Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 9n7miZydYC.exe

Overview

General Information

Sample Name:9n7miZydYC.exe
Analysis ID:431749
MD5:61de33a77d34a313df07dc2bdd28140a
SHA1:2690f84adb2c6174aab432a61737ca892af2d206
SHA256:9037afbf6a54684a77a6d0b204daa0a843555e01a9bd600545d8ae252b88fad7
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Nanocore RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 9n7miZydYC.exe (PID: 780 cmdline: 'C:\Users\user\Desktop\9n7miZydYC.exe' MD5: 61DE33A77D34A313DF07DC2BDD28140A)
    • 9n7miZydYC.exe (PID: 1736 cmdline: {path} MD5: 61DE33A77D34A313DF07DC2BDD28140A)
      • schtasks.exe (PID: 4560 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 4548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 4356 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpC67B.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 3660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • 9n7miZydYC.exe (PID: 4716 cmdline: C:\Users\user\Desktop\9n7miZydYC.exe 0 MD5: 61DE33A77D34A313DF07DC2BDD28140A)
    • 9n7miZydYC.exe (PID: 3040 cmdline: {path} MD5: 61DE33A77D34A313DF07DC2BDD28140A)
    • 9n7miZydYC.exe (PID: 4280 cmdline: {path} MD5: 61DE33A77D34A313DF07DC2BDD28140A)
    • 9n7miZydYC.exe (PID: 5752 cmdline: {path} MD5: 61DE33A77D34A313DF07DC2BDD28140A)
  • dhcpmon.exe (PID: 5508 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: 61DE33A77D34A313DF07DC2BDD28140A)
    • dhcpmon.exe (PID: 2148 cmdline: {path} MD5: 61DE33A77D34A313DF07DC2BDD28140A)
  • dhcpmon.exe (PID: 5668 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 61DE33A77D34A313DF07DC2BDD28140A)
    • dhcpmon.exe (PID: 3504 cmdline: {path} MD5: 61DE33A77D34A313DF07DC2BDD28140A)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "f9198f9a-66a7-4bba-ab1c-dff8091c", "Group": "Default", "Domain1": "tzitziklishop.ddns.net", "Domain2": "tzitziklishop.ddns.net", "Port": 1665, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "", "BackupDNSServer": "37.235.1.177", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xff8d:$x1: NanoCore.ClientPluginHost
  • 0xffca:$x2: IClientNetworkHost
  • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfcf5:$a: NanoCore
    • 0xfd05:$a: NanoCore
    • 0xff39:$a: NanoCore
    • 0xff4d:$a: NanoCore
    • 0xff8d:$a: NanoCore
    • 0xfd54:$b: ClientPlugin
    • 0xff56:$b: ClientPlugin
    • 0xff96:$b: ClientPlugin
    • 0xfe7b:$c: ProjectData
    • 0x10882:$d: DESCrypto
    • 0x1824e:$e: KeepAlive
    • 0x1623c:$g: LogClientMessage
    • 0x12437:$i: get_Connected
    • 0x10bb8:$j: #=q
    • 0x10be8:$j: #=q
    • 0x10c04:$j: #=q
    • 0x10c34:$j: #=q
    • 0x10c50:$j: #=q
    • 0x10c6c:$j: #=q
    • 0x10c9c:$j: #=q
    • 0x10cb8:$j: #=q
    0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x435a5:$a: NanoCore
      • 0x435fe:$a: NanoCore
      • 0x4363b:$a: NanoCore
      • 0x436b4:$a: NanoCore
      • 0x56d5f:$a: NanoCore
      • 0x56d74:$a: NanoCore
      • 0x56da9:$a: NanoCore
      • 0x6fd63:$a: NanoCore
      • 0x6fd78:$a: NanoCore
      • 0x6fdad:$a: NanoCore
      • 0x43607:$b: ClientPlugin
      • 0x43644:$b: ClientPlugin
      • 0x43f42:$b: ClientPlugin
      • 0x43f4f:$b: ClientPlugin
      • 0x56b1b:$b: ClientPlugin
      • 0x56b36:$b: ClientPlugin
      • 0x56b66:$b: ClientPlugin
      • 0x56d7d:$b: ClientPlugin
      • 0x56db2:$b: ClientPlugin
      • 0x6fb1f:$b: ClientPlugin
      • 0x6fb3a:$b: ClientPlugin
      Click to see the 99 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      31.0.dhcpmon.exe.400000.3.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      31.0.dhcpmon.exe.400000.3.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xff05:$x1: NanoCore Client.exe
      • 0x1018d:$x2: NanoCore.ClientPluginHost
      • 0x117c6:$s1: PluginCommand
      • 0x117ba:$s2: FileCommand
      • 0x1266b:$s3: PipeExists
      • 0x18422:$s4: PipeCreated
      • 0x101b7:$s5: IClientLoggingHost
      31.0.dhcpmon.exe.400000.3.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        31.0.dhcpmon.exe.400000.3.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xfef5:$a: NanoCore
        • 0xff05:$a: NanoCore
        • 0x10139:$a: NanoCore
        • 0x1014d:$a: NanoCore
        • 0x1018d:$a: NanoCore
        • 0xff54:$b: ClientPlugin
        • 0x10156:$b: ClientPlugin
        • 0x10196:$b: ClientPlugin
        • 0x1007b:$c: ProjectData
        • 0x10a82:$d: DESCrypto
        • 0x1844e:$e: KeepAlive
        • 0x1643c:$g: LogClientMessage
        • 0x12637:$i: get_Connected
        • 0x10db8:$j: #=q
        • 0x10de8:$j: #=q
        • 0x10e04:$j: #=q
        • 0x10e34:$j: #=q
        • 0x10e50:$j: #=q
        • 0x10e6c:$j: #=q
        • 0x10e9c:$j: #=q
        • 0x10eb8:$j: #=q
        31.2.dhcpmon.exe.3c505fc.4.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xf7ad:$x1: NanoCore.ClientPluginHost
        • 0x287b1:$x1: NanoCore.ClientPluginHost
        • 0xf7da:$x2: IClientNetworkHost
        • 0x287de:$x2: IClientNetworkHost
        Click to see the 116 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\9n7miZydYC.exe, ProcessId: 1736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\9n7miZydYC.exe, ProcessId: 1736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\9n7miZydYC.exe, ProcessId: 1736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\9n7miZydYC.exe, ProcessId: 1736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "f9198f9a-66a7-4bba-ab1c-dff8091c", "Group": "Default", "Domain1": "tzitziklishop.ddns.net", "Domain2": "tzitziklishop.ddns.net", "Port": 1665, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "", "BackupDNSServer": "37.235.1.177", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
        Multi AV Scanner detection for domain / URLShow sources
        Source: tzitziklishop.ddns.netVirustotal: Detection: 8%Perma Link
        Source: tzitziklishop.ddns.netVirustotal: Detection: 8%Perma Link
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 36%
        Multi AV Scanner detection for submitted fileShow sources
        Source: 9n7miZydYC.exeVirustotal: Detection: 47%Perma Link
        Source: 9n7miZydYC.exeReversingLabs: Detection: 36%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORY
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: 9n7miZydYC.exeJoe Sandbox ML: detected
        Source: 31.0.dhcpmon.exe.400000.3.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 31.0.dhcpmon.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.2.9n7miZydYC.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 30.0.dhcpmon.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 29.0.9n7miZydYC.exe.400000.3.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.9n7miZydYC.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 30.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.9n7miZydYC.exe.400000.3.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 30.0.dhcpmon.exe.400000.3.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 29.2.9n7miZydYC.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 29.0.9n7miZydYC.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 31.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 9n7miZydYC.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 9n7miZydYC.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: mscorlib.pdb source: 9n7miZydYC.exe, 00000007.00000003.345052712.00000000011CD000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\geNROzYNTy\src\obj\Debug\grlL.pdb source: 9n7miZydYC.exe

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49732 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49733 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49739 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49744 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49745 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49746 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49747 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49750 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49751 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49752 -> 103.133.106.117:1665
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 103.133.106.117:1665
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: tzitziklishop.ddns.net
        Uses dynamic DNS servicesShow sources
        Source: unknownDNS query: name: tzitziklishop.ddns.net
        Source: global trafficTCP traffic: 192.168.2.3:49732 -> 103.133.106.117:1665
        Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownDNS traffic detected: queries for: tzitziklishop.ddns.net
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: 9n7miZydYC.exe, 00000000.00000003.202338594.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: 9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com.TTFJ
        Source: dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: 9n7miZydYC.exe, 00000000.00000003.202721265.000000000624D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: 9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comA
        Source: 9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF-
        Source: 9n7miZydYC.exe, 00000000.00000003.278151367.0000000006210000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
        Source: 9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalic
        Source: 9n7miZydYC.exe, 00000000.00000003.202769761.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsoS
        Source: 9n7miZydYC.exe, 00000000.00000003.202769761.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcom
        Source: 9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
        Source: 9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comde
        Source: 9n7miZydYC.exe, 00000000.00000003.278151367.0000000006210000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrita6
        Source: 9n7miZydYC.exe, 00000000.00000003.202769761.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comlicd
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: 9n7miZydYC.exe, 00000000.00000003.200242240.0000000006214000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/T
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: 9n7miZydYC.exe, 00000000.00000003.203426791.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: 9n7miZydYC.exe, 00000000.00000003.203426791.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/S
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/$
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/-
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/6
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/?
        Source: 9n7miZydYC.exe, 00000000.00000003.201209002.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/S
        Source: 9n7miZydYC.exe, 00000000.00000003.201209002.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/da-dw
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/e
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/$
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/A
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/S
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/e
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/k
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/oiJ
        Source: 9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ue
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/va
        Source: 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/w
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: 9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: dhcpmon.exe, 00000013.00000002.372093310.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
        Source: 9n7miZydYC.exe, 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORY
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 29.2.9n7miZydYC.exe.30a9530.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.2.dhcpmon.exe.3329658.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.2.dhcpmon.exe.2c69658.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        .NET source code contains very large stringsShow sources
        Source: 9n7miZydYC.exe, Form1.csLong String: Length: 11840
        Source: 0.2.9n7miZydYC.exe.ef0000.0.unpack, Form1.csLong String: Length: 11840
        Source: 0.0.9n7miZydYC.exe.ef0000.0.unpack, Form1.csLong String: Length: 11840
        Source: dhcpmon.exe.7.dr, Form1.csLong String: Length: 11840
        Source: 7.0.9n7miZydYC.exe.a20000.2.unpack, Form1.csLong String: Length: 11840
        Source: 7.2.9n7miZydYC.exe.a20000.1.unpack, Form1.csLong String: Length: 11840
        Source: 7.0.9n7miZydYC.exe.a20000.0.unpack, Form1.csLong String: Length: 11840
        Source: 7.0.9n7miZydYC.exe.a20000.4.unpack, Form1.csLong String: Length: 11840
        Source: 15.0.9n7miZydYC.exe.570000.0.unpack, Form1.csLong String: Length: 11840
        Source: 15.2.9n7miZydYC.exe.570000.0.unpack, Form1.csLong String: Length: 11840
        Source: 19.2.dhcpmon.exe.6d0000.0.unpack, Form1.csLong String: Length: 11840
        Source: 19.0.dhcpmon.exe.6d0000.0.unpack, Form1.csLong String: Length: 11840
        Source: 21.0.dhcpmon.exe.c0000.0.unpack, Form1.csLong String: Length: 11840
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_07CE10E80_2_07CE10E8
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_07CE10990_2_07CE1099
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_07CE00400_2_07CE0040
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_07CE00130_2_07CE0013
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_0195C1440_2_0195C144
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_0195E5900_2_0195E590
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_0195E5800_2_0195E580
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 15_2_0297C14415_2_0297C144
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 15_2_0297E59015_2_0297E590
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 15_2_0297E58015_2_0297E580
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_02A4C14419_2_02A4C144
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_02A4E58019_2_02A4E580
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_02A4E59019_2_02A4E590
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3541819_2_06F35418
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3203019_2_06F32030
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F326D019_2_06F326D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F326CA19_2_06F326CA
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3540819_2_06F35408
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F310E819_2_06F310E8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3109919_2_06F31099
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3308019_2_06F33080
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3004019_2_06F30040
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3304519_2_06F33045
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3202019_2_06F32020
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3302019_2_06F33020
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3000619_2_06F30006
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3995819_2_06F39958
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E485819_2_084E4858
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EBA2019_2_084EBA20
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E1A9819_2_084E1A98
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084ED2B019_2_084ED2B0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E2BD819_2_084E2BD8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EC40019_2_084EC400
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EADF819_2_084EADF8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E9D9019_2_084E9D90
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E572019_2_084E5720
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E8F9819_2_084E8F98
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E90B119_2_084E90B1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EE14819_2_084EE148
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EE15819_2_084EE158
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EA25A19_2_084EA25A
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EA26819_2_084EA268
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EBA1219_2_084EBA12
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E1A8819_2_084E1A88
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084ED29619_2_084ED296
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EF34019_2_084EF340
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EF33019_2_084EF330
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E2BD519_2_084E2BD5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EC3F119_2_084EC3F1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EECC019_2_084EECC0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EECD019_2_084EECD0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EAD5A19_2_084EAD5A
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084E9D1119_2_084E9D11
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EF52019_2_084EF520
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EF53019_2_084EF530
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EBE7219_2_084EBE72
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EBE8019_2_084EBE80
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EF7C019_2_084EF7C0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EEFC119_2_084EEFC1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EEFD019_2_084EEFD0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_084EF7B019_2_084EF7B0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_00ACC14421_2_00ACC144
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_00ACE58021_2_00ACE580
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_00ACE59021_2_00ACE590
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_049E51E021_2_049E51E0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_049E67E321_2_049E67E3
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_049E51D021_2_049E51D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E541821_2_068E5418
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E203021_2_068E2030
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E26CD21_2_068E26CD
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E26D021_2_068E26D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E541221_2_068E5412
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E308021_2_068E3080
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E10E821_2_068E10E8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E10E221_2_068E10E2
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E000621_2_068E0006
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E202021_2_068E2020
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E302021_2_068E3020
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E304521_2_068E3045
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E004021_2_068E0040
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E995821_2_068E9958
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF572021_2_07DF5720
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFADF821_2_07DFADF8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF9D9021_2_07DF9D90
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFC40021_2_07DFC400
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF2BD821_2_07DF2BD8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF1AE821_2_07DF1AE8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFD2B021_2_07DFD2B0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFBA2021_2_07DFBA20
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF90C021_2_07DF90C0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF485821_2_07DF4858
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFEFD021_2_07DFEFD0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFEFC121_2_07DFEFC1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFF7C021_2_07DFF7C0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFF7B021_2_07DFF7B0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFBE8021_2_07DFBE80
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFBE7121_2_07DFBE71
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFADD521_2_07DFADD5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFF53021_2_07DFF530
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFF52021_2_07DFF520
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFECD021_2_07DFECD0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFECC021_2_07DFECC0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF2BC821_2_07DF2BC8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFC3F121_2_07DFC3F1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFF34021_2_07DFF340
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFF33021_2_07DFF330
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DF1AD821_2_07DF1AD8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFD29721_2_07DFD297
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFA25821_2_07DFA258
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFA26821_2_07DFA268
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFBA1121_2_07DFBA11
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFE15821_2_07DFE158
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_07DFE14821_2_07DFE148
        Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 9037AFBF6A54684A77A6D0B204DAA0A843555E01A9BD600545D8AE252B88FAD7
        Source: 9n7miZydYC.exeBinary or memory string: OriginalFilename vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 00000000.00000002.279901612.000000000371D000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWindowsNetwork.dll> vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 00000000.00000002.278383354.0000000000EF2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 00000000.00000002.279167689.0000000003334000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exeBinary or memory string: OriginalFilename vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 00000007.00000000.276911901.0000000000A22000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 00000007.00000003.345563216.0000000001261000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exeBinary or memory string: OriginalFilename vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000000F.00000002.372101985.0000000002B81000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWindowsNetwork.dll> vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000000F.00000000.286394181.0000000000572000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000000F.00000002.384331171.0000000007040000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000001B.00000002.365016795.0000000000352000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000001C.00000000.365724712.00000000003B2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000001D.00000000.367918632.0000000000C72000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exe, 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exeBinary or memory string: OriginalFilenamegrlL.exeR vs 9n7miZydYC.exe
        Source: 9n7miZydYC.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 29.2.9n7miZydYC.exe.30a9530.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.2.9n7miZydYC.exe.30a9530.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.2.dhcpmon.exe.3329658.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.2.dhcpmon.exe.3329658.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.2.dhcpmon.exe.2c69658.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.2.dhcpmon.exe.2c69658.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 9n7miZydYC.exe, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 0.2.9n7miZydYC.exe.ef0000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 0.0.9n7miZydYC.exe.ef0000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: dhcpmon.exe.7.dr, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: classification engineClassification label: mal100.troj.evad.winEXE@22/12@12/1
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9n7miZydYC.exe.logJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{f9198f9a-66a7-4bba-ab1c-dff8091cd717}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4548:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3660:120:WilError_01
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile created: C:\Users\user\AppData\Local\Temp\tmpC2C1.tmpJump to behavior
        Source: 9n7miZydYC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\9n7miZydYC.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\9n7miZydYC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: 9n7miZydYC.exeVirustotal: Detection: 47%
        Source: 9n7miZydYC.exeReversingLabs: Detection: 36%
        Source: 9n7miZydYC.exeString found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
        Source: 9n7miZydYC.exeString found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
        Source: 9n7miZydYC.exeString found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
        Source: 9n7miZydYC.exeString found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile read: C:\Users\user\Desktop\9n7miZydYC.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\9n7miZydYC.exe 'C:\Users\user\Desktop\9n7miZydYC.exe'
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp'
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpC67B.tmp'
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\9n7miZydYC.exe C:\Users\user\Desktop\9n7miZydYC.exe 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpC67B.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: 9n7miZydYC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: 9n7miZydYC.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: 9n7miZydYC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: mscorlib.pdb source: 9n7miZydYC.exe, 00000007.00000003.345052712.00000000011CD000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\geNROzYNTy\src\obj\Debug\grlL.pdb source: 9n7miZydYC.exe

        Data Obfuscation:

        barindex
        .NET source code contains method to dynamically call methods (often used by packers)Show sources
        Source: 9n7miZydYC.exe, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 0.2.9n7miZydYC.exe.ef0000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 0.0.9n7miZydYC.exe.ef0000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: dhcpmon.exe.7.dr, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 7.0.9n7miZydYC.exe.a20000.2.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 7.2.9n7miZydYC.exe.a20000.1.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 7.0.9n7miZydYC.exe.a20000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 7.0.9n7miZydYC.exe.a20000.4.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 15.0.9n7miZydYC.exe.570000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 15.2.9n7miZydYC.exe.570000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 19.2.dhcpmon.exe.6d0000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 19.0.dhcpmon.exe.6d0000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 21.0.dhcpmon.exe.c0000.0.unpack, Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        .NET source code contains potential unpackerShow sources
        Source: 9n7miZydYC.exe, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.2.9n7miZydYC.exe.ef0000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.9n7miZydYC.exe.ef0000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: dhcpmon.exe.7.dr, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.a20000.2.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.2.9n7miZydYC.exe.a20000.1.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.a20000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.9n7miZydYC.exe.a20000.4.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 15.0.9n7miZydYC.exe.570000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 15.2.9n7miZydYC.exe.570000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 19.2.dhcpmon.exe.6d0000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 19.0.dhcpmon.exe.6d0000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 21.0.dhcpmon.exe.c0000.0.unpack, Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_07CA1CF1 push es; ret 0_2_07CA1CFF
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 0_2_0195F950 pushad ; iretd 0_2_0195F951
        Source: C:\Users\user\Desktop\9n7miZydYC.exeCode function: 15_2_0297F950 pushad ; iretd 15_2_0297F951
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_02A4F950 pushad ; iretd 19_2_02A4F951
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F32539 push cs; retf 19_2_06F3253F
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F30AF0 push es; iretd 19_2_06F30B70
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F36891 push es; iretd 19_2_06F368A8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F3685D push es; retf 19_2_06F36860
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F33037 push es; ret 19_2_06F33044
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 19_2_06F33020 push es; ret 19_2_06F33044
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_00ACF950 pushad ; iretd 21_2_00ACF951
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E6891 push es; iretd 21_2_068E68A8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E3020 push es; ret 21_2_068E3044
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 21_2_068E3037 push es; ret 21_2_068E3044
        Source: initial sampleStatic PE information: section name: .text entropy: 7.60711640242
        Source: initial sampleStatic PE information: section name: .text entropy: 7.60711640242
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 7.2.9n7miZydYC.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.0.9n7miZydYC.exe.400000.1.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.0.9n7miZydYC.exe.400000.3.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\9n7miZydYC.exeFile opened: C:\Users\user\Desktop\9n7miZydYC.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM3Show sources
        Source: Yara matchFile source: 00000013.00000002.372998253.0000000002AD6000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.279167689.0000000003334000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.372309695.0000000002BD6000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORY
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: 9n7miZydYC.exe, 00000000.00000002.279167689.0000000003334000.00000004.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.372309695.0000000002BD6000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.372998253.0000000002AD6000.00000004.00000001.sdmp, dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: 9n7miZydYC.exe, 00000000.00000002.279167689.0000000003334000.00000004.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.372309695.0000000002BD6000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.372998253.0000000002AD6000.00000004.00000001.sdmp, dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWindow / User API: threadDelayed 4922Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWindow / User API: threadDelayed 4405Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWindow / User API: foregroundWindowGot 358Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWindow / User API: foregroundWindowGot 397Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exe TID: 5556Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exe TID: 1092Thread sleep time: -11990383647911201s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exe TID: 2440Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1332Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 676Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exe TID: 5352Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5512Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5220Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: dhcpmon.exe, 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
        Source: 9n7miZydYC.exe, 00000007.00000003.345204132.0000000001234000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\9n7miZydYC.exeMemory written: C:\Users\user\Desktop\9n7miZydYC.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpC67B.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeProcess created: C:\Users\user\Desktop\9n7miZydYC.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Users\user\Desktop\9n7miZydYC.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Users\user\Desktop\9n7miZydYC.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Users\user\Desktop\9n7miZydYC.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Users\user\Desktop\9n7miZydYC.exe VolumeInformation
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\9n7miZydYC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Users\user\Desktop\9n7miZydYC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\9n7miZydYC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORY
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: 9n7miZydYC.exe, 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 9n7miZydYC.exe, 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 9n7miZydYC.exe, 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 9n7miZydYC.exe, 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 9n7miZydYC.exe, 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2148, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 5752, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 4716, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 3504, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5508, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 780, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 9n7miZydYC.exe PID: 1736, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5668, type: MEMORY
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.408b7c6.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.9n7miZydYC.exe.43b51e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.9n7miZydYC.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.0.dhcpmon.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.430b7c6.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c505fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.4094c25.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.2.9n7miZydYC.exe.40905fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.dhcpmon.exe.3b551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.dhcpmon.exe.35151e0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 29.0.9n7miZydYC.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.43105fc.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c54c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.9n7miZydYC.exe.3c551e0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 30.2.dhcpmon.exe.4314c25.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 31.2.dhcpmon.exe.3c4b7c6.3.raw.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Process Injection111Masquerading2Input Capture21Security Software Discovery211Remote ServicesInput Capture21Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsScheduled Task/Job1Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol21Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing22Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 431749 Sample: 9n7miZydYC.exe Startdate: 09/06/2021 Architecture: WINDOWS Score: 100 52 tzitziklishop.ddns.net 2->52 56 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->56 58 Multi AV Scanner detection for domain / URL 2->58 60 Found malware configuration 2->60 62 15 other signatures 2->62 9 9n7miZydYC.exe 3 2->9         started        13 dhcpmon.exe 3 2->13         started        15 dhcpmon.exe 2 2->15         started        17 9n7miZydYC.exe 2 2->17         started        signatures3 process4 file5 50 C:\Users\user\AppData\...\9n7miZydYC.exe.log, ASCII 9->50 dropped 66 Uses schtasks.exe or at.exe to add and modify task schedules 9->66 68 Injects a PE file into a foreign processes 9->68 19 9n7miZydYC.exe 1 16 9->19         started        24 dhcpmon.exe 13->24         started        26 dhcpmon.exe 15->26         started        28 9n7miZydYC.exe 17->28         started        30 9n7miZydYC.exe 17->30         started        32 9n7miZydYC.exe 17->32         started        signatures6 process7 dnsIp8 54 tzitziklishop.ddns.net 103.133.106.117, 1665, 49732, 49733 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 19->54 42 C:\Program Files (x86)\...\dhcpmon.exe, PE32 19->42 dropped 44 C:\Users\user\AppData\Roaming\...\run.dat, ISO-8859 19->44 dropped 46 C:\Users\user\AppData\Local\...\tmpC2C1.tmp, XML 19->46 dropped 48 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 19->48 dropped 64 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->64 34 schtasks.exe 1 19->34         started        36 schtasks.exe 1 19->36         started        file9 signatures10 process11 process12 38 conhost.exe 34->38         started        40 conhost.exe 36->40         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        9n7miZydYC.exe48%VirustotalBrowse
        9n7miZydYC.exe37%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
        9n7miZydYC.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe37%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        31.0.dhcpmon.exe.400000.3.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        31.0.dhcpmon.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.2.9n7miZydYC.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        30.0.dhcpmon.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        29.0.9n7miZydYC.exe.400000.3.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.9n7miZydYC.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        30.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.9n7miZydYC.exe.400000.3.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        30.0.dhcpmon.exe.400000.3.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        29.2.9n7miZydYC.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        29.0.9n7miZydYC.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        31.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        SourceDetectionScannerLabelLink
        tzitziklishop.ddns.net9%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        tzitziklishop.ddns.net9%VirustotalBrowse
        tzitziklishop.ddns.net0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/A0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/ue0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/60%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/60%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/60%URL Reputationsafe
        http://www.fontbureau.comlicd0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/e0%Avira URL Cloudsafe
        http://www.fontbureau.comcom0%URL Reputationsafe
        http://www.fontbureau.comcom0%URL Reputationsafe
        http://www.fontbureau.comcom0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/-0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/-0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/-0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/S0%Avira URL Cloudsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/$0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/$0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/$0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.fontbureau.comA0%Avira URL Cloudsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.fontbureau.comF-0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/oiJ0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/S0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/S0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/S0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/S0%URL Reputationsafe
        http://www.fontbureau.comde0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.founder.com.cn/cn/T0%Avira URL Cloudsafe
        http://www.fontbureau.comd0%URL Reputationsafe
        http://www.fontbureau.comd0%URL Reputationsafe
        http://www.fontbureau.comd0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/?0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/?0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/?0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.fontbureau.com.TTFJ0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/w0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/w0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/w0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/va0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/$0%Avira URL Cloudsafe
        http://www.fontbureau.comalsoS0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/k0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        tzitziklishop.ddns.net
        		103.133.106.117
        		truetrueunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        tzitziklishop.ddns.nettrue
        • 9%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.fontbureau.com/designersG9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
          		high
          http://www.jiyu-kobo.co.jp/jp/A9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fontbureau.com/designers/?9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bThe9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/ue9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.fontbureau.com/designers?9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
              		high
              http://www.tiro.comdhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersdhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                		high
                http://www.goodfont.co.kr9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.sajatypeworks.com9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.typography.netD9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/cThe9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/staff/dennis.htm9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://fontfabrik.com9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/89n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/69n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.comlicd9n7miZydYC.exe, 00000000.00000003.202769761.0000000006216000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/e9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fontbureau.comcom9n7miZydYC.exe, 00000000.00000003.202769761.0000000006216000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/-9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/DPlease9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fonts.com9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                  		high
                  http://www.sandoll.co.kr9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/jp/S9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.urwpp.deDPlease9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/$9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.zhongyicts.com.cn9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comA9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.sakkal.com9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comF-9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.apache.org/licenses/LICENSE-2.09n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com9n7miZydYC.exe, 00000000.00000003.202338594.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                      		high
                      http://www.galapagosdesign.com/9n7miZydYC.exe, 00000000.00000003.203426791.0000000006216000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/oiJ9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.galapagosdesign.com/S9n7miZydYC.exe, 00000000.00000003.203426791.0000000006216000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/S9n7miZydYC.exe, 00000000.00000003.201209002.0000000006216000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.comde9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/jp/9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.coma9n7miZydYC.exe, 00000000.00000003.278151367.0000000006210000.00000004.00000001.sdmpfalse
                        		unknown
                        http://www.founder.com.cn/cn/T9n7miZydYC.exe, 00000000.00000003.200242240.0000000006214000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.comd9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/?9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.coml9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com.TTFJ9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/designers/cabarga.htmlN9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/w9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cn9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/frere-jones.html9n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                            		high
                            http://www.jiyu-kobo.co.jp/va9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/jp/$9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.html9n7miZydYC.exe, 00000000.00000003.202721265.000000000624D000.00000004.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.comalsoS9n7miZydYC.exe, 00000000.00000003.202769761.0000000006216000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 00000000.00000003.201498360.0000000006216000.00000004.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/k9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comgrita69n7miZydYC.exe, 00000000.00000003.278151367.0000000006210000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers89n7miZydYC.exe, 00000000.00000002.283745706.0000000006300000.00000002.00000001.sdmp, 9n7miZydYC.exe, 0000000F.00000002.382823509.0000000005A40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.383614397.0000000005A80000.00000002.00000001.sdmp, dhcpmon.exe, 00000015.00000002.395701262.0000000005420000.00000002.00000001.sdmpfalse
                                		high
                                http://www.jiyu-kobo.co.jp/e9n7miZydYC.exe, 00000000.00000003.201375392.0000000006216000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.comalic9n7miZydYC.exe, 00000000.00000003.202928477.0000000006216000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/da-dw9n7miZydYC.exe, 00000000.00000003.201209002.0000000006216000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                103.133.106.117
                                		tzitziklishop.ddns.netViet Nam
                                		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue

                                General Information

                                Joe Sandbox Version:32.0.0 Black Diamond
                                Analysis ID:431749
                                Start date:09.06.2021
                                Start time:08:39:19
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 13m 18s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:9n7miZydYC.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:36
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@22/12@12/1
                                EGA Information:Failed
                                HDC Information:
                                • Successful, ratio: 0% (good quality ratio 0%)
                                • Quality average: 75%
                                • Quality standard deviation: 0%
                                HCA Information:
                                • Successful, ratio: 99%
                                • Number of executed functions: 251
                                • Number of non-executed functions: 9
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .exe
                                Warnings:
                                Show All
                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                08:40:45Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\9n7miZydYC.exe" s>$(Arg0)
                                08:40:45API Interceptor694x Sleep call for process: 9n7miZydYC.exe modified
                                08:40:45AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                08:40:47Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                103.133.106.117NEW ORDER Ref PO-298721.docGet hashmaliciousBrowse
                                  NEW ORDER (Ref PO-298721).exeGet hashmaliciousBrowse

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    tzitziklishop.ddns.netNEW ORDER Ref PO-298721.docGet hashmaliciousBrowse
                                    • 103.133.106.117
                                    NEW ORDER (Ref PO-298721).exeGet hashmaliciousBrowse
                                    • 103.133.106.117
                                    plf.exeGet hashmaliciousBrowse
                                    • 103.89.90.73
                                    365d37e0_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 103.89.90.73
                                    SWIFT COPY.xlsxGet hashmaliciousBrowse
                                    • 103.89.90.73

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNNEW ORDER Ref PO-298721.docGet hashmaliciousBrowse
                                    • 103.133.106.117
                                    2-2.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    3-1.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    2-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    3-2.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    3-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    7-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    7-2.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    9-1.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    9-2.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    9-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    11-1.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    11-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    13-1.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    13-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    13-2.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    15-1.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    15-3.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    15-2.exeGet hashmaliciousBrowse
                                    • 103.114.107.28
                                    17-1.exeGet hashmaliciousBrowse
                                    • 103.114.107.28

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeNEW ORDER Ref PO-298721.docGet hashmaliciousBrowse

                                      Created / dropped Files

                                      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):736256
                                      Entropy (8bit):7.59865760202799
                                      Encrypted:false
                                      SSDEEP:6144:x2j8F5ve0At+vWlrOXMRzyeYlDW6PzaIm8MI8x39qflzAQnT6kygum2OMidd8P99:sj8FU9qXKueqZPeLhI8N0MQn5zdd8ld
                                      MD5:61DE33A77D34A313DF07DC2BDD28140A
                                      SHA1:2690F84ADB2C6174AAB432A61737CA892AF2D206
                                      SHA-256:9037AFBF6A54684A77A6D0B204DAA0A843555E01A9BD600545D8AE252B88FAD7
                                      SHA-512:9AAD4399FB37F78D1E658006EFDFE218607F51D630496CE7FBC1766BDD78B8F360657C8A661CF48602105F5C7D7A9C772180D5307BC3B9D5E2D2DE2CDB24E4C1
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      • Antivirus: ReversingLabs, Detection: 37%
                                      Joe Sandbox View:
                                      • Filename: NEW ORDER Ref PO-298721.doc, Detection: malicious, Browse
                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.`..............0..2...........Q... ...`....@.. ....................................@.................................pQ..O....`..............................8P............................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................Q......H...................k....x................................................r...p}......}.....(.......(.....*..0..?.........{....o....r[..p(....-\.{....o....r[..p(....-E.{....o....r[..p(....-..{....o....r[..p(....-..{....o....r[..p(....+......,..r]..p(....&8.....{....s........=...%.ry..p.%..{....o.....%.r...p.%..{....o.....%.r...p.%..{....o.....%.r...p.%..{....o.....%.r...p.%...{....o.....%..r...p.(.......s......o......o.....r...p(....&**...(.....*..*....0..+.........,..{......
                                      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:ggPYV:rPYV
                                      MD5:187F488E27DB4AF347237FE461A079AD
                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                      Malicious:true
                                      Preview: [ZoneTransfer]....ZoneId=0
                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9n7miZydYC.exe.log
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.355304211458859
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                      Malicious:true
                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
                                      Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.355304211458859
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                      Malicious:false
                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                      C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1300
                                      Entropy (8bit):5.118944582901851
                                      Encrypted:false
                                      SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0j/xtn:cbk4oL600QydbQxIYODOLedq30j
                                      MD5:A9BA54AEEE57957F8C82B492D8C5097B
                                      SHA1:768E15E065FCA4DF27F898AA6E2DFCBB3EBAAC21
                                      SHA-256:6F19738FFCBFB6AC48E387D6E9DF6941EAD5DACF9D56A6510EDA963CF1A18814
                                      SHA-512:E8C5005D1ECD66BA35C122C34FF8EE043A6101EFC1E5144C7708C2A1E8E023F956BC8F38AB96FAC3675382CC255A5F5A91830F6DC4D56635AF70D4C8F92475C8
                                      Malicious:true
                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                      C:\Users\user\AppData\Local\Temp\tmpC67B.tmp
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1310
                                      Entropy (8bit):5.109425792877704
                                      Encrypted:false
                                      SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                      MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                      SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                      SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                      SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                      Malicious:false
                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):2320
                                      Entropy (8bit):7.089541637477408
                                      Encrypted:false
                                      SSDEEP:48:IknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhL:HjhDjhDjhDjhDjhDjhDjhDjhDjhDjhL
                                      MD5:2CC2E05CB39A76B255530F61BA4AA2E3
                                      SHA1:76BD6001B1922B2B3FB2F618740FA74A6C532A7F
                                      SHA-256:FBF89196FF1A9FC33EE6C42DC0A959DAA89E2322F3417C77534C9968C0885271
                                      SHA-512:2EACD3A81456781803A9C14F7471DBBDB126BBE7AEC3105B1A49AB115A8BB831EA0D1DF48BAB00EB8231B114EAE5A03DF73A7A60B45BA03CB2F92382CF4DBB38
                                      Malicious:false
                                      Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:ISO-8859 text
                                      Category:dropped
                                      Size (bytes):8
                                      Entropy (8bit):3.0
                                      Encrypted:false
                                      SSDEEP:3:GL8tn:GL8n
                                      MD5:BDFAE484F0490CA439A3B3B99266C3D7
                                      SHA1:DE3458EAE36DEB1F38BF5166C041F88423D2F8A8
                                      SHA-256:FDDDA7C9DE87079CC5EACD239E0C4320D8A9B594C01EF48E6E5B9BC319BEE5E1
                                      SHA-512:5E3AD9DBE4001CAA46506169E0B94167DB95480190B6FF39BB1BDDC3E05F76F54899A9C148C821DC01C51E0BE90ADE6BE1E0E641CFB07832977E3632E5AB5054
                                      Malicious:true
                                      Preview: ..0.\+.H
                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bak
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:data
                                      Category:modified
                                      Size (bytes):24
                                      Entropy (8bit):4.501629167387823
                                      Encrypted:false
                                      SSDEEP:3:9bzY6oRDIvYk:RzWDI3
                                      MD5:ACD3FB4310417DC77FE06F15B0E353E6
                                      SHA1:80E7002E655EB5765FDEB21114295CB96AD9D5EB
                                      SHA-256:DC3AE604991C9BB8FF8BC4502AE3D0DB8A3317512C0F432490B103B89C1A4368
                                      SHA-512:DA46A917DB6276CD4528CFE4AD113292D873CA2EBE53414730F442B83502E5FAF3D1AE87BFA295ADF01E3B44FDBCE239E21A318BFB2CCD1F4753846CB21F6F97
                                      Malicious:false
                                      Preview: 9iH...}Z.4..f..J".C;"a
                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):64
                                      Entropy (8bit):5.320159765557392
                                      Encrypted:false
                                      SSDEEP:3:9bzY6oRDIvYVsRLY6oRDT6P2bfVn1:RzWDIfRWDT621
                                      MD5:BB0F9B9992809E733EFFF8B0E562CFD6
                                      SHA1:F0BAB3CF73A04F5A689E6AFC764FEE9276992742
                                      SHA-256:C48F04FE7525AA3A3F9540889883F649726233DE021724823720A59B4F37CEAC
                                      SHA-512:AE4280AA460DC1C0301D458A3A443F6884A0BE37481737B2ADAFD72C33C55F09BED88ED239C91FE6F19CA137AC3CD7C9B8454C21D3F8E759687F701C8B3C7A16
                                      Malicious:false
                                      Preview: 9iH...}Z.4..f..J".C;"a9iH...}Z.4..f.~a........~.~.......3.U.
                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):327768
                                      Entropy (8bit):7.999367066417797
                                      Encrypted:true
                                      SSDEEP:6144:oX44S90aTiB66x3PlZmqze1d1wI8lkWmtjJ/3Exi:LkjbU7LjGxi
                                      MD5:2E52F446105FBF828E63CF808B721F9C
                                      SHA1:5330E54F238F46DC04C1AC62B051DB4FCD7416FB
                                      SHA-256:2F7479AA2661BD259747BC89106031C11B3A3F79F12190E7F19F5DF65B7C15C8
                                      SHA-512:C08BA0E3315E2314ECBEF38722DF834C2CB8412446A9A310F41A8F83B4AC5984FCC1B26A1D8B0D58A730FDBDD885714854BDFD04DCDF7F582FC125F552D5C3CA
                                      Malicious:false
                                      Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                      Process:C:\Users\user\Desktop\9n7miZydYC.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):37
                                      Entropy (8bit):4.486348298002912
                                      Encrypted:false
                                      SSDEEP:3:oNWXp5vcvn:oNWXpFcv
                                      MD5:A11591BB060207647B8D2E30A04C3307
                                      SHA1:78498F3EBB7B68111B258017412B2BEDC9D2F4CE
                                      SHA-256:6272B883FBAFE98ABC0CAD713CDA4B705B9A99C3E70C43C982C2FBB06297AF49
                                      SHA-512:EA14B14522B3B6DDD2FB42DF80792305DBBEF1DE11D3FD1BB52B7A6E0CBACC6846930082D9377276F7C2293C3FB221D1D6D555F914D67006CC8F8B6DDD3C4D5F
                                      Malicious:false
                                      Preview: C:\Users\user\Desktop\9n7miZydYC.exe

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):7.59865760202799
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      • DOS Executable Generic (2002/1) 0.01%
                                      File name:9n7miZydYC.exe
                                      File size:736256
                                      MD5:61de33a77d34a313df07dc2bdd28140a
                                      SHA1:2690f84adb2c6174aab432a61737ca892af2d206
                                      SHA256:9037afbf6a54684a77a6d0b204daa0a843555e01a9bd600545d8ae252b88fad7
                                      SHA512:9aad4399fb37f78d1e658006efdfe218607f51d630496ce7fbc1766bdd78b8f360657c8a661cf48602105f5c7d7a9c772180d5307bc3b9d5e2d2de2cdb24e4c1
                                      SSDEEP:6144:x2j8F5ve0At+vWlrOXMRzyeYlDW6PzaIm8MI8x39qflzAQnT6kygum2OMidd8P99:sj8FU9qXKueqZPeLhI8N0MQn5zdd8ld
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.`..............0..2...........Q... ...`....@.. ....................................@................................

                                      File Icon

                                      Icon Hash:00828e8e8686b000

                                      Static PE Info

                                      General

                                      Entrypoint:0x4b51c2
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                      Time Stamp:0x60BF6ABB [Tue Jun 8 13:03:55 2021 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:v4.0.30319
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb51700x4f.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x5dc.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xb80000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb50380x1c.text
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000xb31c80xb3200False0.666222795272data7.60711640242IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                      .rsrc0xb60000x5dc0x600False0.4296875data4.16106067239IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0xb80000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountry
                                      RT_VERSION0xb60900x34cdata
                                      RT_MANIFEST0xb63ec0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Version Infos

                                      DescriptionData
                                      Translation0x0000 0x04b0
                                      LegalCopyrightCopyright 2019
                                      Assembly Version1.0.0.0
                                      InternalNamegrlL.exe
                                      FileVersion1.0.0.0
                                      CompanyName
                                      LegalTrademarks
                                      Comments
                                      ProductNameWindowsFormsApplication1
                                      ProductVersion1.0.0.0
                                      FileDescriptionWindowsFormsApplication1
                                      OriginalFilenamegrlL.exe

                                      Network Behavior

                                      Snort IDS Alerts

                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                      06/09/21-08:40:48.822269TCP2025019ET TROJAN Possible NanoCore C2 60B497321665192.168.2.3103.133.106.117
                                      06/09/21-08:40:55.835305TCP2025019ET TROJAN Possible NanoCore C2 60B497331665192.168.2.3103.133.106.117
                                      06/09/21-08:41:03.048739TCP2025019ET TROJAN Possible NanoCore C2 60B497351665192.168.2.3103.133.106.117
                                      06/09/21-08:41:10.295361UDP254DNS SPOOF query response with TTL of 1 min. and no authority536063337.235.1.174192.168.2.3
                                      06/09/21-08:41:10.574958TCP2025019ET TROJAN Possible NanoCore C2 60B497391665192.168.2.3103.133.106.117
                                      06/09/21-08:41:19.210772TCP2025019ET TROJAN Possible NanoCore C2 60B497441665192.168.2.3103.133.106.117
                                      06/09/21-08:41:27.172287TCP2025019ET TROJAN Possible NanoCore C2 60B497451665192.168.2.3103.133.106.117
                                      06/09/21-08:41:35.865210TCP2025019ET TROJAN Possible NanoCore C2 60B497461665192.168.2.3103.133.106.117
                                      06/09/21-08:41:42.698348TCP2025019ET TROJAN Possible NanoCore C2 60B497471665192.168.2.3103.133.106.117
                                      06/09/21-08:41:49.419836TCP2025019ET TROJAN Possible NanoCore C2 60B497501665192.168.2.3103.133.106.117
                                      06/09/21-08:41:55.865614TCP2025019ET TROJAN Possible NanoCore C2 60B497511665192.168.2.3103.133.106.117
                                      06/09/21-08:42:02.784457TCP2025019ET TROJAN Possible NanoCore C2 60B497521665192.168.2.3103.133.106.117
                                      06/09/21-08:42:10.089038TCP2025019ET TROJAN Possible NanoCore C2 60B497531665192.168.2.3103.133.106.117

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jun 9, 2021 08:40:48.534049034 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:48.771405935 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:48.771548986 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:48.822268963 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:49.066165924 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.066831112 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:49.351305008 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.351402044 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:49.587023020 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.629326105 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:49.663964033 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:49.949979067 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.975771904 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.975846052 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.976244926 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.976321936 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:49.976358891 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:49.976425886 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.020248890 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.211021900 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.211086988 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.211160898 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.211332083 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.211446047 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.211636066 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.211704969 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.211890936 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.211986065 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.212203979 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.212270021 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.212519884 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.212621927 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.212836027 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.212894917 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.306910992 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.448415041 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.448471069 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.448556900 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.448647976 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.448977947 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449028015 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449050903 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.449071884 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449110031 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449137926 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.449150085 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449187994 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449209929 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.449225903 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449264050 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449280024 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.449301958 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449348927 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449357986 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.449389935 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449429035 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449466944 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.449486971 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.449534893 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.686943054 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687000036 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687041044 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687081099 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687113047 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.687161922 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.687532902 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687576056 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687618971 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687657118 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687684059 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.687695980 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687724113 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.687736034 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687784910 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687829971 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687844992 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.687870026 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687889099 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.687911034 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687951088 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.687990904 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688007116 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688030005 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688046932 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688069105 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688116074 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688158989 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688169956 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688198090 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688218117 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688239098 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688277006 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688313961 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688332081 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688354015 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688383102 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688393116 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688440084 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688482046 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688497066 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688520908 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688543081 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688560009 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688601971 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688637972 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.688657999 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.688695908 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.926213980 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926289082 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926333904 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926374912 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926405907 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.926414013 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926453114 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926454067 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.926491022 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926532984 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.926553011 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.926584959 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927066088 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927134037 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927195072 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927197933 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927233934 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927274942 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927314997 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927345037 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927362919 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927366018 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927407026 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927445889 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927485943 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927488089 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927524090 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927561998 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927573919 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927603006 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927623034 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927647114 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927695036 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927735090 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927738905 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927777052 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927795887 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927819014 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927859068 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927880049 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927896023 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927933931 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.927966118 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.927972078 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928033113 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928042889 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928096056 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928138018 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928177118 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928179979 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928215027 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928252935 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928278923 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928298950 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928319931 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928343058 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928395033 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928411961 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928462029 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928504944 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928525925 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928544044 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928582907 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928622961 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928628922 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928661108 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928679943 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928699970 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928739071 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928786039 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:50.928792953 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:50.928844929 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.020761967 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169029951 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169085026 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169123888 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169164896 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169168949 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169200897 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169203997 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169254065 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169256926 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169269085 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169298887 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169325113 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169341087 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.169354916 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.169389009 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172560930 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172619104 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172657967 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172691107 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172719955 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172739983 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172779083 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172801971 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172818899 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172858953 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172875881 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172894955 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172929049 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172935963 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.172950029 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.172974110 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173022985 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173065901 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173069000 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173082113 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173090935 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173105001 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173145056 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173150063 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173161983 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173183918 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173221111 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173221111 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173238039 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173261881 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173294067 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173301935 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173316956 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173351049 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173360109 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173393965 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173410892 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173432112 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173470020 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173471928 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173496962 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173511982 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173552036 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173552036 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173568010 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173592091 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173614979 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173629999 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173646927 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173679113 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173696041 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173722982 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173758984 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173760891 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173799038 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173815012 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173825979 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173836946 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173872948 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173872948 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173911095 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173917055 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173948050 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.173969030 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173983097 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.173988104 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.174000978 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.174041986 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.174057007 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.174078941 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.174102068 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.174118042 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.174129963 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.174155951 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.174186945 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.174194098 CEST166549732103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:51.174212933 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:51.174338102 CEST497321665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:55.550519943 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:55.834492922 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:55.834676981 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:55.835304976 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:56.133414030 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:56.133666992 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:56.416590929 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:56.417848110 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:56.752652884 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:56.752756119 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:56.752844095 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:56.752907991 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:56.753288984 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:56.753367901 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:56.753458977 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:56.753515959 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.044070005 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.044162035 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.044230938 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.044615984 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.044972897 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.045036077 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.045384884 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.045564890 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.045627117 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.045993090 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.046183109 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.046242952 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.340992928 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.341109991 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.341448069 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.341485977 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.341694117 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342075109 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342119932 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342159033 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342195988 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.342199087 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342221022 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.342237949 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342286110 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342329979 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342350960 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.342361927 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.342369080 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342408895 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342447996 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342485905 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342514992 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.342524052 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.342528105 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.342742920 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.427630901 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.633192062 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.633246899 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.633280039 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.633308887 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.633428097 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.633485079 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634044886 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634089947 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634130955 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634160995 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634171009 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634176016 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634181976 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634213924 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634227037 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634253979 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634301901 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634309053 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634318113 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634346962 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634386063 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634412050 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634421110 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634426117 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634465933 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634490967 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634502888 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634505033 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634546041 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634572983 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634579897 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634584904 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634634972 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634649038 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634655952 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634677887 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634716034 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634754896 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634779930 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634789944 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634793043 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634813070 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634830952 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634871006 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634907961 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634924889 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634933949 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.634958029 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.634999990 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.635018110 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.635030031 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.635039091 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.635078907 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.635098934 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.635106087 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.635148048 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.635200024 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.635231972 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.635253906 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.773467064 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.924846888 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.924899101 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.924938917 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.924977064 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.924994946 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.925024986 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.925070047 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.925108910 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.925124884 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.925133944 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.925152063 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.925429106 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.926472902 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926523924 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926564932 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926601887 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926619053 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.926642895 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926662922 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.926683903 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926733017 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926749945 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.926775932 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926815033 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926851988 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926892042 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926908970 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.926920891 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.926928997 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.926968098 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927005053 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927052975 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927053928 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927081108 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927094936 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927158117 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927185059 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927227974 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927275896 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927318096 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927335024 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927356005 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927386999 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927417994 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927448988 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927484989 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927531004 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927532911 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927573919 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927611113 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927618980 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927639008 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927651882 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927691936 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927711010 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927730083 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927767992 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927804947 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927829027 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927838087 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927851915 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927895069 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927932024 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927954912 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.927969933 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.927982092 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.928009987 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.928045988 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.928085089 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.928122997 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:57.928179026 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:57.928189039 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.225898027 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.225950956 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.225990057 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.226028919 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.226067066 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.226105928 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.226114988 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.226144075 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.226157904 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.226195097 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.226499081 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.228673935 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228718996 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228760958 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228800058 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228841066 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228863001 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.228878021 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.228889942 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228934050 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228971958 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.228991985 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229015112 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229054928 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229093075 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229110003 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229118109 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229131937 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229171038 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229218006 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229242086 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229262114 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229300976 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229340076 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229362965 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229377985 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229393959 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229415894 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229454041 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229491949 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229527950 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229533911 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229538918 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229583025 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229619980 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229636908 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229659081 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229697943 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229715109 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229736090 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229773998 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229789972 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229811907 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229837894 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.229865074 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229908943 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229947090 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.229984999 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230000019 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.230010033 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.230024099 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230062962 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230102062 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230133057 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.230139971 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230144024 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.230189085 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230232954 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230272055 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.230348110 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.230359077 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.427978039 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.526336908 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526396036 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526436090 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526463032 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.526477098 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526493073 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.526499033 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.526515007 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526565075 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526612043 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526637077 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.526649952 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.526659012 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.526890039 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.529771090 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.529813051 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.529851913 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.529891014 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.529912949 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.529937983 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.529947042 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.529957056 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.529985905 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530002117 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530028105 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530067921 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530108929 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530124903 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530138016 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530148983 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530188084 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530225992 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530265093 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530272961 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530306101 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530318022 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530358076 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530375957 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530396938 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530436039 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530443907 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530456066 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530472994 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530512094 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530546904 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530550003 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530555010 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530596972 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530639887 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530641079 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530678034 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530693054 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530700922 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530719042 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530757904 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530774117 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530793905 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530807018 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530812025 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530834913 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530873060 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530893087 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530905008 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530921936 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530932903 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.530966043 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.530982018 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531004906 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531043053 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531061888 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531069040 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531080961 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531090021 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531142950 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531172991 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531182051 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531222105 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531261921 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531280041 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531291008 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531312943 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531322002 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531356096 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531378031 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:40:58.531397104 CEST166549733103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:40:58.531485081 CEST497331665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:02.749481916 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:03.048079967 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:03.048253059 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:03.048738956 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:03.312745094 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:03.313056946 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:03.595594883 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:03.595797062 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:03.957927942 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:03.958743095 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.316323996 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.316387892 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.316427946 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.316579103 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.316947937 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.317030907 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.474850893 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.591456890 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.591523886 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.591562033 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.591578007 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.591639996 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.591645956 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.591691017 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.591754913 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.591883898 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.591943979 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.592325926 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.592389107 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.592436075 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.592497110 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.592638016 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.592700958 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.799362898 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875535965 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875602007 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875641108 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875679970 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875718117 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875766039 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875804901 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.875827074 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875852108 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.875859022 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.875871897 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875912905 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875942945 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.875952959 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.875991106 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.876014948 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.876029968 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.876066923 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.876090050 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.876115084 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.876156092 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.876182079 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:04.876194000 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:04.876255035 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.179997921 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180066109 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180103064 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180141926 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180181026 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180229902 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180274963 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180295944 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180315971 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180335999 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180341005 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180356979 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180396080 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180402040 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180434942 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180473089 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180475950 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180510998 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180543900 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180557966 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180604935 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180641890 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180659056 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180682898 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180712938 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180721998 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180759907 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180798054 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180831909 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180835009 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180876970 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.180887938 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180932999 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.180969954 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181010962 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181037903 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.181049109 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181086063 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181116104 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.181126118 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181163073 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181163073 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.181212902 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181216955 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.181257963 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181286097 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.181297064 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.181365013 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.475094080 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491285086 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491347075 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491377115 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491405964 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491444111 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491482019 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491520882 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491549015 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491563082 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491579056 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491589069 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491594076 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491602898 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491641998 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491661072 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491678953 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491691113 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491694927 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491734982 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491740942 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491772890 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491790056 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491813898 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491831064 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491852999 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491873980 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491893053 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491916895 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491933107 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491954088 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.491971970 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.491985083 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492021084 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492027998 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492068052 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492078066 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492105961 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492135048 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492146015 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492163897 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492185116 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492203951 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492223978 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492249012 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492261887 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492285013 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492300034 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492309093 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492348909 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492357016 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492393970 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492408037 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492434025 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492451906 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492472887 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492491961 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492511988 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492542982 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492548943 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492578030 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492588997 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492615938 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492629051 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492655039 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492679119 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492692947 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492724895 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492754936 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492763996 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492784977 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492804050 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492814064 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492844105 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492862940 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492883921 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492899895 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492924929 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492942095 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.492963076 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.492996931 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493012905 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.493033886 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493056059 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.493081093 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493093967 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.493115902 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493133068 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.493133068 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493172884 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.493189096 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493210077 CEST166549735103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:05.493232965 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:05.493271112 CEST497351665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:10.296516895 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:10.571759939 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:10.574515104 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:10.574958086 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:10.861087084 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:10.912375927 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.060781956 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.346595049 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.361140966 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.691256046 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.691509962 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.699754000 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.699812889 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.699852943 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.700010061 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.700058937 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.700232029 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.700311899 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.979660988 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.979724884 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.979859114 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.979921103 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.980242014 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.980334044 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.980495930 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.981409073 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.981590986 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:11.981611013 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.982001066 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:11.982076883 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.253822088 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.253990889 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.254142046 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.254496098 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.254817009 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.254940987 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.255222082 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255436897 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255462885 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255486012 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255506992 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255530119 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255558968 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255573988 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.255582094 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255594015 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.255599976 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.255609035 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255630016 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255634069 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.255654097 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255675077 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.255683899 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.255724907 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.492177963 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520037889 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520098925 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520126104 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520138025 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520158052 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520178080 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520200014 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520231009 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520323992 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520365000 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520380974 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520406961 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520416975 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520446062 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520461082 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520518064 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520843029 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520884037 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520921946 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520962000 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.520978928 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.520993948 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521003962 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521029949 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521042109 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521060944 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521083117 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521095991 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521123886 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521138906 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521172047 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521176100 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521217108 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521222115 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521256924 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521270990 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521298885 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521305084 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521337986 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521353006 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521378040 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521403074 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521416903 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521425962 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521456957 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521473885 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521507025 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521512032 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521552086 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521558046 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521591902 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521605015 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521631956 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521645069 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521672010 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521711111 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521729946 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521750927 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521769047 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521790981 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.521814108 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.521847963 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793322086 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793391943 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793432951 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793483973 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793514967 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793529034 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793556929 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793569088 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793612003 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793628931 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793652058 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793688059 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793704987 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793726921 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793766022 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793780088 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793813944 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793855906 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793865919 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793895960 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793939114 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.793946028 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.793977976 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.794028997 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.794888020 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.794934988 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.794971943 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.794990063 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795012951 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795051098 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795067072 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795089960 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795140028 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795162916 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795205116 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795241117 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795253992 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795289993 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795331955 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795361996 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795392036 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795430899 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795469999 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795494080 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795507908 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795551062 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795561075 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795583010 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795593977 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795633078 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795646906 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795682907 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795726061 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795733929 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795763969 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795803070 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795819998 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795844078 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795883894 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795898914 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.795922995 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795960903 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.795975924 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.796009064 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.796051979 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.796061993 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.796089888 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.796128988 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.796142101 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:12.796166897 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:12.796217918 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.079726934 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.079792976 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.079833031 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.079869986 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.079878092 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.079907894 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.079922915 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.079948902 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.079996109 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080001116 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.080039978 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080076933 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080091953 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.080116987 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080154896 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080172062 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.080193996 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080233097 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080245972 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.080270052 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080316067 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.080317020 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080360889 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.080409050 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082015038 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082068920 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082118988 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082129002 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082164049 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082201958 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082215071 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082243919 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082283974 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082298994 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082321882 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082360983 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082369089 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082400084 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082446098 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082448959 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082493067 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082530975 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082560062 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082571983 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082612038 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082621098 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082650900 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082690954 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082698107 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082729101 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082775116 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082777023 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082820892 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082858086 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082874060 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082896948 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082937002 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.082951069 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.082974911 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083014011 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083030939 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.083051920 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083100080 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.083100080 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083189964 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083230972 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083236933 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.083270073 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083308935 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083324909 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.083348989 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.083394051 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389153957 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389216900 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389256001 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389273882 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389295101 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389334917 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389341116 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389374018 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389414072 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389425993 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389453888 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389501095 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389501095 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389544964 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389585018 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389590025 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389625072 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389662981 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389668941 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389700890 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389739990 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389753103 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.389777899 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.389828920 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.391491890 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391556978 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391602039 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391611099 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.391642094 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391680956 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391695023 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.391720057 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391757965 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391797066 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391797066 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.391834974 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391848087 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.391884089 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391933918 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.391956091 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.391976118 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392031908 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392115116 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392155886 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392201900 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392205954 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392250061 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392287970 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392302990 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392328024 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392366886 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392405033 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392442942 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392443895 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392463923 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392482996 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392530918 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392530918 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392575979 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392613888 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392631054 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392656088 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392693996 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392710924 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392731905 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392771959 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392797947 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392811060 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392858982 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392860889 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.392904043 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.392973900 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.460042953 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700206995 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700268030 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700318098 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700361013 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700397968 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700428009 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700438976 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700467110 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700478077 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700515032 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700516939 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700553894 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700577974 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700594902 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700644016 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700649023 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700687885 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700725079 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700726032 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700766087 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700779915 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700807095 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700843096 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700850010 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700882912 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700921059 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700932980 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.700968027 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.700979948 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701013088 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701033115 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701051950 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701091051 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701106071 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701129913 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701167107 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701179981 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701206923 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701246023 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701265097 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701296091 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701333046 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701339006 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701375961 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701379061 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701416016 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701455116 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701467991 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701493025 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.701553106 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.701607943 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702141047 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702183008 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702220917 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702259064 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702260017 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702301025 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702337027 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702347040 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702377081 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702413082 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702414989 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702457905 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702462912 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702506065 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702542067 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702542067 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702583075 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702621937 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702709913 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702814102 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702856064 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702893972 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702931881 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.702935934 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.702970028 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703015089 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703018904 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703063011 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703063011 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703100920 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703141928 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703196049 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703228951 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703236103 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703277111 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703310966 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703313112 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703352928 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703382969 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703392029 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703428984 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703439951 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703481913 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703505993 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703520060 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703558922 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703581095 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703598976 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703635931 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:13.703639984 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.703720093 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:13.821335077 CEST166549739103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:14.523736954 CEST497391665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:18.917829990 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:19.208663940 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:19.209007025 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:19.210772038 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:19.484663010 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:19.485130072 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:19.759114027 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:19.759346962 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:20.109081030 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:20.111219883 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:20.473510027 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:20.473613024 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:20.551003933 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:20.603255033 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:20.787461042 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:20.787583113 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:21.161950111 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:21.162046909 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:21.478868961 CEST166549744103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:21.492970943 CEST497441665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:26.866748095 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:27.171432018 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:27.171622992 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:27.172286987 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:27.486028910 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:27.486787081 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:27.798978090 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:27.799983978 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:28.161467075 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:28.161660910 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:28.503978968 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:28.567926884 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:28.569225073 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:28.872873068 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:28.932013988 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:29.086323977 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:29.397135973 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:29.400031090 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:29.712244034 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:29.773430109 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:30.598881006 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:30.824392080 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:30.932332039 CEST166549745103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:30.932431936 CEST497451665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:35.563817978 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:35.863554955 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:35.864603996 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:35.865210056 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:36.166178942 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:36.166666031 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:36.452549934 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:36.492579937 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:36.584196091 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:36.921674967 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:36.921993971 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:36.989495993 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:37.040669918 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:37.194233894 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:37.194761038 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:37.519435883 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:37.519561052 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:37.749588013 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:37.793732882 CEST166549746103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:37.795397043 CEST497461665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:42.386415958 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:42.696367979 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:42.696598053 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:42.698348045 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:43.011615038 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:43.013256073 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:43.301645041 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:43.304174900 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:43.635591030 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:43.707000971 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:43.712641954 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:44.008407116 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:44.008573055 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:44.370345116 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:44.370456934 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:44.665688992 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:44.666455030 CEST166549747103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:44.666763067 CEST497471665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:49.105228901 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:49.418171883 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:49.418561935 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:49.419836044 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:49.748253107 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:49.754879951 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:50.080703020 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:50.083087921 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:50.458528042 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:50.458646059 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:50.518796921 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:50.571856022 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:50.753040075 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:50.753247976 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:51.099548101 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:51.099667072 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:51.405913115 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:51.446964025 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:51.458849907 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:51.747243881 CEST166549750103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:51.747342110 CEST497501665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:55.561144114 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:55.864101887 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:55.864283085 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:55.865613937 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:56.158947945 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:56.164838076 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:56.449940920 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:56.450258970 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:56.790635109 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:56.790728092 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:57.139252901 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:57.222888947 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:57.275500059 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:57.288429976 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:57.566756010 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:57.566869020 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:57.631289959 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:57.631380081 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:57.854196072 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:57.900569916 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:57.964274883 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:57.964422941 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:58.187489033 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:58.244343996 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:41:58.299401999 CEST166549751103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:41:58.371100903 CEST497511665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:02.479036093 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:02.782949924 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:02.783237934 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:02.784456968 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:03.112001896 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:03.112729073 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:03.434621096 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:03.434788942 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:03.809686899 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:03.809814930 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:04.177607059 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:04.254369020 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:04.255393982 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:04.534435034 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:04.534632921 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:04.884702921 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:04.885938883 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:05.204318047 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:05.260576963 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:05.453080893 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:05.583924055 CEST166549752103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:05.587286949 CEST497521665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:09.804644108 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:10.088397026 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:10.088532925 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:10.089037895 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:10.389934063 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:10.390211105 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:10.698096991 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:10.698714972 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:11.057647943 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:11.130078077 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:11.130515099 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:11.398427010 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:11.399194956 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:11.662836075 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:11.662972927 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:11.937995911 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:11.980281115 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:13.848546028 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:13.901913881 CEST497531665192.168.2.3103.133.106.117
                                      Jun 9, 2021 08:42:15.383491039 CEST166549753103.133.106.117192.168.2.3
                                      Jun 9, 2021 08:42:15.433294058 CEST497531665192.168.2.3103.133.106.117

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jun 9, 2021 08:40:48.458422899 CEST5543553192.168.2.337.235.1.174
                                      Jun 9, 2021 08:40:48.512447119 CEST535543537.235.1.174192.168.2.3
                                      Jun 9, 2021 08:40:55.365665913 CEST5071353192.168.2.337.235.1.174
                                      Jun 9, 2021 08:40:55.548255920 CEST535071337.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:02.682830095 CEST5898753192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:02.745002985 CEST535898737.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:10.142401934 CEST6063353192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:10.295361042 CEST536063337.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:18.862062931 CEST6361953192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:18.916666031 CEST536361937.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:26.709872961 CEST6493853192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:26.865480900 CEST536493837.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:35.439858913 CEST6194653192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:35.556212902 CEST536194637.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:42.327558041 CEST6491053192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:42.385374069 CEST536491037.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:49.047765017 CEST5633853192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:49.103404045 CEST535633837.235.1.174192.168.2.3
                                      Jun 9, 2021 08:41:55.503642082 CEST5942053192.168.2.337.235.1.174
                                      Jun 9, 2021 08:41:55.559006929 CEST535942037.235.1.174192.168.2.3
                                      Jun 9, 2021 08:42:02.421720028 CEST5878453192.168.2.337.235.1.174
                                      Jun 9, 2021 08:42:02.476983070 CEST535878437.235.1.174192.168.2.3
                                      Jun 9, 2021 08:42:09.465266943 CEST6397853192.168.2.337.235.1.174
                                      Jun 9, 2021 08:42:09.803811073 CEST536397837.235.1.174192.168.2.3

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                      Jun 9, 2021 08:40:48.458422899 CEST192.168.2.337.235.1.1740x4990Standard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:40:55.365665913 CEST192.168.2.337.235.1.1740x703bStandard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:02.682830095 CEST192.168.2.337.235.1.1740x78afStandard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:10.142401934 CEST192.168.2.337.235.1.1740xb2d8Standard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:18.862062931 CEST192.168.2.337.235.1.1740x94e9Standard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:26.709872961 CEST192.168.2.337.235.1.1740x8506Standard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:35.439858913 CEST192.168.2.337.235.1.1740x3e1cStandard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:42.327558041 CEST192.168.2.337.235.1.1740x9324Standard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:49.047765017 CEST192.168.2.337.235.1.1740x10b5Standard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:55.503642082 CEST192.168.2.337.235.1.1740x4c5dStandard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:42:02.421720028 CEST192.168.2.337.235.1.1740xf02eStandard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)
                                      Jun 9, 2021 08:42:09.465266943 CEST192.168.2.337.235.1.1740xa72fStandard query (0)tzitziklishop.ddns.netA (IP address)IN (0x0001)

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                      Jun 9, 2021 08:40:48.512447119 CEST37.235.1.174192.168.2.30x4990No error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:40:55.548255920 CEST37.235.1.174192.168.2.30x703bNo error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:02.745002985 CEST37.235.1.174192.168.2.30x78afNo error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:10.295361042 CEST37.235.1.174192.168.2.30xb2d8No error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:18.916666031 CEST37.235.1.174192.168.2.30x94e9No error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:26.865480900 CEST37.235.1.174192.168.2.30x8506No error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:35.556212902 CEST37.235.1.174192.168.2.30x3e1cNo error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:42.385374069 CEST37.235.1.174192.168.2.30x9324No error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:49.103404045 CEST37.235.1.174192.168.2.30x10b5No error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:41:55.559006929 CEST37.235.1.174192.168.2.30x4c5dNo error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:42:02.476983070 CEST37.235.1.174192.168.2.30xf02eNo error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)
                                      Jun 9, 2021 08:42:09.803811073 CEST37.235.1.174192.168.2.30xa72fNo error (0)tzitziklishop.ddns.net103.133.106.117A (IP address)IN (0x0001)

                                      Code Manipulations

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      Analysis Process: 9n7miZydYC.exe PID: 780 Parent PID: 5780

                                      General

                                      Start time:08:40:03
                                      Start date:09/06/2021
                                      Path:C:\Users\user\Desktop\9n7miZydYC.exe
                                      Wow64 process (32bit):true
                                      Commandline:'C:\Users\user\Desktop\9n7miZydYC.exe'
                                      Imagebase:0xef0000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.281977110.0000000004495000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.279167689.0000000003334000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.280854533.00000000042E9000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: 9n7miZydYC.exe PID: 1736 Parent PID: 780

                                      General

                                      Start time:08:40:40
                                      Start date:09/06/2021
                                      Path:C:\Users\user\Desktop\9n7miZydYC.exe
                                      Wow64 process (32bit):true
                                      Commandline:{path}
                                      Imagebase:0xa20000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000007.00000000.277218336.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.463411890.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000007.00000000.277575023.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: schtasks.exe PID: 4560 Parent PID: 1736

                                      General

                                      Start time:08:40:43
                                      Start date:09/06/2021
                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                      Wow64 process (32bit):true
                                      Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpC2C1.tmp'
                                      Imagebase:0x7ff672e70000
                                      File size:185856 bytes
                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      Chronological Activities

                                      Analysis Process: conhost.exe PID: 4548 Parent PID: 4560

                                      General

                                      Start time:08:40:44
                                      Start date:09/06/2021
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6b2800000
                                      File size:625664 bytes
                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      Chronological Activities

                                      Analysis Process: schtasks.exe PID: 4356 Parent PID: 1736

                                      General

                                      Start time:08:40:44
                                      Start date:09/06/2021
                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                      Wow64 process (32bit):true
                                      Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpC67B.tmp'
                                      Imagebase:0xa0000
                                      File size:185856 bytes
                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      Chronological Activities

                                      Analysis Process: conhost.exe PID: 3660 Parent PID: 4356

                                      General

                                      Start time:08:40:45
                                      Start date:09/06/2021
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6b2800000
                                      File size:625664 bytes
                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      Chronological Activities

                                      Analysis Process: 9n7miZydYC.exe PID: 4716 Parent PID: 528

                                      General

                                      Start time:08:40:45
                                      Start date:09/06/2021
                                      Path:C:\Users\user\Desktop\9n7miZydYC.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Users\user\Desktop\9n7miZydYC.exe 0
                                      Imagebase:0x570000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.375447688.0000000003D35000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.374531994.0000000003B89000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000F.00000002.372309695.0000000002BD6000.00000004.00000001.sdmp, Author: Joe Security
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: dhcpmon.exe PID: 5508 Parent PID: 528

                                      General

                                      Start time:08:40:47
                                      Start date:09/06/2021
                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                      Wow64 process (32bit):true
                                      Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                      Imagebase:0x6d0000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000013.00000002.372998253.0000000002AD6000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.376242535.0000000003C35000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.374908003.0000000003A89000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      Antivirus matches:
                                      • Detection: 100%, Joe Sandbox ML
                                      • Detection: 37%, ReversingLabs
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: dhcpmon.exe PID: 5668 Parent PID: 3388

                                      General

                                      Start time:08:40:54
                                      Start date:09/06/2021
                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                      Wow64 process (32bit):true
                                      Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                      Imagebase:0xc0000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000015.00000002.391258363.0000000003449000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000015.00000002.388668896.0000000002496000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 00000015.00000002.392080007.00000000035F5000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: 9n7miZydYC.exe PID: 3040 Parent PID: 4716

                                      General

                                      Start time:08:41:21
                                      Start date:09/06/2021
                                      Path:C:\Users\user\Desktop\9n7miZydYC.exe
                                      Wow64 process (32bit):false
                                      Commandline:{path}
                                      Imagebase:0x350000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: 9n7miZydYC.exe PID: 4280 Parent PID: 4716

                                      General

                                      Start time:08:41:22
                                      Start date:09/06/2021
                                      Path:C:\Users\user\Desktop\9n7miZydYC.exe
                                      Wow64 process (32bit):false
                                      Commandline:{path}
                                      Imagebase:0x3b0000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: 9n7miZydYC.exe PID: 5752 Parent PID: 4716

                                      General

                                      Start time:08:41:23
                                      Start date:09/06/2021
                                      Path:C:\Users\user\Desktop\9n7miZydYC.exe
                                      Wow64 process (32bit):true
                                      Commandline:{path}
                                      Imagebase:0xc70000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001D.00000002.388118309.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001D.00000002.390678037.0000000003041000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001D.00000000.367378120.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001D.00000000.367856055.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001D.00000002.391222166.0000000004049000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: dhcpmon.exe PID: 2148 Parent PID: 5508

                                      General

                                      Start time:08:41:23
                                      Start date:09/06/2021
                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                      Wow64 process (32bit):true
                                      Commandline:{path}
                                      Imagebase:0xe20000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001E.00000002.392510114.00000000042C9000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001E.00000000.368666676.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001E.00000002.388846832.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001E.00000000.368132271.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001E.00000002.392325016.00000000032C1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: dhcpmon.exe PID: 3504 Parent PID: 5668

                                      General

                                      Start time:08:41:30
                                      Start date:09/06/2021
                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                      Wow64 process (32bit):true
                                      Commandline:{path}
                                      Imagebase:0x7a0000
                                      File size:736256 bytes
                                      MD5 hash:61DE33A77D34A313DF07DC2BDD28140A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001F.00000000.383519060.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001F.00000002.403785027.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001F.00000000.383969923.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001F.00000002.405159880.0000000002C01000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: NanoCore, Description: unknown, Source: 0000001F.00000002.405306863.0000000003C09000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                                      Chronological Activities

                                      Disassembly

                                      Code Analysis

                                      Reset < >

                                        Analysis Process: 9n7miZydYC.exe PID: 780 Parent PID: 5780 9n7miZydYC.exeCOMMON

                                        Executed Functions

                                        Function 0195B6A0, Relevance: 6.1, APIs: 4, Instructions: 127threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 0195B710
                                        • GetCurrentThread.KERNEL32 ref: 0195B74D
                                        • GetCurrentProcess.KERNEL32 ref: 0195B78A
                                        • GetCurrentThreadId.KERNEL32 ref: 0195B7E3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 0f5774a82892a0a54bb6869d31733de3c12638260bf2d9d2f3dfc5d69b19ca14
                                        • Instruction ID: fcd1710f22acb4bdd208f381500e8b8e3d07794f9e67283cef2d4e87911836a3
                                        • Opcode Fuzzy Hash: 0f5774a82892a0a54bb6869d31733de3c12638260bf2d9d2f3dfc5d69b19ca14
                                        • Instruction Fuzzy Hash: 295175B09006488FDB54DFAAD548BEEBFF1EF48314F248459E80AB7760DB749844CB26
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195B6B0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 0195B710
                                        • GetCurrentThread.KERNEL32 ref: 0195B74D
                                        • GetCurrentProcess.KERNEL32 ref: 0195B78A
                                        • GetCurrentThreadId.KERNEL32 ref: 0195B7E3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 2f118337e3bfcab83b5f104c5eb06c8a1fd994258cae2d1429538da26491a4a4
                                        • Instruction ID: 074866ccb5ff4e2562c40b4ad0e2e4d3546567140d717d14f2351d368b4a567d
                                        • Opcode Fuzzy Hash: 2f118337e3bfcab83b5f104c5eb06c8a1fd994258cae2d1429538da26491a4a4
                                        • Instruction Fuzzy Hash: 285167B09006088FDB14DFAAD548BEEBBF1EF48304F248459E41AB3750DB749944CF66
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 019592A8, Relevance: 1.7, APIs: 1, Instructions: 209libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01959971,00000800,00000000,00000000), ref: 01959B82
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 51e6163a9d00fe1f5abb567c869367948aaac783ea34d7a571d19ecc24849ac6
                                        • Instruction ID: 77100d95499f189d1bd031a7142e600fcf6fd4ac9ed291cf65b3c839c8c40bc0
                                        • Opcode Fuzzy Hash: 51e6163a9d00fe1f5abb567c869367948aaac783ea34d7a571d19ecc24849ac6
                                        • Instruction Fuzzy Hash: 4B817970A00B05CFE764DF6AD45075ABBF5BF88258F00892DD94AEBA41DB34E809CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195FD0F, Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0195FE2A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 77e087894b55847dd2a3aa66a3b60117d20dd2521befe8c253afc9912aa0c92b
                                        • Instruction ID: 2c4396753820331dc350fea85e28235ccd0157656b878f0e4a5f2481042cacbc
                                        • Opcode Fuzzy Hash: 77e087894b55847dd2a3aa66a3b60117d20dd2521befe8c253afc9912aa0c92b
                                        • Instruction Fuzzy Hash: FD51C0B1D00308DFDB14CFA9D884ADEFBB5BF48754F64852AE819AB210D770A985CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195FD18, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0195FE2A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: a5e537cb8cdef6a19b7348cb224776fcb21f67a5570d8dec6e854c39921a7d08
                                        • Instruction ID: 64ed3d0d339499373f6a230efce406d1a838476392dcf85c5b7d1b0f84f6a95d
                                        • Opcode Fuzzy Hash: a5e537cb8cdef6a19b7348cb224776fcb21f67a5570d8dec6e854c39921a7d08
                                        • Instruction Fuzzy Hash: 5F41C0B1D00308DFDB14CFA9D884ADEFBB5BF48754F64852AE819AB210D774A945CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01955368, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 01955421
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: bd06b43934473b4344026f4babb81cbf5e6cfd25f64348f0723e427827d3e1ff
                                        • Instruction ID: 9e57284dd25076d41df648977491f035c469b60197041c8cbf298edc653717e0
                                        • Opcode Fuzzy Hash: bd06b43934473b4344026f4babb81cbf5e6cfd25f64348f0723e427827d3e1ff
                                        • Instruction Fuzzy Hash: 994114B0D00218CFDB24DFA9C884BDEBBB5BF48309F218069D509BB251DB756946CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01953DE8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 01955421
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 7ed3f3e0c71d537496407edb5117dd47dd594c0b8f0472a48853c2fcbb85badd
                                        • Instruction ID: f4e44dd839bf91bc4b54c18b742f65d0a6231584535b48d99fc1e7aba50e1c86
                                        • Opcode Fuzzy Hash: 7ed3f3e0c71d537496407edb5117dd47dd594c0b8f0472a48853c2fcbb85badd
                                        • Instruction Fuzzy Hash: 914104B0D0021CCFDB64DFA9C884B9EBBB5BF58308F218069D909BB252DB756945CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195536F, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 01955421
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 627bf71444702327f406c631c57ca2dd0790b15fbd1b0aab8d48810ffaad6b1a
                                        • Instruction ID: 30a40a3924e62af1f29dc61c9c37854caebf40acb63172ecb47972e2bb6769e6
                                        • Opcode Fuzzy Hash: 627bf71444702327f406c631c57ca2dd0790b15fbd1b0aab8d48810ffaad6b1a
                                        • Instruction Fuzzy Hash: E24102B0D00218CEDB24DFA9C884BDDBBB1BF48309F21806AD509BB251DB75694ACF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195B99B, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0195B95F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: a09c293e0965eb2a64a5c13cfa42f4d2a4ce5f04e46a062686b6079f41d33789
                                        • Instruction ID: 14227612273cf2c346ee4bab6f3dc2071e8a816f09b8f67f32a303c3879ccc6f
                                        • Opcode Fuzzy Hash: a09c293e0965eb2a64a5c13cfa42f4d2a4ce5f04e46a062686b6079f41d33789
                                        • Instruction Fuzzy Hash: AA313974A90244DFF704CBA5F889779BBFAFB89301F208029E9469B786CB745801DF21
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01957D38, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9627e2685fdc7dfeb6e5787c10069d8bfd345e7efe041ddcba82847d13cb12f2
                                        • Instruction ID: 6993af8e9e12ebf300df25822d990b19d0e34b217211eb26dc879498bcea8c5d
                                        • Opcode Fuzzy Hash: 9627e2685fdc7dfeb6e5787c10069d8bfd345e7efe041ddcba82847d13cb12f2
                                        • Instruction Fuzzy Hash: 9E314471904384CEEB61DFA9E4083BABFFCAF10305F48449AD848A7242C778AA44CB71
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195B8D0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0195B95F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 8aee8d68f5cb209c83167aa436ed13f3cf4e6bb1069e8657522b268aa7543ca1
                                        • Instruction ID: 016e2028388db98712a9bab1a2f393b5b0447983e88ce4ed37c5bf314920c2ce
                                        • Opcode Fuzzy Hash: 8aee8d68f5cb209c83167aa436ed13f3cf4e6bb1069e8657522b268aa7543ca1
                                        • Instruction Fuzzy Hash: 4921F3B5900208DFDB10CFAAD484ADEBFF9EB48364F14801AE919B3310D374A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195B8D8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0195B95F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: d6eee6975223c5e0d779c9681ab927376f785de73a88c95444213e65c3f27733
                                        • Instruction ID: f9c1f1bf767ae5566c4eeb2ebb233d632ef2106a6d4ba176a702ba1b7ce24a69
                                        • Opcode Fuzzy Hash: d6eee6975223c5e0d779c9681ab927376f785de73a88c95444213e65c3f27733
                                        • Instruction Fuzzy Hash: E121C4B5900208DFDB10CFAAD984ADEFBF9EB48364F14841AE959B3310D374A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01959498, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01959971,00000800,00000000,00000000), ref: 01959B82
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 5ee71cde4facc965c29e65d5f24b1aeb26e1b6a34becf042e57fcceb7f523fd2
                                        • Instruction ID: 2ad642719546b6d210e859c75f7ab5303e3b2b69c6c01dfbfe4cea1075b9be8f
                                        • Opcode Fuzzy Hash: 5ee71cde4facc965c29e65d5f24b1aeb26e1b6a34becf042e57fcceb7f523fd2
                                        • Instruction Fuzzy Hash: A611F4B5900308DBEB10DF9AD444ADEFBF8AB48268F50842AE919B7600C3B5A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01959B13, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01959971,00000800,00000000,00000000), ref: 01959B82
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: b7803a5456c34919bb459c84a021c9fe283727ff41480065b0fc136c4588221c
                                        • Instruction ID: a1a41e58566df5f50d070bef67da28161f5bc197d3ab8d23551c0c83b35788fe
                                        • Opcode Fuzzy Hash: b7803a5456c34919bb459c84a021c9fe283727ff41480065b0fc136c4588221c
                                        • Instruction Fuzzy Hash: B61103B68002098FEB10DF9AD444ADEFBF8AB88364F54842AE919B7200C375A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01959890, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 019598F6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 4fd3d402bf78782c9701592b204c6276a6f8f9b17c8ce76748755905bc69770a
                                        • Instruction ID: 2ccfa77de814d8de3998eba9ae09f201a953fee7caf86b656320785c2bf2b89c
                                        • Opcode Fuzzy Hash: 4fd3d402bf78782c9701592b204c6276a6f8f9b17c8ce76748755905bc69770a
                                        • Instruction Fuzzy Hash: 02110FB5C00349CFDB20DF9AC444ADEFBF8EB88224F10841AD929B7600D3B9A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01959889, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 019598F6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 53aaec86bb8aa19f6dc07aac1e0da5f1357284cea040033ef067c4bf0db483e2
                                        • Instruction ID: c1cc67c7422df4e1568fa84069b29f73936fc3fbd1f9430a7c966b47c2c99422
                                        • Opcode Fuzzy Hash: 53aaec86bb8aa19f6dc07aac1e0da5f1357284cea040033ef067c4bf0db483e2
                                        • Instruction Fuzzy Hash: 1B11F0B6C00649CFDB14CF9AC544BDEFBF4AF48264F14851AD929B7600D378A549CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0B71, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID: tSl
                                        • API String ID: 0-1526855951
                                        • Opcode ID: 1fc044019aadd4254825eaee868e7cf77bc28803515f8bcebb853d457d905fc0
                                        • Instruction ID: 0e7b2e8a7f063e7fcc344c434f799dba3e05d2a799098fdc1d5fb3d0a5b2bfef
                                        • Opcode Fuzzy Hash: 1fc044019aadd4254825eaee868e7cf77bc28803515f8bcebb853d457d905fc0
                                        • Instruction Fuzzy Hash: 44318270A00209DFDB44DFA9D485A8DBBF6FB85304F50C8A6D50ADF264DB749A82CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0B90, Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID: tSl
                                        • API String ID: 0-1526855951
                                        • Opcode ID: 2dccd6a2810281d197205b2ea104cc1dbb061dc920b8bcc03cf56cbfd117e1b1
                                        • Instruction ID: 91b467f1f74f9650c859de23333a6df9529da8bb444c4d19ebb436d44d3dfee9
                                        • Opcode Fuzzy Hash: 2dccd6a2810281d197205b2ea104cc1dbb061dc920b8bcc03cf56cbfd117e1b1
                                        • Instruction Fuzzy Hash: A5313070A00209DFCB44DFA9D485A9DBBF6EBC5304F60C8A5D50ADF224DB749A82CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE1D98, Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4190a78be0883d7bb0af5e08035a759a21767a4f42885ecacc7c19438b43f36
                                        • Instruction ID: 9de4a2571bab51b3a0a3f66f58fc255a2f4da207b34af8357a28d8b5c06fd5d5
                                        • Opcode Fuzzy Hash: a4190a78be0883d7bb0af5e08035a759a21767a4f42885ecacc7c19438b43f36
                                        • Instruction Fuzzy Hash: D3210576D142188FCB05DBB9E4461EEBFB1EF49620F14446BD841AB741CB3119CACFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0186D4C4, Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278883659.000000000186D000.00000040.00000001.sdmp, Offset: 0186D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 412fe5b3c913611f9be546550361375619e7ddb8760117b9fa2ce42ee2a65fc5
                                        • Instruction ID: 123f92c4ee7e160a4d41ee18f1f7babe6b2aabc1396c0d3bbf14bcad59d4b385
                                        • Opcode Fuzzy Hash: 412fe5b3c913611f9be546550361375619e7ddb8760117b9fa2ce42ee2a65fc5
                                        • Instruction Fuzzy Hash: 172136B1604244DFCB11DF54D9C4B26BF69FB8831CF2486A9E9458BA06C336D906CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0187D1D4, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278902580.000000000187D000.00000040.00000001.sdmp, Offset: 0187D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b7f80e400991481cac62bf324d25fa320a89f73f03ae9b628fff461fe776239e
                                        • Instruction ID: 4f13c90c4cec349db7ba8c34b5694290baf3a90d98575888142b2e4bcf22a453
                                        • Opcode Fuzzy Hash: b7f80e400991481cac62bf324d25fa320a89f73f03ae9b628fff461fe776239e
                                        • Instruction Fuzzy Hash: DE2125B1514204DFDB01DF94D9C0B26BB65FF84328F24C6ADE9098B242C336E947CA61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0187D01C, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278902580.000000000187D000.00000040.00000001.sdmp, Offset: 0187D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c8fa83778c4d9c53159262c35066f1fe14e50b788949cb44b62cc206b671166a
                                        • Instruction ID: 1b90a0b25a1dccec03d1910252668516b044504be55d828611dcaa3f14d66b03
                                        • Opcode Fuzzy Hash: c8fa83778c4d9c53159262c35066f1fe14e50b788949cb44b62cc206b671166a
                                        • Instruction Fuzzy Hash: EF2122B1504244DFCB12DF64D9C0B26BB65FF84358F24CAADE80A8B346C33AD907CA61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0186D4BF, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278883659.000000000186D000.00000040.00000001.sdmp, Offset: 0186D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c44e5517e690f366dff050201c0b94941bd0826892d3e316883c0148e970eb9
                                        • Instruction ID: 00c651d3e01fdea091832c407fd75155633b7b4119fbde39c8111aed5904475c
                                        • Opcode Fuzzy Hash: 4c44e5517e690f366dff050201c0b94941bd0826892d3e316883c0148e970eb9
                                        • Instruction Fuzzy Hash: EE11D376904280CFCB12CF54D5C4B16BF71FB84324F28C6A9E8454BA17C336D55ACBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0187D017, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278902580.000000000187D000.00000040.00000001.sdmp, Offset: 0187D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction ID: e70f5cf6bd904e0ac63dd899937facf2179e2e776ffd9fa5283cc10af4662057
                                        • Opcode Fuzzy Hash: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction Fuzzy Hash: 6111BB75504280CFCB12CF18D5C4B15FBA1FB84324F28C6AAD8098B656C33AD54ACBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0187D1CF, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278902580.000000000187D000.00000040.00000001.sdmp, Offset: 0187D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction ID: d2785701fd06384cd84bd78f969c8519c5f9fca77aa93e609686d4a97003eb77
                                        • Opcode Fuzzy Hash: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction Fuzzy Hash: D3117975904280DFDB12CF54D5C4B15BBA1FB84324F28C6A9D8498B656C33AE54ACB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE1DEA, Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5a58e2417b760fc0523d2d08fb2dff66b7e3bf68656ede86aecf74504366de74
                                        • Instruction ID: 184000da5903ee9bab99ef4ddc1f61f3d3d67865a198903c4cfd9ff24ea694f8
                                        • Opcode Fuzzy Hash: 5a58e2417b760fc0523d2d08fb2dff66b7e3bf68656ede86aecf74504366de74
                                        • Instruction Fuzzy Hash: 19110AB6E101198BCF04DFA9D4565EEBBB5EF88311F14842AD405B7314DB316A86CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE1DF0, Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78161f7255f63963e49e135fbb2600960238c4d1c68ce7e4a52f5cc8c76aa7dc
                                        • Instruction ID: 6f306b42bb60e6fdf01462ec88b1e1ef98fe9a6cf8be9d99a386aa747ff6daf7
                                        • Opcode Fuzzy Hash: 78161f7255f63963e49e135fbb2600960238c4d1c68ce7e4a52f5cc8c76aa7dc
                                        • Instruction Fuzzy Hash: 1411E275E102198BCF04DFA9D4465EEBBB6EF88310F14842AE905B7344DB316A86CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0186D745, Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278883659.000000000186D000.00000040.00000001.sdmp, Offset: 0186D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 605d5976dffcfe96a1551c42f6d7b2d11b970eac7632571bd6b372b536883371
                                        • Instruction ID: 71d903e815f6770c2454625dc7e24f80bced24d7f50bed7f81d51d5f423ec903
                                        • Opcode Fuzzy Hash: 605d5976dffcfe96a1551c42f6d7b2d11b970eac7632571bd6b372b536883371
                                        • Instruction Fuzzy Hash: 960147711083C49AE7205F6ACC84B66BB9CDF41368F08865AEE488B246D37C9944CBB2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0186D744, Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.278883659.000000000186D000.00000040.00000001.sdmp, Offset: 0186D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a2a29d2c1491fa083893ae32f62e82b200b2b5ebd9937310cb7a9d4afb76046
                                        • Instruction ID: fa1f7fcccb2822cd0b1e15fc775162a73c267a085539fbef008b20e349825768
                                        • Opcode Fuzzy Hash: 9a2a29d2c1491fa083893ae32f62e82b200b2b5ebd9937310cb7a9d4afb76046
                                        • Instruction Fuzzy Hash: AAF0C8714042849EE7118E1ADC84B62FF9CDB41774F18C15AED484B246C3799844CBB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE1024, Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8497f4d249dbd48a17e95596bfb651d89d9cd9d71b2efa605d66a7a0f6d1ad2c
                                        • Instruction ID: 64aed0ce47400dbed9eb57d3f326c1e468ebdbd34548df3d1ff228dad2e64fbc
                                        • Opcode Fuzzy Hash: 8497f4d249dbd48a17e95596bfb651d89d9cd9d71b2efa605d66a7a0f6d1ad2c
                                        • Instruction Fuzzy Hash: 96F0B774911249DFC704DF9AE189E8DFFF5EF48325B15809AE415DB224DB349882CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0DEC, Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 08e6fa9b223e0e491229b2a6e622e7b35e16a5cb0edf22139854d3f4a7e6fb17
                                        • Instruction ID: 4a78fbe49d9d077296ed28fd836113deecc59381174cc69b8c4dd6fd99d6bc31
                                        • Opcode Fuzzy Hash: 08e6fa9b223e0e491229b2a6e622e7b35e16a5cb0edf22139854d3f4a7e6fb17
                                        • Instruction Fuzzy Hash: DCF0A974A102489FCF44DFE5E48A45CBFB2FB88300B10885AE416EB258DA356D81CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0D99, Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6de455f51fc493eeb167014d0975584de11b6249d7a04eaddf2404f865f9d0e5
                                        • Instruction ID: b9dd1b3146d829b75de8f34a0d8de6839bbe1c2c4afe9e2875721de1c9472092
                                        • Opcode Fuzzy Hash: 6de455f51fc493eeb167014d0975584de11b6249d7a04eaddf2404f865f9d0e5
                                        • Instruction Fuzzy Hash: 25F01C74E012089FCB00DF95E945A9CBFB2FF88310F608655E426AB398DB7059428F40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0D61, Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e42e6028edc156d3ee564ed610cab717ca1c3ad117362568646434c847cff0cd
                                        • Instruction ID: 186a112543514ae166680f77af972ceca681d84e5f316136a493df6a259d4996
                                        • Opcode Fuzzy Hash: e42e6028edc156d3ee564ed610cab717ca1c3ad117362568646434c847cff0cd
                                        • Instruction Fuzzy Hash: 72D05B74A16305AFCF40DFA9D15459CBBB1FB94204B108C559015DB318D7347942CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0369, Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d1b2a105c6b9b7340f053679e37f3067e9b9642eb062605bfe01a800ebc968c3
                                        • Instruction ID: 55be02950d0de93b0bec660bf8ae97cca6d2c3a80f6d72fa08be3cefd47920e2
                                        • Opcode Fuzzy Hash: d1b2a105c6b9b7340f053679e37f3067e9b9642eb062605bfe01a800ebc968c3
                                        • Instruction Fuzzy Hash: 83D01770E19269CFCB80DF6AD884A9DB7B6EB85200F008899D009A7224DB345985CF21
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 0195E590, Relevance: .3, Instructions: 315COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: abb79971c8099af9b0ea07936c3f8932067578cd6349e33f015b68553b1a31ab
                                        • Instruction ID: e785cc0569a938f0a8e98034e60aae8d428ac1017ec96c6e1d97ea61651af6bd
                                        • Opcode Fuzzy Hash: abb79971c8099af9b0ea07936c3f8932067578cd6349e33f015b68553b1a31ab
                                        • Instruction Fuzzy Hash: B512F9F18197468BF3B8EF65E8881993BA1FF41328F924328D2651FAD8D7B4114ACF44
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195C144, Relevance: .3, Instructions: 265COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 91cfcfac9413ba7f770740eb818783246a01e6e03a592b82eff8f62168fa91ff
                                        • Instruction ID: a4aed019742fe6845e75145fa6ebc2c60b349fea16d6b4fb4f4146cae52b49bd
                                        • Opcode Fuzzy Hash: 91cfcfac9413ba7f770740eb818783246a01e6e03a592b82eff8f62168fa91ff
                                        • Instruction Fuzzy Hash: 9FA14D32E0021A8FCF15DFB5C9449DEBBF6FF85301B15856AE909BB261EB31A945CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0195E580, Relevance: .2, Instructions: 224COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.279001052.0000000001950000.00000040.00000001.sdmp, Offset: 01950000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3ca38bcc4fc653feb574f0af4c1b04f1adc6c6595655281c2a1662cd7cd1efcc
                                        • Instruction ID: d3f5e4445e4a74212e48a5094978a2579347f0bf40ef61e9f15b206a04365199
                                        • Opcode Fuzzy Hash: 3ca38bcc4fc653feb574f0af4c1b04f1adc6c6595655281c2a1662cd7cd1efcc
                                        • Instruction Fuzzy Hash: 61C18EF18197468BF7A8EF64E8881997B71FF85328F524328D1616FAD8D7B4104ACF84
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE1099, Relevance: .1, Instructions: 120COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f79d6b8a0e13a934dab269e5c99950542ca8ad7081aa69625301692f664d978
                                        • Instruction ID: dc43c054b7968766c3952c77c86feafad376ee226fd3e8e9227398aa2563a7c5
                                        • Opcode Fuzzy Hash: 7f79d6b8a0e13a934dab269e5c99950542ca8ad7081aa69625301692f664d978
                                        • Instruction Fuzzy Hash: CC419E71E152188FDB18CF6AD9427DEFBF6EB88210F24C06AE40DA7254D7309A95CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE10E8, Relevance: .1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f45c20dc062bddd8110273184e08cfd8b548515463ae1cdfe3f894d4a766688
                                        • Instruction ID: 598eaf3af946b392da2e444f62b2400288df96f103daf66909e1dc60726e49b7
                                        • Opcode Fuzzy Hash: 5f45c20dc062bddd8110273184e08cfd8b548515463ae1cdfe3f894d4a766688
                                        • Instruction Fuzzy Hash: 404156B1E112189FDB18CFAAD981B9EBBF7AB88210F14C0AAD508A7354DB305A418F51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0013, Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 639212eacecc100561dca6c3fb952bd15cc6a5266d5f1d6bfae35b904be6c5eb
                                        • Instruction ID: 8653a86540c6679ec7907cce6fb7e153487c5b57bf4456813864c3bd142b78e0
                                        • Opcode Fuzzy Hash: 639212eacecc100561dca6c3fb952bd15cc6a5266d5f1d6bfae35b904be6c5eb
                                        • Instruction Fuzzy Hash: 2B21E0B5E046548BD719CF6BD84129EFBB3AFC9200F18C1BAC948AA265DB3405468F61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07CE0040, Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.287563212.0000000007CE0000.00000040.00000001.sdmp, Offset: 07CA0000, based on PE: true
                                        • Associated: 00000000.00000002.287436267.0000000007CA0000.00000004.00000001.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 97a9866e7f4923d9ec40039217606a2a079f486fbb88aadfcb58ebff83418c16
                                        • Instruction ID: 50d65e48d709302834b2b11a6649a3bb42b5d79f1387de9f8da866955a590c15
                                        • Opcode Fuzzy Hash: 97a9866e7f4923d9ec40039217606a2a079f486fbb88aadfcb58ebff83418c16
                                        • Instruction Fuzzy Hash: 6311BFB1E006189BEB58CFABD8446DEFBF7AFC9200F14C176C918B6218EB7416568F51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Analysis Process: 9n7miZydYC.exe PID: 4716 Parent PID: 528 9n7miZydYC.exeCOMMON

                                        Executed Functions

                                        Function 0297B6A0, Relevance: 6.1, APIs: 4, Instructions: 127threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 0297B710
                                        • GetCurrentThread.KERNEL32 ref: 0297B74D
                                        • GetCurrentProcess.KERNEL32 ref: 0297B78A
                                        • GetCurrentThreadId.KERNEL32 ref: 0297B7E3
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 29b7caaef33007653cef847e586f8946a4e8ad762833e895f9560b34ca593930
                                        • Instruction ID: 8628c0cc6718d6631fd79bb9bbf476b54d22f6c0d85d34bef4ba374e1a98977a
                                        • Opcode Fuzzy Hash: 29b7caaef33007653cef847e586f8946a4e8ad762833e895f9560b34ca593930
                                        • Instruction Fuzzy Hash: 53518AB09007498FDB50DFAAD5887EEBBF1EF48318F208499E409A7760CB389845CF21
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0297B6B0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 0297B710
                                        • GetCurrentThread.KERNEL32 ref: 0297B74D
                                        • GetCurrentProcess.KERNEL32 ref: 0297B78A
                                        • GetCurrentThreadId.KERNEL32 ref: 0297B7E3
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 2cc6207a9f1296ba347871d5768b99bb2ce9a509d5c8418ebd703bc99adf3a95
                                        • Instruction ID: 5ca1cfcfacccf1de7d7a5349e5e7c2c337377ef14eebe95221f0bff4b14783c8
                                        • Opcode Fuzzy Hash: 2cc6207a9f1296ba347871d5768b99bb2ce9a509d5c8418ebd703bc99adf3a95
                                        • Instruction Fuzzy Hash: E35179B0A007098FDB50DFAAD548BDEBBF1EF48318F208459E409A7760DB38A944CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0297FD0E, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0297FE2A
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 76d58dff1046a1568122ba70f0c323f18c720db42388c986d061f913a302c632
                                        • Instruction ID: a023e188976eb821cb817d5760bfee4a7d3b49bb62fbe8555a13fe9750e71079
                                        • Opcode Fuzzy Hash: 76d58dff1046a1568122ba70f0c323f18c720db42388c986d061f913a302c632
                                        • Instruction Fuzzy Hash: 7351C1B1D003099FDB14CFA9D884ADEFBB5BF48354F24862AE819AB210D7749985CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0297FD18, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0297FE2A
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 05942beab51c0dfb4b6d3cf634ba3e6f72c3a3789878e7a0c09f6ca1e3867621
                                        • Instruction ID: 2efff0a7c674f009e8c704bccdf9caab7cd036f9ace07722dd974a4c4885d697
                                        • Opcode Fuzzy Hash: 05942beab51c0dfb4b6d3cf634ba3e6f72c3a3789878e7a0c09f6ca1e3867621
                                        • Instruction Fuzzy Hash: 4541C0B1D003099FDB14CFA9D884ADEFBB5BF48354F24852AE419AB210D7749985CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02975365, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 02975421
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 38ee86968d82632e2d5cd5f1f65685ff91459d6979dcaebe14ce799d5409621b
                                        • Instruction ID: 74e001c2494fa1b6011b5e3b07710b1a5684e3040b3cf465433e57e91ffca73a
                                        • Opcode Fuzzy Hash: 38ee86968d82632e2d5cd5f1f65685ff91459d6979dcaebe14ce799d5409621b
                                        • Instruction Fuzzy Hash: 574125B0C00218CFDB64DFA9C8847DEBBB5BF89308F218069D459BB251DB75694ACF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02973DE8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 02975421
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 8d4cb40ac4a4e57d6edfddad607248769d51ca2d626811fd4dd898f1e24af79d
                                        • Instruction ID: 1604d8d67cb64db42c343ee2077ecd525d4d36ab7619a17e556b41e646d10fd6
                                        • Opcode Fuzzy Hash: 8d4cb40ac4a4e57d6edfddad607248769d51ca2d626811fd4dd898f1e24af79d
                                        • Instruction Fuzzy Hash: 7E4104B1C0061CCFDB64DFA9C88478EBBB5BF48308F618069E519BB251DB756949CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0297B8D0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0297B95F
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: e09527d861ef89bb4e9248b6b2eba6d39174cfa343dd2cd486e6185a385fbd07
                                        • Instruction ID: 3e65eb12f066ce6549ea5847cce537686f5269184a02050ad18f618b416299d4
                                        • Opcode Fuzzy Hash: e09527d861ef89bb4e9248b6b2eba6d39174cfa343dd2cd486e6185a385fbd07
                                        • Instruction Fuzzy Hash: F121D2B5900248EFDB10CFAAD584AEEFFF4EB48364F14845AE954A3311D374A945CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02979B12, Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02979971,00000800,00000000,00000000), ref: 02979B82
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: ea8dad5d8c78f61f3ef7c44f67962d4e666bec5e1c83501379abbbd9b12ba7d6
                                        • Instruction ID: 68813eb891d524cdfd780501b106052465bd7d32297c3d7bc6140f302a12918a
                                        • Opcode Fuzzy Hash: ea8dad5d8c78f61f3ef7c44f67962d4e666bec5e1c83501379abbbd9b12ba7d6
                                        • Instruction Fuzzy Hash: 4E2116B6D00209CFDB24CFAAD444BDEFBB4EB88364F14841EE415A7600C374A549CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0297B8D8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0297B95F
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 8ada0d79fcf5a55979778df5260f20271e677ed7b8787e916107dd5975e3dfbb
                                        • Instruction ID: 6c3c31693a190bf77024d86332cd7616449a0593991a61032e5c3baddbc8bf0f
                                        • Opcode Fuzzy Hash: 8ada0d79fcf5a55979778df5260f20271e677ed7b8787e916107dd5975e3dfbb
                                        • Instruction Fuzzy Hash: 9621C4B5900249EFDB10CFAAD984ADEFBF8EB48364F14841AE954A3310D374A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02979498, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02979971,00000800,00000000,00000000), ref: 02979B82
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 5856230dca6c3ede8f8a8564d10a6b696493b26d63de7dbbdc7af8e34f580656
                                        • Instruction ID: 6a1e2fd7602587b03798c5a9a127e92dbef9a3b93adc140f84e4547a0ab300f1
                                        • Opcode Fuzzy Hash: 5856230dca6c3ede8f8a8564d10a6b696493b26d63de7dbbdc7af8e34f580656
                                        • Instruction Fuzzy Hash: 761103B69003099FDB10DF9AD444BDEFBF8EB88364F10842EE515A7200C374A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02979889, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 029798F6
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 0e9871a866ff0b6f19012d039e50b60ec92d922a73cbc461b0d0a3390f104406
                                        • Instruction ID: f4fc6867c6f811e176e517a4b98289abeb29c3e79aa76d098812dc308224662c
                                        • Opcode Fuzzy Hash: 0e9871a866ff0b6f19012d039e50b60ec92d922a73cbc461b0d0a3390f104406
                                        • Instruction Fuzzy Hash: 761120B5D006498FDB20CFAAD444BDEFBF4EF89224F10855AD469B3610C375A546CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02979890, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 029798F6
                                        Memory Dump Source
                                        • Source File: 0000000F.00000002.371274103.0000000002970000.00000040.00000001.sdmp, Offset: 02970000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 92849d08585cbc90845773460d42eed9e6d73c059f10e831c03e586745c4f545
                                        • Instruction ID: 7b4e7a794042826f18f84042ba132cd5ded6339cbac3590353658015c193ab80
                                        • Opcode Fuzzy Hash: 92849d08585cbc90845773460d42eed9e6d73c059f10e831c03e586745c4f545
                                        • Instruction Fuzzy Hash: 441110B6D007498FDB20DF9AD444BDEFBF8EB89224F10841AD429B7610C378A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Analysis Process: dhcpmon.exe PID: 5508 Parent PID: 528 dhcpmon.exeCOMMON

                                        Executed Functions

                                        Function 084E5720, Relevance: 8.8, Strings: 5, Instructions: 2596COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: <l$<l$D0l$Xcl$Xcl
                                        • API String ID: 0-3012072445
                                        • Opcode ID: b823889259bedef1cd35a1e348ad4179df1990997824ed78bf89633cecc1cfb5
                                        • Instruction ID: 0923780f8812bd7fc1daeadcc9ddf31cb62c541e4171fcd0df762271ba76a07a
                                        • Opcode Fuzzy Hash: