdde728e6498321492b971d4c94
                                                          • Opcode Fuzzy Hash: f79d4b64356bc51673f0d5f3b229854f061e68531116c1df07ac28af2c369039
                                                          • Instruction Fuzzy Hash: 40E092607C92A01FDB135B782C605AD3F648DC525030404A9D846CB293DD08881B93D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15AB0, Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l&r
                                                          • API String ID: 0-2436013623
                                                          • Opcode ID: e2b1aba65af191ff626d5ed3ee019678c32f6a1fc2d8b8a2cafd1b2a4e048bb9
                                                          • Instruction ID: c7bf56e947a2fa5a17baaa3ef22b5f2e990091b8880c14f013eeef68c2e7b758
                                                          • Opcode Fuzzy Hash: e2b1aba65af191ff626d5ed3ee019678c32f6a1fc2d8b8a2cafd1b2a4e048bb9
                                                          • Instruction Fuzzy Hash: 38D0A765781638276E557AB96C1067F374D9EC4B513404428E406CB381ED19DC4353D5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15BC0, Relevance: .2, Instructions: 241COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 495f22f14d7b75f4aa273e2d37a827f605c670ed965610fd8576e5320a66b5f7
                                                          • Instruction ID: 359143afc94a858344cb4658b4babdb8313320ceaf814a50741b6945e74dfef3
                                                          • Opcode Fuzzy Hash: 495f22f14d7b75f4aa273e2d37a827f605c670ed965610fd8576e5320a66b5f7
                                                          • Instruction Fuzzy Hash: 3E814C31A00619DFCF15DF24C89069AF7B2BF85304F15C5A5D90AAF225DB71BA8ACF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1A78F, Relevance: .2, Instructions: 233COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6113309de68dff0143396ebfab044f8699c807aa1f1fea5bcd3d5d6a9cf20b0
                                                          • Instruction ID: 5461cb6603ead1555d96f76d7c61490beb97c99dadfdf255b19364503ff3d0df
                                                          • Opcode Fuzzy Hash: d6113309de68dff0143396ebfab044f8699c807aa1f1fea5bcd3d5d6a9cf20b0
                                                          • Instruction Fuzzy Hash: 3181F430B00516CBD704EBA8C8A1AAE7BB6FFC4304F50856CE105AB395DF35AC56CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E528, Relevance: .2, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 585aeccef5569e104fe3479a675da73539517d097460220765272d3cc7b8bec1
                                                          • Instruction ID: 008e62d85bdcc5506e38b62ffdb1a91980baa68f7e48043e27f78744e390c9c7
                                                          • Opcode Fuzzy Hash: 585aeccef5569e104fe3479a675da73539517d097460220765272d3cc7b8bec1
                                                          • Instruction Fuzzy Hash: 0D711535A00605DFEB14CF69C494BAEBBF2AF48324F548559D816A77A0DB31F882DF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DDC0, Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 61c478ae20283667d78fc2a2687e55de3cf789c02a445de492cbf479b2ae2e7e
                                                          • Instruction ID: ebb82ca8a0a79685a94183683889b0da43b1a3089c038cb94c3cb93ac0d3fa83
                                                          • Opcode Fuzzy Hash: 61c478ae20283667d78fc2a2687e55de3cf789c02a445de492cbf479b2ae2e7e
                                                          • Instruction Fuzzy Hash: FD518E32A00119DFCF04DF94C9809AEBBB7FF98300B158469E506AB265DB31FD46DB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17168, Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a7888a59cf89501f8444b1ef6c4cf0abf863a6552cbba9ef86e105f35e1a6ce
                                                          • Instruction ID: b8ecead6309d7b0fe83f57656d4de2cc596117a3268447d3d870f345842b3fa5
                                                          • Opcode Fuzzy Hash: 0a7888a59cf89501f8444b1ef6c4cf0abf863a6552cbba9ef86e105f35e1a6ce
                                                          • Instruction Fuzzy Hash: 2831F732A0065ACBDF11DF54C8546DABBB2EF89304F518494D90DBB215DB707A8ACF81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16CD0, Relevance: .2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 653437dfa4a6fe9a528399209e1489c4a0d69581a76b1274368e792f3f0cbb5b
                                                          • Instruction ID: beeb48d86699eab0e781be80d9dd7d1b97b7047ab7071358644ae0bf5bad4006
                                                          • Opcode Fuzzy Hash: 653437dfa4a6fe9a528399209e1489c4a0d69581a76b1274368e792f3f0cbb5b
                                                          • Instruction Fuzzy Hash: 8C515C72B002158BDB58EBB9C4506AEB7F3AF88314F148569C80AEB355DF31ED42CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17D68, Relevance: .1, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f08f27825561170b8900da03fe0173b95c4489c6bcc63821e07f04673e31b45e
                                                          • Instruction ID: 9cb9928d173270891cb6c0fe076268c32e63c7dfa91df6bc92cfcd0ac05c1e9b
                                                          • Opcode Fuzzy Hash: f08f27825561170b8900da03fe0173b95c4489c6bcc63821e07f04673e31b45e
                                                          • Instruction Fuzzy Hash: 1A51E376D00618CFCB15EFA8C98469DFBF1FF48310F20856AD45AA72A4EB316946CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17791, Relevance: .1, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b29b101e2c2795c5f86b9ed9571aaa3526d76590bc71458c5af9162a1895ae85
                                                          • Instruction ID: fddb654eb525c6a580d35f9e2ed2ed0fe08fbc89ca6106c795250e91aa1c070c
                                                          • Opcode Fuzzy Hash: b29b101e2c2795c5f86b9ed9571aaa3526d76590bc71458c5af9162a1895ae85
                                                          • Instruction Fuzzy Hash: 7E514D34A04215CFCB14EF74C584AADBBF2BF84314F6086B9D44A9B665EB35AC42CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C888, Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4714c0370929d494c5d9cb885757c26994e4ef8ef1c9bb162ab905df98962ae0
                                                          • Instruction ID: 91d18c29373e7229572df3bb6d7b714706f27e6ae3ed0653ee3505f99d42c8f2
                                                          • Opcode Fuzzy Hash: 4714c0370929d494c5d9cb885757c26994e4ef8ef1c9bb162ab905df98962ae0
                                                          • Instruction Fuzzy Hash: 6341D331A40785DFD724EF79C8945AABBF2EB88314F54C629C456973A0DB30B8039B54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10BC0, Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44ba743933aa9129e680e28b5840bd407c58ada32e9300bcac3bd1b636dd1081
                                                          • Instruction ID: 34ad76a97bb45178e02f1395a263da47d5db68438ef0e6b1a5aa67de78c393a4
                                                          • Opcode Fuzzy Hash: 44ba743933aa9129e680e28b5840bd407c58ada32e9300bcac3bd1b636dd1081
                                                          • Instruction Fuzzy Hash: 9B411A32B05104CFC7158F2CC414AAE7BE6AFC5300F15806AE906EF7A5DEB6AC46DB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10682, Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a3fe39895e381dd4d2f9977e4c10ff2f5e27ec4f1b9a149fee8e6c9f92bc18d
                                                          • Instruction ID: 6a47ce8a0b728a4238bc3c3b80b2eebd1e7b7eca13d9220429455f02b2cc9ecd
                                                          • Opcode Fuzzy Hash: 2a3fe39895e381dd4d2f9977e4c10ff2f5e27ec4f1b9a149fee8e6c9f92bc18d
                                                          • Instruction Fuzzy Hash: 46414731609358CFC724BB78EC1966D3BA6BF84701B144969F402CA2B5DF749C83AB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17FA0, Relevance: .1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eda01d721e4e237874ac6923c07d5412aa596853007bb4bb31aebfbc63ab0d91
                                                          • Instruction ID: fd06106d13f2ea7cbdd35cedc553c5681470cdcf523c70c6a8cf4f5ef82ffd54
                                                          • Opcode Fuzzy Hash: eda01d721e4e237874ac6923c07d5412aa596853007bb4bb31aebfbc63ab0d91
                                                          • Instruction Fuzzy Hash: 48419E32B0411ACFC700EF68D6849AEFBB1FF84354F148566E4168B261E731F856CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16850, Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a6c63d8d75448450ca8e46ab5ec754fd6c7a870a8680651323caea841c17b36e
                                                          • Instruction ID: a1db36acd045006e0bb20cb15d6c058f9961df00f58e3f5e6a3f79cb423355ff
                                                          • Opcode Fuzzy Hash: a6c63d8d75448450ca8e46ab5ec754fd6c7a870a8680651323caea841c17b36e
                                                          • Instruction Fuzzy Hash: 3241D036B41640CFC715ABB895505AEBFF2BB8C21575440A8E806A7787CB36EC42CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18CB8, Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49335588d79cd6437f769ad2de0dce4fdfc01ea8342b017c52cf1714dae90924
                                                          • Instruction ID: 9507bc9f15fda1359649de9486d65f65dbea1d6273921c41d701b8b6e5357001
                                                          • Opcode Fuzzy Hash: 49335588d79cd6437f769ad2de0dce4fdfc01ea8342b017c52cf1714dae90924
                                                          • Instruction Fuzzy Hash: 9B41E23170D3D1CFC305A728C6948697FF5AF52280F0984AAE496CB6B2D765A80BD752
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16860, Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7fdb3f2c4a35e69493dadf27abdfeb9f4ad3248d5cc17efae8ed7235636a96fd
                                                          • Instruction ID: 718acbc416f35cd39f69614e4f9fbda5f4b4baecf5717232d7126ab0e9a9cc5f
                                                          • Opcode Fuzzy Hash: 7fdb3f2c4a35e69493dadf27abdfeb9f4ad3248d5cc17efae8ed7235636a96fd
                                                          • Instruction Fuzzy Hash: A341DE36B41240CF8705AFB8954046EBBF2BB8C21575440A8E80AA7787CF36EC42CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1AB30, Relevance: .1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7a183fcba357fa3cb138fdcbc6887616f0146e05d469c0804b1add1ffd8995b1
                                                          • Instruction ID: 4ffe55487381049aa7ee240cb6dc40abf3a29c8c1b549b7fbb42d9afc762bc93
                                                          • Opcode Fuzzy Hash: 7a183fcba357fa3cb138fdcbc6887616f0146e05d469c0804b1add1ffd8995b1
                                                          • Instruction Fuzzy Hash: 09318471F006648BC718DAADC8905AEBBF2FF88314B14442DE45AD7790DA35ED428B95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DDB1, Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c9e6d3e178113259fd8f385c8689812de6c018fb8b9b4307abd628c943ae1fe
                                                          • Instruction ID: 2a90bb90d0da7231900aa7c921ed52e5f4476fd6ad34b2369734399579169668
                                                          • Opcode Fuzzy Hash: 2c9e6d3e178113259fd8f385c8689812de6c018fb8b9b4307abd628c943ae1fe
                                                          • Instruction Fuzzy Hash: 0A318032B04218EFCB05DF94D8849EEBFB7BB98301F054469E506AB261EB31BD46DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F102DA, Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0742a3b0a2c11889301ffb3507f04a097112f17a3b733ef2b3cb0e604e3c6e55
                                                          • Instruction ID: 2103418d706cbaace9e6635db6434e077ba1c56e8006923c6a82f5ba827da30a
                                                          • Opcode Fuzzy Hash: 0742a3b0a2c11889301ffb3507f04a097112f17a3b733ef2b3cb0e604e3c6e55
                                                          • Instruction Fuzzy Hash: D9316930F002158FDB18DF68C5A4BAE7BB2EF88310F144469D502ABBA1DF75AC82DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1CC60, Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a5ea22d2a1c12272532fac83996ce553a07fcaf511be51dce25cbd6bd9f297e
                                                          • Instruction ID: d8aaa5721ee53118a0dc2e9ef73e9c8eef440401e3103218613a1054c014b5a3
                                                          • Opcode Fuzzy Hash: 0a5ea22d2a1c12272532fac83996ce553a07fcaf511be51dce25cbd6bd9f297e
                                                          • Instruction Fuzzy Hash: 7B41B075E40289DFCB54CFA9C480A9DBBF1BF49314F248469E415AB361E731A883DF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DC99, Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e9ceb37fde06025d2cc813aad239a63473accd8537f2cb9c2efe360699400c3
                                                          • Instruction ID: 9032d2f0b3c79a911e7345c7e2b0e1d19aab4f49cd83b90ced8c14cd1afc8349
                                                          • Opcode Fuzzy Hash: 5e9ceb37fde06025d2cc813aad239a63473accd8537f2cb9c2efe360699400c3
                                                          • Instruction Fuzzy Hash: D0313976B05205DFCB54DFA8C5446AEFBF1BF88210F258569D40AA7361DB31BD82CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10006, Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15c95700d841450e08f3391e118d97e78ac373d0c9066aba869d5acc0cc4292d
                                                          • Instruction ID: 2ee928cadf91b2016815b00ffab762efea33f113941fdf2d3bf7a366be18e3c7
                                                          • Opcode Fuzzy Hash: 15c95700d841450e08f3391e118d97e78ac373d0c9066aba869d5acc0cc4292d
                                                          • Instruction Fuzzy Hash: DC3161B190E381CFC706AB7498A50583FF1EF42214B4584ABD481CF5A7EA389D4BDB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F143C0, Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b267669075f81d210b9b30f7bbd9ef715ea13d5349277ed7db98b5adc699268
                                                          • Instruction ID: be4d7925d3121ab959f5282e1134ad7acfd6b96e48ca6d58b0bb2c12dc8ded7b
                                                          • Opcode Fuzzy Hash: 1b267669075f81d210b9b30f7bbd9ef715ea13d5349277ed7db98b5adc699268
                                                          • Instruction Fuzzy Hash: D731C137604159CFCB01EF68ED4489E7BB2FF84304B1440A8E4029B3BAD735A817EB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F145C8, Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 77318f97203e5df9c876c099aa1ca99b11c79c532826a94248fc4d8d8d337e0c
                                                          • Instruction ID: ac3da38b492f069bc2f84ab03c6811c686609168280f4a3649db7cc889268041
                                                          • Opcode Fuzzy Hash: 77318f97203e5df9c876c099aa1ca99b11c79c532826a94248fc4d8d8d337e0c
                                                          • Instruction Fuzzy Hash: 1D21A272F001199FDB00DAA9DD51AFFF3B9EBC8348F104129E619D3250EB70A9169FA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E818, Relevance: .1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e29382e14d61256a8dc365019ef443ba248bad9a347ba3afb1966abc4bd467b9
                                                          • Instruction ID: 5b33631ee440f8d94eb1085a258b48908c1ff6debe086f1b3e024c554b48c410
                                                          • Opcode Fuzzy Hash: e29382e14d61256a8dc365019ef443ba248bad9a347ba3afb1966abc4bd467b9
                                                          • Instruction Fuzzy Hash: 61412B31A04B51CFE379CB2AC544366BBF1BF84315F58886DC49686A60DB76B446DF00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C8F0, Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fff89ffba3f5a1cc94ac12b62132d7e86ee647c0aa75a601d63c1ec20f8f4d0
                                                          • Instruction ID: c8859bfd5f02572db0cab6068b58132d1dea55927fe7780f86bbd9eea7b54678
                                                          • Opcode Fuzzy Hash: 2fff89ffba3f5a1cc94ac12b62132d7e86ee647c0aa75a601d63c1ec20f8f4d0
                                                          • Instruction Fuzzy Hash: 0A318F72A40689CFDB14EFB5C85466EBBF2EB88310F54C529C442A73A4EF34B8439B51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F150E0, Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21d04287d0510763b71abf3bc249833d21a02d75a4229cdb779a747aa932960b
                                                          • Instruction ID: e3e2d118288d2d6f02804ab1c599d52d9d5c7a0766eaa5e2615c4debc1528b20
                                                          • Opcode Fuzzy Hash: 21d04287d0510763b71abf3bc249833d21a02d75a4229cdb779a747aa932960b
                                                          • Instruction Fuzzy Hash: 56216B71A003099BDB05DFA9C8146AEFBF6AFC9304F114429D40ABB365EB70A946DB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16CC2, Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 286529f4fa2603e87223bada027d6fff7746e4ede16df3dcbc2fc91e4055c0bc
                                                          • Instruction ID: 47d3bfa67ed3c61c47bdeadc28c9b6da4d8fed67567995e126f018eda0723874
                                                          • Opcode Fuzzy Hash: 286529f4fa2603e87223bada027d6fff7746e4ede16df3dcbc2fc91e4055c0bc
                                                          • Instruction Fuzzy Hash: 0D314B32E002598FDF04DBB9C99459EBBF2AF88304F148569C806EB365DB30AD07CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E207, Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cb6360f8a75bbcae0a19c31298a4d9e891c0251904db2bb17464813ab660a21
                                                          • Instruction ID: d5ecd190bbad5fa5913259d93a34303629e5083f0441b3bbc1de4252b43ad324
                                                          • Opcode Fuzzy Hash: 4cb6360f8a75bbcae0a19c31298a4d9e891c0251904db2bb17464813ab660a21
                                                          • Instruction Fuzzy Hash: F0314971B00245CFCB54DFA9C5956AEBBF2AF88200F504529D906E7790EA36E846CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DAA8, Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f047d2b123694e7eedfe7e172a4f96f6d78fcafafc9e3142aa9eb27de213743
                                                          • Instruction ID: 84f83a3f153a1a507bd7500eb2b6279767539dc3027c715564f7887e300f36bd
                                                          • Opcode Fuzzy Hash: 2f047d2b123694e7eedfe7e172a4f96f6d78fcafafc9e3142aa9eb27de213743
                                                          • Instruction Fuzzy Hash: F4313A307007068BC755E77884A126E77E3BFC5315B68896CD0869B790DE7AE807DB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18108, Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81eef8b1dea507a1d6f679a18c2757210504cdc92f67650b459b0e85f67d7409
                                                          • Instruction ID: 6ce9546583b8e1213e1a1c48d1bc48be0cd09b42e8a6dc534c48b8ec423ea78d
                                                          • Opcode Fuzzy Hash: 81eef8b1dea507a1d6f679a18c2757210504cdc92f67650b459b0e85f67d7409
                                                          • Instruction Fuzzy Hash: AE31CE32B14200CFDB09BB78E56846D3FB2EB8535131484A9E016D73A5EF39DC82DB41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F143D0, Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b47f2adf3ab5034871f6f64a4f88146774bfbb1afeda1d9015c08a61c8868a0
                                                          • Instruction ID: 90731235368554ca0980170ea0491fc648d7c1a86738f7f844fffd2552a377ed
                                                          • Opcode Fuzzy Hash: 8b47f2adf3ab5034871f6f64a4f88146774bfbb1afeda1d9015c08a61c8868a0
                                                          • Instruction Fuzzy Hash: EF31A037600159CFCB05EF68E94489E7BB2FF88304B1484A4E4069B37ADB31AD16EF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16684, Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01146e047c7b09558982f715254cd72787ea39865b4bb0c9b1207e99f746b203
                                                          • Instruction ID: 93a83da187dfeb315c3a2bd87e03ddc919fd5c5bfe302aefeb1e97bc010e9015
                                                          • Opcode Fuzzy Hash: 01146e047c7b09558982f715254cd72787ea39865b4bb0c9b1207e99f746b203
                                                          • Instruction Fuzzy Hash: 2031BE35280651CFC744EB74D56509D3FA2EF8530475486ACE00BDB396DF3A984BCB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19F28, Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc3ab7404000fe0537cde19628804ef8ef503ef3606981ad1106fc755cf76fcc
                                                          • Instruction ID: fbb0de9de1072341ab4f8897324c7b47d9e4a6bb53250e5b3309d6c598464648
                                                          • Opcode Fuzzy Hash: bc3ab7404000fe0537cde19628804ef8ef503ef3606981ad1106fc755cf76fcc
                                                          • Instruction Fuzzy Hash: AC218371B04315EBCB14DF74D861EAEB7B5BB88740F108929E006AB254EB71B842D7D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16F10, Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dac9ab61938051260d28d9b61de3384c1e525806381b057aeeaa32ec7c79f149
                                                          • Instruction ID: 502513046d4deb8a18e6b023d498fcc4dea2270d7bc9d2a4bd7fb79067e6638f
                                                          • Opcode Fuzzy Hash: dac9ab61938051260d28d9b61de3384c1e525806381b057aeeaa32ec7c79f149
                                                          • Instruction Fuzzy Hash: 4F212632B001405BDB08ABBA8850A7FBBF69FC9304F51447DE406DB3A6ED71AC069361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F121E9, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 239e03752279fb6d978a93978257373aa2bbaeec0cb54fe861168fd547b66dbd
                                                          • Instruction ID: cdbeeaaec5dc76a953feb9e466095135bf18dff262f2fc0114323181146447f0
                                                          • Opcode Fuzzy Hash: 239e03752279fb6d978a93978257373aa2bbaeec0cb54fe861168fd547b66dbd
                                                          • Instruction Fuzzy Hash: DF317C31E08289CFDB54DBE8C5406BDBBB1FF55300F1144AAC402A72B1E634AA46EB42
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F125DE, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f35e5f982740e49694e652b3e6c755eb8ecc55154ae801da8a1faee030ee202
                                                          • Instruction ID: a9d426d342c6556ba8b729d53fa4f3f080418080a42e02be3b77d00168c5492e
                                                          • Opcode Fuzzy Hash: 4f35e5f982740e49694e652b3e6c755eb8ecc55154ae801da8a1faee030ee202
                                                          • Instruction Fuzzy Hash: CA319EB1E00249CFDB60DFA5D95075AFBF2BF84314F11C169C004AB2A5DB78A54ADF42
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F182B0, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c96b600cf28f6746b653a25d8fbdae313823b638e818a27ca274b3da2f34a9f0
                                                          • Instruction ID: 3e4bb2e9be093d6ce84b52b939cc039dc2518f79f9a0a5d8143b0c83bb8bc2a4
                                                          • Opcode Fuzzy Hash: c96b600cf28f6746b653a25d8fbdae313823b638e818a27ca274b3da2f34a9f0
                                                          • Instruction Fuzzy Hash: B3318F31E08205DFCB44EBB4C2556AEBFB0EF44340F18546AD406A73A0E731A942DF52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F186A6, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7c452706ddee8d134cf7bca48730c341aa752a376406b2f817171644729d4df9
                                                          • Instruction ID: 12d33efd1dc8c2262a36da6b3e2fe7e13cc373326fcfaa21cc673e61d4906772
                                                          • Opcode Fuzzy Hash: 7c452706ddee8d134cf7bca48730c341aa752a376406b2f817171644729d4df9
                                                          • Instruction Fuzzy Hash: 03319675E00209CFEB60EF66C24675ABFF2BF84304F14C269D0159B6A4DB74A486CF81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1CE10, Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b5d1a94520d6d917baf883fcb171ccadd8d4b42e463fb32747a684c7ea3517c
                                                          • Instruction ID: 7b1d8bf1ab3c5e707ea98abf0dd53ed8d2092dfae3a31f8215200a097caf5320
                                                          • Opcode Fuzzy Hash: 8b5d1a94520d6d917baf883fcb171ccadd8d4b42e463fb32747a684c7ea3517c
                                                          • Instruction Fuzzy Hash: 0E219F71705391CFCB459B38955409D7FB1EB9A30872888EDE00ACF396DB769947CB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F14F10, Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abc885f1cb18b7f6ddc7eb0df180a1d17eba24d1f0c5c3574dafc16e44e81384
                                                          • Instruction ID: c267f4e7e386304a62af5fbc5c305bbd30181c29202298f79460967daac960b7
                                                          • Opcode Fuzzy Hash: abc885f1cb18b7f6ddc7eb0df180a1d17eba24d1f0c5c3574dafc16e44e81384
                                                          • Instruction Fuzzy Hash: 7421C0373096958FC304EB75EA909793B62FBC4351B14856AD0438B76EEB34B807E792
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F148B9, Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae5d947afc9994773b21de3fcbe346065f9ad718a1a8ca1ef74617726ea673b4
                                                          • Instruction ID: 02950a5eb54020267764fde81b9ad94f9e41d5e14e5b48a1a58824a9be9ef7e2
                                                          • Opcode Fuzzy Hash: ae5d947afc9994773b21de3fcbe346065f9ad718a1a8ca1ef74617726ea673b4
                                                          • Instruction Fuzzy Hash: 24110A32F041559FCB05DA78C8505EE7BB6AFC5310B44407AD806B7291EE246D0B9790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F150D0, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa80584ae2585d65ad8334d3ffb2e53dc679a6a00e15069a427b07358c0cc7f2
                                                          • Instruction ID: 3080eff012844deab637e60c31054e3d1a520396e2e5752aa65717e56cde1b5b
                                                          • Opcode Fuzzy Hash: fa80584ae2585d65ad8334d3ffb2e53dc679a6a00e15069a427b07358c0cc7f2
                                                          • Instruction Fuzzy Hash: 22114932E043499FEF01CFA4C854AEEBFB2AF89314F104429C809BB265E775654BDB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1ACBA, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65d36df8e56777860e8b7252ca65cdda56c6373e913aed7d1d3c312ffe6371b9
                                                          • Instruction ID: 05cd94c67897939c25f7d4f0697df3a518a9ccb354d85dacc79a93c67f56454a
                                                          • Opcode Fuzzy Hash: 65d36df8e56777860e8b7252ca65cdda56c6373e913aed7d1d3c312ffe6371b9
                                                          • Instruction Fuzzy Hash: 7F117A32A0A6905FC7264668982459D3F74EF83761B1A406FD4009B292DA25AD06C7AA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16F20, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2570bdb44a952065f52f297029eb0d7a057447a3742a33ae9a282cc4a712c9b
                                                          • Instruction ID: ae8dcfb96ebed562c714204cc71576315ae0b652682d196f51b5caa82291a7f5
                                                          • Opcode Fuzzy Hash: b2570bdb44a952065f52f297029eb0d7a057447a3742a33ae9a282cc4a712c9b
                                                          • Instruction Fuzzy Hash: DC1108327001016BEB08B7BAC85097FB6EB9FC9704F51453DA007DB365ED71AC0693A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19F18, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 157d4d5842f866136f8c9853c424637f1163481c6534957e7f337d3d9b3820af
                                                          • Instruction ID: d25977c4be3fe7488fe48c9149dca5104cde34e463e6b67d441d81a1f0ae4116
                                                          • Opcode Fuzzy Hash: 157d4d5842f866136f8c9853c424637f1163481c6534957e7f337d3d9b3820af
                                                          • Instruction Fuzzy Hash: B0213371F04214AFCB149E74DC61EAE7BB5AFC8740F104569E402EB2A5EBB1E802E3D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F121F8, Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b5f45cdfca741ecb2cbd4d7daf604071a4f63ce05c51ba2bb01e0c06f5846f93
                                                          • Instruction ID: 88a27ddb19010439eb7622ba70531a53c1cd62a8565fd1466208b2f56373eb7c
                                                          • Opcode Fuzzy Hash: b5f45cdfca741ecb2cbd4d7daf604071a4f63ce05c51ba2bb01e0c06f5846f93
                                                          • Instruction Fuzzy Hash: 0B213D71E08249DFDB54DFE4C5456BEBBB1FB45300F1144AAC402A72B0E735AA46EB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1AB20, Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1995f3c6d3c19c982ca51cc1ee9ec289260e4263cd797028f6b20f4255ec7da2
                                                          • Instruction ID: 69089d872ba28e122172abb6f8877995ed148060cba0945b2d7293c9b0eb3f4a
                                                          • Opcode Fuzzy Hash: 1995f3c6d3c19c982ca51cc1ee9ec289260e4263cd797028f6b20f4255ec7da2
                                                          • Instruction Fuzzy Hash: 9721A1B5E012658BCB05CF98D8944AEFFF2FF88204B10852AE455E3250D634A941CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E0B0, Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 660d117554ca6896afa33e138d0c00d66e0305c7df279d7cae805211599fb9fb
                                                          • Instruction ID: 95177b15755440a3a646f80194ca8031bba9f85259ac681e05a79a2bf2035d18
                                                          • Opcode Fuzzy Hash: 660d117554ca6896afa33e138d0c00d66e0305c7df279d7cae805211599fb9fb
                                                          • Instruction Fuzzy Hash: 0F215E32B00104DFCB58DFA989419AEBBF5EB48210B20806AE806E7650E731BD02DB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15000, Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f322c013786efe2b2f480839762e78e432cc885b5496d90baffccb40ccc291b
                                                          • Instruction ID: 7be6c029099f665644192ba4df7fa60d410602ace6ff0e67c51418b67cca7844
                                                          • Opcode Fuzzy Hash: 9f322c013786efe2b2f480839762e78e432cc885b5496d90baffccb40ccc291b
                                                          • Instruction Fuzzy Hash: AB11B132B042169FCB44EFF8995026E7BE1ABC8210B554079C90AEB355EF30A9039BD6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F14511, Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef0ed63e1058b5c5bdbb486160ce3aec76bb59abf88160645b43080c9bc9c668
                                                          • Instruction ID: 0fd011a928fd0f4a93845b13e9c26d1133e24659e2a2510e35b554ed1492d20e
                                                          • Opcode Fuzzy Hash: ef0ed63e1058b5c5bdbb486160ce3aec76bb59abf88160645b43080c9bc9c668
                                                          • Instruction Fuzzy Hash: B4110A33F081418BCB05DA5994101FFBBB29FC6311F05407EDD07DB360DA65A806C791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E0A1, Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 945057dc116e81a62a6f81deb0704f5e02949302b0fd594ec2c9de927089d4ef
                                                          • Instruction ID: d1b378a9080576371211bfd4511d323e6d1bfa49e2e8b0b90e94783200d5526c
                                                          • Opcode Fuzzy Hash: 945057dc116e81a62a6f81deb0704f5e02949302b0fd594ec2c9de927089d4ef
                                                          • Instruction Fuzzy Hash: 4D117C32A00109DFCB54CF59C9459FABBF5EB49310B11806AE84AE3620E331B947DB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1BFD8, Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1d1fb5f9bb91568d8027678c4a5088ca02c7d5c1aa123312db398b345849a0a
                                                          • Instruction ID: d9dcc2b1c9132264e5d0a5b6b536a4cb6854d2cdb918615e06a66170d128f544
                                                          • Opcode Fuzzy Hash: f1d1fb5f9bb91568d8027678c4a5088ca02c7d5c1aa123312db398b345849a0a
                                                          • Instruction Fuzzy Hash: CA114C707407408FC715DB2CC48486ABBF6FF8922035685AAE46ACB7A1DB31EC05CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C368, Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cebdce15364713b168842133e5e4bd83409d7c7e026fbdcf8cc34bef1e78ce1c
                                                          • Instruction ID: 3a484cd1c9efe6ec429b5e6962bc38ae439eaff711d956c9612ddf6803795bd1
                                                          • Opcode Fuzzy Hash: cebdce15364713b168842133e5e4bd83409d7c7e026fbdcf8cc34bef1e78ce1c
                                                          • Instruction Fuzzy Hash: B8119171B041509BC758EB69C850AAEB7E79FC8750B188079E80ADB3A5DF32FC139791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0295087C, Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.493083150.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e5db1d0139861fee06b3c9114d673821e4fed7faa1edcacf8d0f9a02d5fd2a4
                                                          • Instruction ID: c355b9385970a3084ff92ef451e927d2a1fbe0eac400b740794b16e79668f987
                                                          • Opcode Fuzzy Hash: 5e5db1d0139861fee06b3c9114d673821e4fed7faa1edcacf8d0f9a02d5fd2a4
                                                          • Instruction Fuzzy Hash: F311CD31204684DFE705CB24C950F26BBA5AB88708F24C9ACEA491B682C37B9813CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C498, Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d23264f96a3920c0a9fb16de412d1474dba377202eb2c8417a7bda00cedca38
                                                          • Instruction ID: fd15247cc99b91edb0b59099ccb97a81e78ff8ba08928cbd9bb763f0f65ef61c
                                                          • Opcode Fuzzy Hash: 1d23264f96a3920c0a9fb16de412d1474dba377202eb2c8417a7bda00cedca38
                                                          • Instruction Fuzzy Hash: 9011C471308690CBC308A728955047EBBA29FD5314744C86D905B9F391EF36EC479B56
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C080, Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1acb4746603decdfd1b040320e2ec3fa108b67559e34b2e91d9ecd220e650f3
                                                          • Instruction ID: 74f3f73b94ce5e73e4029bd0a6f0dbf7c3e93493cc0a83779a8fbaa524aa784c
                                                          • Opcode Fuzzy Hash: d1acb4746603decdfd1b040320e2ec3fa108b67559e34b2e91d9ecd220e650f3
                                                          • Instruction Fuzzy Hash: 7D11CE36350660DFD745AB38945472E3FA7E788701F0905A8E456DB389CE35DC82CB84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 02950844, Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.493083150.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 84d9f4c70893036276c87aea1e8df9bf4a53d017a64311fff3404928fcddbdb8
                                                          • Instruction ID: 2b3b679a4025be802091c63708b90324134d1ee22d64b15884798f66b63c3283
                                                          • Opcode Fuzzy Hash: 84d9f4c70893036276c87aea1e8df9bf4a53d017a64311fff3404928fcddbdb8
                                                          • Instruction Fuzzy Hash: B0213E3520D3C48FDB07CB20D861B55BF71AB57214F19C6DED9895B6A3C33A8816CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F111DF, Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce1fd7d8a99d0bfef0eed6bc5868531a0bd8f826441a0158ca0a898ac0838563
                                                          • Instruction ID: cf538f27353550d8e9f457a9d550f6b7d1c28f02ee55778d58db5f387cb8b544
                                                          • Opcode Fuzzy Hash: ce1fd7d8a99d0bfef0eed6bc5868531a0bd8f826441a0158ca0a898ac0838563
                                                          • Instruction Fuzzy Hash: 4011A13630C1D08FC7069B78C6988AD7FF5EF8A200B1941EAD542CB6B6CA659C0AD752
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F14FF0, Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00ec7ca841e329dc975cf62fc4657693cc2eb84ee3cf91628089476c6dff996f
                                                          • Instruction ID: c49521b4a890237a890a06e48baae5dae32570b2b563c6fd129108dd2fc56425
                                                          • Opcode Fuzzy Hash: 00ec7ca841e329dc975cf62fc4657693cc2eb84ee3cf91628089476c6dff996f
                                                          • Instruction Fuzzy Hash: 8401C432F442569FC740EEF898517EE7BE0AB84210F44407AC809E7292E734A5479BE2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1D7B8, Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d89a9d19d0fb3b6d7c5aadae36c402c47e8350de29062304eefa8d753b63097
                                                          • Instruction ID: a65fb3b8cd87afe8014a729d659225083b8f89364a23669e2e4e26e386b18a3b
                                                          • Opcode Fuzzy Hash: 5d89a9d19d0fb3b6d7c5aadae36c402c47e8350de29062304eefa8d753b63097
                                                          • Instruction Fuzzy Hash: 12014532B002609FCB142BB89C0866F7AAAFFC8320B10043DE40AD7391DE31AC039760
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F14789, Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7a21d5788fd750b27bf6e5d7a58bb2d3d79ff02244f18b96c6da5c0dca887beb
                                                          • Instruction ID: 5e6fc7e23a1a0b5bc6d28d61c0bf5318ce7d518c8f7b193911a137f60fe2f54e
                                                          • Opcode Fuzzy Hash: 7a21d5788fd750b27bf6e5d7a58bb2d3d79ff02244f18b96c6da5c0dca887beb
                                                          • Instruction Fuzzy Hash: A4015E31B401598FCB56DBB898606EE7FE2EB89310F24447AC849E7285EA3489479791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17D60, Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36bf58c2a306c2c72abd02e09e7000b4b9979b45bbc721b05fbe0ffe1d3760e4
                                                          • Instruction ID: 1045ea22ada52a50c85d77ff91adc7212727322ef0a6a4fd55b256d915bda2c2
                                                          • Opcode Fuzzy Hash: 36bf58c2a306c2c72abd02e09e7000b4b9979b45bbc721b05fbe0ffe1d3760e4
                                                          • Instruction Fuzzy Hash: 6811C236A04148DFDB15EBA8D844AEEBFF1EF49300F1044AAD50AA72B1D7316D0BDB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F2AD64, Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492508259.0000000000F22000.00000040.00000001.sdmp, Offset: 00F22000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a5f62d7c82a0f2fda1eb94b2ca8aa8ba3232516da075dead3b2f750218241ad
                                                          • Instruction ID: 7ba43f16e504f17cacbee04ab1edeb78c6e0d9ce61bc92e175cebee4250ccc36
                                                          • Opcode Fuzzy Hash: 5a5f62d7c82a0f2fda1eb94b2ca8aa8ba3232516da075dead3b2f750218241ad
                                                          • Instruction Fuzzy Hash: E711FEB5509301AFD350CF19DC80A5BFBE8EB88660F04896EFD9997311D271E9088FA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1238F, Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d3bf55bb6abb54cbc607d3a1de9b6fb99d4c3023738121f0d75e8e83cee85ef
                                                          • Instruction ID: 28921d369786d20cca0e41a139e64f7e8c3b6799273683075860e677bf7caaba
                                                          • Opcode Fuzzy Hash: 7d3bf55bb6abb54cbc607d3a1de9b6fb99d4c3023738121f0d75e8e83cee85ef
                                                          • Instruction Fuzzy Hash: 11114C72E0829ACFCB198FA4D950AAE7FB1AB44300F0140AEC542B7365EB712947EF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F175B8, Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6cead7947b46d1cc60e29ce66e9994bb1eb033a3c58f2f4af48112167ea6a1ab
                                                          • Instruction ID: 5f7d85662582c93d8f200b350aa57cfc60d07240f48b90e6a108adae06ea30e2
                                                          • Opcode Fuzzy Hash: 6cead7947b46d1cc60e29ce66e9994bb1eb033a3c58f2f4af48112167ea6a1ab
                                                          • Instruction Fuzzy Hash: 5101B132B08144DBCB19BA58D950ABFBBF29B84314F14406EC01FA7250DF72BD029BD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19E90, Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 014d7de25df58cfed856e8cc17c36c249665a0c59100495e7502be07d615693c
                                                          • Instruction ID: e5b483a574624f5feec9906fbeb37612d468d21cd39f414e9159f0159ea513e4
                                                          • Opcode Fuzzy Hash: 014d7de25df58cfed856e8cc17c36c249665a0c59100495e7502be07d615693c
                                                          • Instruction Fuzzy Hash: 700152B2B041049BCB249A54D8A0EBFBBF59B84314F14446AD506A7650DBB27D06DBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1D7C8, Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a00e3a38cab53460b64d788b4e0ee0571ccbec435a21689c844cfd1f4da8571e
                                                          • Instruction ID: 860bcb6d0690951beb351a745959238fcebcff2a757630c2a4fa255e8c0542d8
                                                          • Opcode Fuzzy Hash: a00e3a38cab53460b64d788b4e0ee0571ccbec435a21689c844cfd1f4da8571e
                                                          • Instruction Fuzzy Hash: 0101A7727002659BDB1427B99C0856F7AAAEBCD664710443DE406D7351DD35DC0397A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19E80, Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fbac36ba9696d91e074d6cdf9d0e269bbb986f2ad976a49701bc97c3f49361b3
                                                          • Instruction ID: f231ea433b735de522b5ca90b0777e48c6cd686724da2b5e4b3405b48dcd4b69
                                                          • Opcode Fuzzy Hash: fbac36ba9696d91e074d6cdf9d0e269bbb986f2ad976a49701bc97c3f49361b3
                                                          • Instruction Fuzzy Hash: B40184B1A042059BCB249B24C4A4E7F7BF19B84314F18085DD416A76A0EFA5BD07D7E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F175A8, Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ccbd03d3714e70bc93c64e1ebe33d71eb7458a0a9ba15a97e8e1abe431d183c
                                                          • Instruction ID: 526d1d9e5de36112be25b5f5b46eaf14dfd88e674729cb5d7e817037bdf35004
                                                          • Opcode Fuzzy Hash: 8ccbd03d3714e70bc93c64e1ebe33d71eb7458a0a9ba15a97e8e1abe431d183c
                                                          • Instruction Fuzzy Hash: 6E018032A081459BCB19FA28C564ABFBBF29B84300F15045DC01BA7250EE71BD029791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C072, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7293dff7e9b528dc6b72ad9f61253a24bbf4ea6a4a1d8dbd9196d396a98f20f
                                                          • Instruction ID: 81efb88c7cda7e84df328484ddfe837592a52d81a2a1819f1cb827ef23a88365
                                                          • Opcode Fuzzy Hash: b7293dff7e9b528dc6b72ad9f61253a24bbf4ea6a4a1d8dbd9196d396a98f20f
                                                          • Instruction Fuzzy Hash: 9901F976744690CFD306AB34D5587283FA2EB5A311B0A04E9E056DB795DB35DC82CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1A540, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d42eb8ca6804e474dc5e6c54bb4f6418c4404346e8c21a78511146436162f6b2
                                                          • Instruction ID: 9ac4ae6cab0f4a9402ca47563f2f715c564def8e2c434446550d574dc49c7ab8
                                                          • Opcode Fuzzy Hash: d42eb8ca6804e474dc5e6c54bb4f6418c4404346e8c21a78511146436162f6b2
                                                          • Instruction Fuzzy Hash: EC016276E04219CFDF50EBB9A90579EBBF4EB48310F10417AD519D3240FB31A5458BD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16588, Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 045b1387097d420b1c4a3321d154d68c4e87ebefb6de1c698f7a598514354338
                                                          • Instruction ID: 9aa0161c2cb03b14af9098ad5318970a01af40b984a0074dae0854cf9df882b7
                                                          • Opcode Fuzzy Hash: 045b1387097d420b1c4a3321d154d68c4e87ebefb6de1c698f7a598514354338
                                                          • Instruction Fuzzy Hash: E1014B72E002199FEB50EBB9E9407AEFBF4EB84210F10017AD508D7285EB30A951CBD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1A530, Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b370f3fdaf31b946658e7b75cc39dfdcb5073b6cc3f1ffee6b3d26757bf2db1
                                                          • Instruction ID: bb3282bc88b799ff9f90eb35de451da9df951b6d8f7efdc6e2eac33fbbaf5790
                                                          • Opcode Fuzzy Hash: 1b370f3fdaf31b946658e7b75cc39dfdcb5073b6cc3f1ffee6b3d26757bf2db1
                                                          • Instruction Fuzzy Hash: 6D019A71E0425A8FDB20EB7899457EEBFF0EB44210F10416AD844D7285EB31A906CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 029505CF, Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.493083150.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b777e79a25c599f474312140c5f033a878fd59e93c0bff90731ade80067cbd4
                                                          • Instruction ID: 6b0e6e2b72e0230ecee0cbf2761633e8ef112f20effe6361d2433a92cd5a3aaf
                                                          • Opcode Fuzzy Hash: 1b777e79a25c599f474312140c5f033a878fd59e93c0bff90731ade80067cbd4
                                                          • Instruction Fuzzy Hash: 9701D6B15093806FD7128B16DC51862FFB8DF86620709C4DFEC498B612D265A809CB72
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1A6B0, Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 391f247260715cfe47a619e43bf717a3ebd049cccbd01a9800487fe0b89fa772
                                                          • Instruction ID: 94505e45373041ccd85c88d828619086feac011b6b974536fd11f8d34ea36a66
                                                          • Opcode Fuzzy Hash: 391f247260715cfe47a619e43bf717a3ebd049cccbd01a9800487fe0b89fa772
                                                          • Instruction Fuzzy Hash: E601F232705240CFC704BB78E51A4583FB2EB8921171440BDE10BCB3A5EF72ED429786
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F11218, Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c5d29f7975e4f7ed9505440deabfbe92616b49e9045f89aca7b0fb6d13797b2
                                                          • Instruction ID: 3d121d76599bbb1683b8979109ee03502ac0725717448945f2f37bde380928c0
                                                          • Opcode Fuzzy Hash: 1c5d29f7975e4f7ed9505440deabfbe92616b49e9045f89aca7b0fb6d13797b2
                                                          • Instruction Fuzzy Hash: EC013136314160CFC644AB2CD25896D77EAFFCD700B2440AAE606CB775DF75AC0A9B82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16578, Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 803d9640ba921a468b09e21956661703d724d2eb1ef9c2b4c090341f02af9da9
                                                          • Instruction ID: eda1e4a61eda6904cd0c8c934fbcfe0705ea14f6221a4d59bab99a28986ee0ee
                                                          • Opcode Fuzzy Hash: 803d9640ba921a468b09e21956661703d724d2eb1ef9c2b4c090341f02af9da9
                                                          • Instruction Fuzzy Hash: E1018F72E402558FDB10EFB899817AEBFF4EB44310F10016AD504DB285E730A942CBD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17F90, Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86893019d7189d737601340e1258bb6f3d910a84df4f52bf417c5a77bb17627d
                                                          • Instruction ID: 08a97d87f320cb2aeb913b3a4b7a41f148d3baa31be9727f1ff8d3d3e8a829a1
                                                          • Opcode Fuzzy Hash: 86893019d7189d737601340e1258bb6f3d910a84df4f52bf417c5a77bb17627d
                                                          • Instruction Fuzzy Hash: 3DF0C236B481058FC701EA689885CEFBFF0EB492107104476D915DB2A2E630A40797E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F12F99, Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 84a316a233a9f945f4de4ed3768efa5618ae0c8af831965e78626fc25b7fb25a
                                                          • Instruction ID: 016745272668c1250560a69e9878b6fb775ad13281d7b959b4840b8a7b0312db
                                                          • Opcode Fuzzy Hash: 84a316a233a9f945f4de4ed3768efa5618ae0c8af831965e78626fc25b7fb25a
                                                          • Instruction Fuzzy Hash: E5F0F430F401465FEB018BB4D8649DEBFF5CF81214F4144B8DC01DB262EA35A41B8790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19C81, Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d3c870c5fdc63631fb45b19b9d1106ad2140901500f11dd753b9d16a17d4ab1
                                                          • Instruction ID: d71f64afd392f47d3151481351ab1d31c18af6911b3e8893b39de39c8afc4864
                                                          • Opcode Fuzzy Hash: 8d3c870c5fdc63631fb45b19b9d1106ad2140901500f11dd753b9d16a17d4ab1
                                                          • Instruction Fuzzy Hash: 35F0C8B17081C18FC745577864205E87FB2DFC631130885AEE04ACB2A2EE779847D791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1A6C0, Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a10d657c4228a0ed61668e83a30e6cfd5abb4ed6e7ca165fbd23b292bee50c3e
                                                          • Instruction ID: 81cecfd236ab57f794a487a216fe97a35d18b6d98e8d2f6d018ec77ec5fc2f6c
                                                          • Opcode Fuzzy Hash: a10d657c4228a0ed61668e83a30e6cfd5abb4ed6e7ca165fbd23b292bee50c3e
                                                          • Instruction Fuzzy Hash: EDF0AF36700214CFC744B778E6194597FA6EBC8221714447DE10BC7368EF72ED429796
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1663C, Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e778edccb344682c7a44ede3598cf701a4238ea8cf42717b3a06fc4b0b592a8b
                                                          • Instruction ID: f876a48a185be53d8960be83d67b0ef69cfc5b88d0dfac5c94c634b35443c9c3
                                                          • Opcode Fuzzy Hash: e778edccb344682c7a44ede3598cf701a4238ea8cf42717b3a06fc4b0b592a8b
                                                          • Instruction Fuzzy Hash: 2EF0C237A0C1E8DFFB119664E844BA9BF60D780315F0441AEC405CA5A6DB64A04BDBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15FC8, Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6738adf9f59bcceeca884f171cd6aee832b79872cf1e2b52dd657eb2d6ca9e9d
                                                          • Instruction ID: ec8d3bc7d8817221f3d60901f6b5b5183ed675fb0b951851d4336d0c559c32f8
                                                          • Opcode Fuzzy Hash: 6738adf9f59bcceeca884f171cd6aee832b79872cf1e2b52dd657eb2d6ca9e9d
                                                          • Instruction Fuzzy Hash: 5CF0E233B04214DBEB10966899002BFBBE59785694F40047AC907D3365FB21BA03A2E2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15FB9, Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7333412c18f2a3ec71f2ff8ef98e2174a67d3a545453a89cc0b23f30b6552a59
                                                          • Instruction ID: 944aa5ae285665b698c20cd9bc533d51feb4ddfc3e093311e53c6b96a0e88312
                                                          • Opcode Fuzzy Hash: 7333412c18f2a3ec71f2ff8ef98e2174a67d3a545453a89cc0b23f30b6552a59
                                                          • Instruction Fuzzy Hash: 89F02B32B081958FEB11573C58206FFBFF49BC5250F4400AACD87D3356EA25B507A2E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E4B8, Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 797f2cbe1cd3701544b7181d2becea31e623cfbfd9bf386785736bd1ec05de13
                                                          • Instruction ID: 3a805a2bfca9446b50349e3053df34f699134b04bcda99bf9ff82f9498df0270
                                                          • Opcode Fuzzy Hash: 797f2cbe1cd3701544b7181d2becea31e623cfbfd9bf386785736bd1ec05de13
                                                          • Instruction Fuzzy Hash: E7F027B7B092E06FEB2611AC584C3E75F846B65220F0A04B7EC8BDF5A3F45458479362
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15BB0, Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7af8d84928b590b35ed7e9deca0a977696481c01449602811b1e830cb648564
                                                          • Instruction ID: 9fb9fdee26103f134968016ce1a6011d5517694290afa3d3601790a191a1f6d4
                                                          • Opcode Fuzzy Hash: f7af8d84928b590b35ed7e9deca0a977696481c01449602811b1e830cb648564
                                                          • Instruction Fuzzy Hash: 25F02432F14144ABDB109A389824AAFABE4ABC4350F4005BAC80AE7295F7206A0796D2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19057, Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6dcfacca5e5363840d8f5cbecc2fc2bb6e89351698c297a430f837074ed85808
                                                          • Instruction ID: 2a04c3fc66fbed886fa0eabaeccd874b1df8c81a482f2b53168c5f3970849ccf
                                                          • Opcode Fuzzy Hash: 6dcfacca5e5363840d8f5cbecc2fc2bb6e89351698c297a430f837074ed85808
                                                          • Instruction Fuzzy Hash: 7DF02475F00105ABDF009FF8D49869EBBB5EF40244F4088B1D910EB228EB30A816C790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F145B9, Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c226b40b2167f8d2dcd8de3524f25e2b43750dc4d38d5957382690281a8b3295
                                                          • Instruction ID: 0144f0e0efb164d964a4050cddcc4a7c4166cc110306e6cfe3d982877096e4b8
                                                          • Opcode Fuzzy Hash: c226b40b2167f8d2dcd8de3524f25e2b43750dc4d38d5957382690281a8b3295
                                                          • Instruction Fuzzy Hash: E3F0E931E442995FCB11CBB85C51AEEBFF8EF89210F1400BED948D7153D224591A87A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10918, Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e2c6a0b24a37b118b1fdc218c9b3ca085ee299ed8ee80267b538f83c7484ef43
                                                          • Instruction ID: 2ddcf877eb7f766de7551efb6c350e3d8e83ddaedd91b095122b6c5d8cec314c
                                                          • Opcode Fuzzy Hash: e2c6a0b24a37b118b1fdc218c9b3ca085ee299ed8ee80267b538f83c7484ef43
                                                          • Instruction Fuzzy Hash: 87E0E533F19218DE9B1056F89D101AFBBA9D785250F4044379A07E3710ED706887A692
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C358, Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7fce530a803941b48fb0460fb41f80f6ecf21f79c4de8bea90408c49c064ffb8
                                                          • Instruction ID: cd31d68a31272b8869d34ad5ddf4dd89cb2406cc08fb640b439b89092ade489c
                                                          • Opcode Fuzzy Hash: 7fce530a803941b48fb0460fb41f80f6ecf21f79c4de8bea90408c49c064ffb8
                                                          • Instruction Fuzzy Hash: BEF05C727091900B839E22AC182036E7B968FC891031E41BAD405E77D6CD15AC1393E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F146A9, Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 620c077ff6b18d7cb06e9039921e7e1799fc746eeefbe24a47ffca48a39bb722
                                                          • Instruction ID: b71deaab361be629eeb83324ef2134f52133ee1531bdc9d585edb4828fe13301
                                                          • Opcode Fuzzy Hash: 620c077ff6b18d7cb06e9039921e7e1799fc746eeefbe24a47ffca48a39bb722
                                                          • Instruction Fuzzy Hash: 2DF0A7317481904FC72157BC68746ED3FA19F86314B1400EAE446CB5B2D919DC07A782
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 02950938, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.493083150.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                          • Instruction ID: bfba339febd1407a4cbbda07728cb410528c1ce2fdd4ef50c8ca26d1febe7ae1
                                                          • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                          • Instruction Fuzzy Hash: 33F0FB35204645DFC606CB00D940B15FBA6EB89718F24CAA9E9490B652C3379823DB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DC07, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 060466531b733f396646560eb9bffb10eae12e99c63bfed34420798932a01b9e
                                                          • Instruction ID: 64d4fd81c2006a102b2c2d030fb432b04861e54c57a774fd1f151d782cdf20ee
                                                          • Opcode Fuzzy Hash: 060466531b733f396646560eb9bffb10eae12e99c63bfed34420798932a01b9e
                                                          • Instruction Fuzzy Hash: FCF0E5313046904FC711D668D83096A7FB2CFC63213198C6FC08ACB352EA66AD079B92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F19C98, Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ba8dd7150252784fb226309a8b16e18fc2da97358bc3fb7879ed8a4967a6310
                                                          • Instruction ID: 35b151f59c38391e89c1d13e151d30bc1568fdb0398ea3f36feb17a2b8bc97c4
                                                          • Opcode Fuzzy Hash: 4ba8dd7150252784fb226309a8b16e18fc2da97358bc3fb7879ed8a4967a6310
                                                          • Instruction Fuzzy Hash: 8FF08C723041448B8748A768A4209A97FA6ABC5221314896DE00EDB380DF76A883D782
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10908, Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb96d3fd9c0e7ba9f635d4644a2de912d5379b879e335d80263cd31f91e94089
                                                          • Instruction ID: 68c84a0c284e0af7d977e49db3a6be44574adb1dcfdbf35d0db9f035d10ab3d5
                                                          • Opcode Fuzzy Hash: bb96d3fd9c0e7ba9f635d4644a2de912d5379b879e335d80263cd31f91e94089
                                                          • Instruction Fuzzy Hash: AAF05C31E09204CFD7109BB88C6466F7FB59B81300F4041779D03AB759DD742843D641
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18232, Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2985c7a1e17bb320bbfb228c61204a26b1a07a84ddec736438335482ead8ffab
                                                          • Instruction ID: 98559b51d513caf08fe6dae1491ef2d6dd408ad8dfdc10679445fe9ee389544d
                                                          • Opcode Fuzzy Hash: 2985c7a1e17bb320bbfb228c61204a26b1a07a84ddec736438335482ead8ffab
                                                          • Instruction Fuzzy Hash: 00F02E35B045914BC76317745A180543FF0D74F15070400AEED81D3395CA259C068B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F14700, Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a93b1ceaae618f00d5884e02b523bef36fe7f6be1fab003747c9e05c4f0c1ae
                                                          • Instruction ID: 81182d060d9a148180bfaf12cf3e6aa4c129e2326376fbc546547c8a7d1dc951
                                                          • Opcode Fuzzy Hash: 6a93b1ceaae618f00d5884e02b523bef36fe7f6be1fab003747c9e05c4f0c1ae
                                                          • Instruction Fuzzy Hash: 41E022333492D04FC31342782820BF92B608BCB720F5A04BFD442DB6B2E45668039351
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E439, Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be1531950fd1b2af837b4ed35f369a4dbf8699e68c0d1de520de64a7feef341d
                                                          • Instruction ID: 6d0e5f2c156d4647dcf520582677c5b8624a2b6ae7ee0f6d089b27e46d7345f5
                                                          • Opcode Fuzzy Hash: be1531950fd1b2af837b4ed35f369a4dbf8699e68c0d1de520de64a7feef341d
                                                          • Instruction Fuzzy Hash: D3F02B767046104FC711CA68D42015A7BA6CF8621130584FFCC4ACB351EB72DC0687A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16EA7, Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fb9d87b0c3954e34d143d20ee263b7fa9679b9cdcc2a3c4eba9f8bbf3b705b6
                                                          • Instruction ID: b1eb7046f025942ccfc484e671c957cd01f42b0605eadfe84ae5d03d36b776dc
                                                          • Opcode Fuzzy Hash: 6fb9d87b0c3954e34d143d20ee263b7fa9679b9cdcc2a3c4eba9f8bbf3b705b6
                                                          • Instruction Fuzzy Hash: 07F0E5307051584BDB14B7F998243ADB6829FC0618F814078C606DB7E0EE201C078783
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1AC70, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 368df369dc40170c14eac085aa1fbdd6d683fd08a72aca98ab49e944d2815b37
                                                          • Instruction ID: 9e31f382ed50e0b3e51f67146fcf3f990225098e5aa7bb9ae729c4a038759395
                                                          • Opcode Fuzzy Hash: 368df369dc40170c14eac085aa1fbdd6d683fd08a72aca98ab49e944d2815b37
                                                          • Instruction Fuzzy Hash: 01E09B71905B508FC325DFABE804493FBF6BFD2714709866FD09587616E77099058BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1ED38, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d51a50af31b0d39189814f4e5dbe728e04965501210d46da3f107236509e6226
                                                          • Instruction ID: ab723d6a88bba6efcf4ea160b14385bb33e7382ea889171168fad5be46b611f7
                                                          • Opcode Fuzzy Hash: d51a50af31b0d39189814f4e5dbe728e04965501210d46da3f107236509e6226
                                                          • Instruction Fuzzy Hash: 29E0D8B57891A41FD701D76C5C215B97B599B9634030A489BD446DF383C4514C0383D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 029505F6, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.493083150.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a80e156451432feb512ac366550d21d5f5a2d0cdf2b46004776c69f1ad85d62
                                                          • Instruction ID: e0dd710cbd9ec681d4302fc89e5f77391f67dddfe7f836617db95353a358ccd9
                                                          • Opcode Fuzzy Hash: 1a80e156451432feb512ac366550d21d5f5a2d0cdf2b46004776c69f1ad85d62
                                                          • Instruction Fuzzy Hash: 87E092B66016004BD650DF0BEC81456FBD8EB84630718C87FDC0D8B701D175B509CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DC58, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f0069b78150efa66dd6cbeed8fe0e1a071fd833bb88695fe0530351bd7ba552
                                                          • Instruction ID: 31fc10bbac8f2936e5fb58b4d5b9f5b406116165a4aad506f17dccf8f53305da
                                                          • Opcode Fuzzy Hash: 9f0069b78150efa66dd6cbeed8fe0e1a071fd833bb88695fe0530351bd7ba552
                                                          • Instruction Fuzzy Hash: ABE048B330D3D0DEC715066594185B67BB8A70A5117071D9BE0868B261F5A27847A391
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1A5F0, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa63a56e4cd70f139da55545da546583c10b7ce55e00a0154235bc8ebc54e164
                                                          • Instruction ID: 5498b7a129b2e6e96d8146d40042ccf4fc342f27d6a2d29f9aa427e87cbb824d
                                                          • Opcode Fuzzy Hash: fa63a56e4cd70f139da55545da546583c10b7ce55e00a0154235bc8ebc54e164
                                                          • Instruction Fuzzy Hash: D5E022397482908FC705337844644AD3FE28F4B14030408BEE88ACB3F6EE26AC039352
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C68E, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d470695464ccaa6895ed3e5429c9b355d502189c1d6dfc2e5ffa32d8aef6984
                                                          • Instruction ID: c78a8a77c0bb60b075e13e5df80c8d8669d60b213bce6a1eb483199e5d41f50c
                                                          • Opcode Fuzzy Hash: 2d470695464ccaa6895ed3e5429c9b355d502189c1d6dfc2e5ffa32d8aef6984
                                                          • Instruction Fuzzy Hash: 4BE068377481C09BCB01476C402517C37A68FCA02231B10ABC00BDF272EC20AC139352
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F2ADB3, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492508259.0000000000F22000.00000040.00000001.sdmp, Offset: 00F22000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e8451dc1c7c49a840e2492490537daab3f58a83b18c5f303e625048243e0919
                                                          • Instruction ID: 249bdad41af83701f5c90d694a578f0732478d93aad96a20af979da8a4b602aa
                                                          • Opcode Fuzzy Hash: 5e8451dc1c7c49a840e2492490537daab3f58a83b18c5f303e625048243e0919
                                                          • Instruction Fuzzy Hash: EBE0D8B25412046BD2109E0B9C81B13FB98EB40A30F04C967EE085F302D171B5148AF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E448, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd30f39b8ce4c20c108a6c5290d19de5d8de78030f8127161b5f894c880595ff
                                                          • Instruction ID: 1ea88b185757bea1414ad4f1b22d7b27ea3113e08b31a7f9e44b3175fdb9b17d
                                                          • Opcode Fuzzy Hash: fd30f39b8ce4c20c108a6c5290d19de5d8de78030f8127161b5f894c880595ff
                                                          • Instruction Fuzzy Hash: BCE04F363045205B9724DAA9D42086ABBDACBC9A61350846ED80A8B351EE62EC0797A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DC18, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5340062aa487c6269e448c9243d2951dcb81d11396f29f0534f690f77c1605d2
                                                          • Instruction ID: feea925b2199be04559189d3f4e31276323ec1490f2f8d424aa4ddc976ced88f
                                                          • Opcode Fuzzy Hash: 5340062aa487c6269e448c9243d2951dcb81d11396f29f0534f690f77c1605d2
                                                          • Instruction Fuzzy Hash: ECE0DF323006105BC710D698D42086A77AACBC5720310882ED40E8B301EEA2FC039791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18240, Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce48b82ca0a1b88d65ca471f6220829b94bedf4cfdc71cfccd756c36b338ab81
                                                          • Instruction ID: 75c8ae14df5c4a18bf33b2e4289fa091ebef95b6e90b50ec4731498aa954d6ac
                                                          • Opcode Fuzzy Hash: ce48b82ca0a1b88d65ca471f6220829b94bedf4cfdc71cfccd756c36b338ab81
                                                          • Instruction Fuzzy Hash: 72E09236F0052587CBB12AA9A6185547AE9E78D6E1714416AEA46D334CDE31DC018BD2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15F68, Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1fe21d8fbddb5a5868d881bc571a4c43f7a4ea134422f4faf3b4c5063cb99c4
                                                          • Instruction ID: 68df3d3d3ded8d446a19f5528fed2466d9997b5b08eb9a660f852c3db0fcc055
                                                          • Opcode Fuzzy Hash: c1fe21d8fbddb5a5868d881bc571a4c43f7a4ea134422f4faf3b4c5063cb99c4
                                                          • Instruction Fuzzy Hash: 3AE0DF3274C5A99FCB1127B828245ED3FA08F82200F0800ABE947CB2E2D98D5843B793
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C6A0, Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26f42aa89cac0c598fac67430dea815be50d65b6e83b528b9c0f33c0fb1eb718
                                                          • Instruction ID: 1e32b7652214bffe89689bc32dad2e9576f23e317d9e72e181dcada0ae8e998a
                                                          • Opcode Fuzzy Hash: 26f42aa89cac0c598fac67430dea815be50d65b6e83b528b9c0f33c0fb1eb718
                                                          • Instruction Fuzzy Hash: B7E0C232388098A74914225D80298BE328A9BC9562314203FA50BCB330ED51AC13A3A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15788, Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d8b17015aa019c4ed450615043183b6130dded573471d8405917858465cff2a8
                                                          • Instruction ID: 517a70ce457a4174b5a8388bd27e27750770b516c665f1c94bcf5b2b2dd64750
                                                          • Opcode Fuzzy Hash: d8b17015aa019c4ed450615043183b6130dded573471d8405917858465cff2a8
                                                          • Instruction Fuzzy Hash: ACE08C2138A4A49FCB1652B828A10AD2B504A8602034809FB9486CB3A3EC08980763D6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15B40, Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b339be49ace57d0d0005c935e21c05f7df5c0de2c2c740156d07fb63643a35e9
                                                          • Instruction ID: db04a36b0da81e93afa03c335e89096f0460dc58a8e5e6716da5dde6343410fd
                                                          • Opcode Fuzzy Hash: b339be49ace57d0d0005c935e21c05f7df5c0de2c2c740156d07fb63643a35e9
                                                          • Instruction Fuzzy Hash: 0CE0DF213891605BEB00D7B898629FA7BA99FD5200B0884BEE84B9B283C852880287D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E489, Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19ff672ed97643a6c466dd3a2994b0ccfdfb16490ca7cf3813cd8941f523c98d
                                                          • Instruction ID: 42a2350c738ebef2e82bb77dac4214849cb67ac5f71c113351164649ec28a6aa
                                                          • Opcode Fuzzy Hash: 19ff672ed97643a6c466dd3a2994b0ccfdfb16490ca7cf3813cd8941f523c98d
                                                          • Instruction Fuzzy Hash: 0DE0CD3631F250CFC315876594044E37F755B57221315159FD847C7B61E7696C02CBD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10170, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efe87abdb5d19b3ad13494339223b345ad7016a678b28e2dfbef18311a33a18b
                                                          • Instruction ID: 76e3b8506c2983d97cdec0f42aa846ece3d87a521420fcb71b28d75c0f4c1d4c
                                                          • Opcode Fuzzy Hash: efe87abdb5d19b3ad13494339223b345ad7016a678b28e2dfbef18311a33a18b
                                                          • Instruction Fuzzy Hash: 66E08C3028E3D08FC7169B70A86949C3F719E0A11030804BEE846CFBA2DA7AD447DA01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15F78, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ceb336edcba1811c55c0e1d0a4ac2532fd347086d836075489db24de467a90b8
                                                          • Instruction ID: d2d775211d67555bc1cd16a9a6bd6727c6cd863dfd6d978d1a3fbb33d4845846
                                                          • Opcode Fuzzy Hash: ceb336edcba1811c55c0e1d0a4ac2532fd347086d836075489db24de467a90b8
                                                          • Instruction Fuzzy Hash: 67D05B3270C92D9FD710369968146AD3A889BC1351F441026FA06C62A1ED996C4367D7
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1DC68, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21c54b40cbf2e943934518824ba6a0b03554f5bd224bd61e9801cfd5655139c5
                                                          • Instruction ID: f22474ccb8d437408e26657da319cdebe0347ca25c4bbd42ffe85b72b462db91
                                                          • Opcode Fuzzy Hash: 21c54b40cbf2e943934518824ba6a0b03554f5bd224bd61e9801cfd5655139c5
                                                          • Instruction Fuzzy Hash: C0D05EB33182A4DBC624165590109B3B7BCA7085127004D6BE44B8A260FAE2B843B7D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1ED48, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e2c5aadf78e07f9d07cbecacf9f28cba609d5a01d59a26d7dd9823e138b9f193
                                                          • Instruction ID: b4f272607521799c85cfa30293c20ac901932839ad563f2a7f6e93577fb8fe36
                                                          • Opcode Fuzzy Hash: e2c5aadf78e07f9d07cbecacf9f28cba609d5a01d59a26d7dd9823e138b9f193
                                                          • Instruction Fuzzy Hash: 7DD0A7353441381B6A04E6ACDC2187A738EDBC9710305887EF80ADB342CD62DC0293D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F17128, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 856e184d8bdf964ae8e1399cbe95dd7d4fc1ab57eb1b81368f7b8a202b953415
                                                          • Instruction ID: 34986be7451d554fd849fdb1135858379c0d8260940d7518514528216b844a6d
                                                          • Opcode Fuzzy Hash: 856e184d8bdf964ae8e1399cbe95dd7d4fc1ab57eb1b81368f7b8a202b953415
                                                          • Instruction Fuzzy Hash: 70D0C232209350CAD3356A66E804662BAEE6B01314F08086E808B1562096A1B0869392
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F102A0, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95a2fa9be1f64c83cbfe4340e5acfe923c2fe5cb2caa3ba07543ece381b25e94
                                                          • Instruction ID: 15545f181734a10538ab216154d2f63f2900134ec277106ddf423db539828096
                                                          • Opcode Fuzzy Hash: 95a2fa9be1f64c83cbfe4340e5acfe923c2fe5cb2caa3ba07543ece381b25e94
                                                          • Instruction Fuzzy Hash: 59E0C23160D7D4CFC3228768A9A4485BFB0EF462003048C9EC4C7CBCA6C7247C0AD701
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15B50, Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9105e5ab5d4c717ef02203360a9b9c4a60c71dcbff0e289538137c73407aafb6
                                                          • Instruction ID: 85da7b5dcb1150ff45e7271017d734ff709feb629944d1ab8ff9b583decc4f26
                                                          • Opcode Fuzzy Hash: 9105e5ab5d4c717ef02203360a9b9c4a60c71dcbff0e289538137c73407aafb6
                                                          • Instruction Fuzzy Hash: BCD0A7313841341BBA04E6ACDC21879738EDBC9710305846EE80EDB342CD63DC0293D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1064F, Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3cfaf5ef5c6339ce836b5ef65e3c824ca17143816114d766db5239d1056b8a93
                                                          • Instruction ID: cf8d034491c6201b5ec9a84c661b112e29895fb5159399b4e60b1e7aa2ca5b40
                                                          • Opcode Fuzzy Hash: 3cfaf5ef5c6339ce836b5ef65e3c824ca17143816114d766db5239d1056b8a93
                                                          • Instruction Fuzzy Hash: 17D05E7248E2C48FC35507B018694E57F60CFA320071488ABD8415AC33A4723593BA11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15700, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81e395b830f4dbe49b593435f410929a240a77631743be22c66b7924f2a1beac
                                                          • Instruction ID: 80cca1c0822f8dc9b80f82596f2d27bc6ccf08666766f6e3f40c2f84bd0e6395
                                                          • Opcode Fuzzy Hash: 81e395b830f4dbe49b593435f410929a240a77631743be22c66b7924f2a1beac
                                                          • Instruction Fuzzy Hash: 87D0A72128D2C9BFC7130B741CE15DA7F54AD5219030811EFCC85CB1B3D609A01FA665
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1CDE0, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2e9ea254a3ba9ed8a9b870313b1fc1a8775e748ef57238ee698393cf8beb2993
                                                          • Instruction ID: ac4d1d8d029ea12b49e43dd5c014786836d290717da01552b68174bd061b459d
                                                          • Opcode Fuzzy Hash: 2e9ea254a3ba9ed8a9b870313b1fc1a8775e748ef57238ee698393cf8beb2993
                                                          • Instruction Fuzzy Hash: 02D0C9333DC1C8CFC75C5A549489636BBA6B740525F838097E02B96175BA26B863BBC2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1ED80, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: edd34f415ae0980ee9c14cb3235537ae4e754cb2176a85dc146adcd679cb0c96
                                                          • Instruction ID: fb9c3819e9879dc500bfd8c9495aaf083873c36790ff182433ea8025ddca12c0
                                                          • Opcode Fuzzy Hash: edd34f415ae0980ee9c14cb3235537ae4e754cb2176a85dc146adcd679cb0c96
                                                          • Instruction Fuzzy Hash: 0BD0126469FBC84FDB4237B42C1C1A43F7C4A6705074A2083D884C73A3ED9815069762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F123F4, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492459743.0000000000F12000.00000040.00000001.sdmp, Offset: 00F12000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce02b5e7cd0d668e2d5190426bced6b982e6e162b76d9411e4a8f3f2c8edaf18
                                                          • Instruction ID: 99a9e270b013eb9e0023912d580ad572d1dd10f990e30104fbc4f30053e7d7b2
                                                          • Opcode Fuzzy Hash: ce02b5e7cd0d668e2d5190426bced6b982e6e162b76d9411e4a8f3f2c8edaf18
                                                          • Instruction Fuzzy Hash: F5D05EB9605A814FD326CA1CC1A8B953BD4EF51B14F4644F9E8008B663C368E9D1E200
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1E498, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0036a7c1a797af9516aa5d390110ef80f8a9b9d1ca322607c63910504781868e
                                                          • Instruction ID: 4012cceea71a1c174c35f52db34b4759cb61e864b748f1da180bfe707ec2c520
                                                          • Opcode Fuzzy Hash: 0036a7c1a797af9516aa5d390110ef80f8a9b9d1ca322607c63910504781868e
                                                          • Instruction Fuzzy Hash: 5AD02237309200CB83248F01E4004A3BB69EB84332310086EDC0B03760FBBABC42DBC0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16AF0, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                          • Instruction ID: 8119a6fb8103f66fc8540e820a17b2a77da4ca9e53723e179c8d9fe6dc60339a
                                                          • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                          • Instruction Fuzzy Hash: C4D0423AA000048FD704CB88D5949D9F7F1EB88325F28C1A6D915A7252C732ED56CA50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00F123BC, Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.492459743.0000000000F12000.00000040.00000001.sdmp, Offset: 00F12000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 60ae90f0a78cf77d663d8f033133e0ce4f4c786435319da65170fc62b35e022d
                                                          • Instruction ID: c926d0d3c075d84553a62cdfc033e1bf7352e562073e6c0e8086f8297dac0c00
                                                          • Opcode Fuzzy Hash: 60ae90f0a78cf77d663d8f033133e0ce4f4c786435319da65170fc62b35e022d
                                                          • Instruction Fuzzy Hash: 77D05E346012814FC715DB1CC194F9937D4AB41B10F0644E8AC108B262C7A8ECD1E600
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18DE0, Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fc304a12c08945c568aefe7728bb30c91e449364ab425929dc2ca0a125e3d86
                                                          • Instruction ID: 52d891f7ea1be1061a164043a3a48f480c57689aed240334858be096bba76fe1
                                                          • Opcode Fuzzy Hash: 9fc304a12c08945c568aefe7728bb30c91e449364ab425929dc2ca0a125e3d86
                                                          • Instruction Fuzzy Hash: 33C0803225C240D7E7451F405B4BBE33B149F0035DF160450B91D58496E36311326B58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1770E, Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3a9791e93be47fc3e8d40876036f832ccc70d4e709902691c3f276bbdf1af90
                                                          • Instruction ID: a812e024f5b8fcbe48c29e0a7ac830c5bb015b100001ee7da4bc58795b77abb9
                                                          • Opcode Fuzzy Hash: a3a9791e93be47fc3e8d40876036f832ccc70d4e709902691c3f276bbdf1af90
                                                          • Instruction Fuzzy Hash: EAD05E32A00509CF8B11DF75DA1009D37F0AB08220B200725D40697391F7301C02CB10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10180, Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a64ce5042ee16e7a54a080f3eee45e1513c42b729e0fa08f781503184e5751ee
                                                          • Instruction ID: 3f65edb697feea6d80ad802f7b0dfad887d5e39f20a0dbc609740c34781795cf
                                                          • Opcode Fuzzy Hash: a64ce5042ee16e7a54a080f3eee45e1513c42b729e0fa08f781503184e5751ee
                                                          • Instruction Fuzzy Hash: 95D01231201308CFCB182B70E41941C77A6AF48205700087CE806CB750DF36E841DA00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F12EC0, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c8d20bf81c63c7e1a83eb652be7bb178130d7fd9fd141800c6336336038b643
                                                          • Instruction ID: f3e03b6091c83b21dec3e565422aa8b3dcbe44b04d8421914f5488461a5ba5e8
                                                          • Opcode Fuzzy Hash: 5c8d20bf81c63c7e1a83eb652be7bb178130d7fd9fd141800c6336336038b643
                                                          • Instruction Fuzzy Hash: 65B0923125820D0BEB609BF67888B66338C9780619F4400A1B80CC6910E986E4E23240
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15710, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30180b3685cbae019f91442319a0727d9a756685e34bc3fd67b7840f52bd3a9e
                                                          • Instruction ID: 813fa331c0ae5a7b5c9f43c3e269393f076f877d0c70c0839688a41457fb56b0
                                                          • Opcode Fuzzy Hash: 30180b3685cbae019f91442319a0727d9a756685e34bc3fd67b7840f52bd3a9e
                                                          • Instruction Fuzzy Hash: 63C04C31A4470CEF8F202BF5695A52D775D5B906953401459E91A89160EF28B4036569
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F10660, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 915367b250de68ce28de16a7d93824f0f0334658652e3955358175496ad43556
                                                          • Instruction ID: b04108259a7d2740962ffed83273f1d8401702c7d1b996fd3913ef1841f85dec
                                                          • Opcode Fuzzy Hash: 915367b250de68ce28de16a7d93824f0f0334658652e3955358175496ad43556
                                                          • Instruction Fuzzy Hash: D8C09B7214E35CCEC25467B16D0543972195BD1305750C835A511209319D7674F3FD65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1C468, Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fac6cdf807c2e108b260ed6e211d0e9f6beced2cf02248a56f589fd70cac8385
                                                          • Instruction ID: 7574162a4989f3514b6d109c2d56814099825c273c82656ad573d62f65673f75
                                                          • Opcode Fuzzy Hash: fac6cdf807c2e108b260ed6e211d0e9f6beced2cf02248a56f589fd70cac8385
                                                          • Instruction Fuzzy Hash: 7FC08C358083808BCF1A0F36D4053113F319E4230A39400FAACA089086E77A9828CB11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F15B92, Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0c7209292ce806253ad86c37cb2bfe1bca4211b63532bbc41391773d909255e
                                                          • Instruction ID: 50954149b77a4ae4686dfdccdfd4c15e07faadc68621f262494c3fb5ea55bc56
                                                          • Opcode Fuzzy Hash: f0c7209292ce806253ad86c37cb2bfe1bca4211b63532bbc41391773d909255e
                                                          • Instruction Fuzzy Hash: 79C04C4594D6D08FC7035B6418B6A953F70EF52202FCC40FB8C848F2A7F55C640EA321
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1ED90, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1dbe0b4c3299f7e869b1e902fb119d25107878844c1332505a7c908212bc5c08
                                                          • Instruction ID: 79bdbdf690b414822ee10fdd4c679f6ad3adddcf4e8d2ed3a4b117c70c347586
                                                          • Opcode Fuzzy Hash: 1dbe0b4c3299f7e869b1e902fb119d25107878844c1332505a7c908212bc5c08
                                                          • Instruction Fuzzy Hash: BDB0123054260C8BEE8033F47C0805D7F9C0940554F801011980D43252FD6874020461
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F1CE40, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7dc93f749039adf3bb6312ba02c754d991082a7f32f2939406815b4193b792f
                                                          • Instruction ID: b3a0123efae64c6b5ab829ae1837a8fd27af70b86069327834bb2f31b7843cd0
                                                          • Opcode Fuzzy Hash: c7dc93f749039adf3bb6312ba02c754d991082a7f32f2939406815b4193b792f
                                                          • Instruction Fuzzy Hash: 7BB092721487EDD78200B719D9898697B28BB01601B800014E506811A9AB703D03ABE6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18E03, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79c48e6acb8aa07257b1df8550ce14859295f1e67633e3a271f7b4a5f498b381
                                                          • Instruction ID: c468a9991c601294de0bffebac80c1f52ab7557fa27f8f76928f17e6a3ed040a
                                                          • Opcode Fuzzy Hash: 79c48e6acb8aa07257b1df8550ce14859295f1e67633e3a271f7b4a5f498b381
                                                          • Instruction Fuzzy Hash: 0DB01233388300E3E41C36802F0AB703E205314785F010801B10F644E035933043361D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F18F80, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7d641f8ef781a4a2e94cf3098b5716e086cbbbff7dadeefb1f2aecec40091a4
                                                          • Instruction ID: 71472b12d140f37b83ac10bec8bebc5ac7d7a0c738ab9256ee2824dde2d59154
                                                          • Opcode Fuzzy Hash: b7d641f8ef781a4a2e94cf3098b5716e086cbbbff7dadeefb1f2aecec40091a4
                                                          • Instruction Fuzzy Hash: CBB012306246480E67806AB22945B123F8C46008443400434B90CC0000FD05E0801141
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04F16B14, Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.496514226.0000000004F10000.00000040.00000001.sdmp, Offset: 04F10000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                          • Instruction ID: d6d97a755b118ee425d4bc367e00a37cd294c499bfbf706c11ce126ed70bfd75
                                                          • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                          • Instruction Fuzzy Hash: 8AB092B7A04008CAEB00CA84B4417EDFB30E790329F104123C71092001D2321165D691
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions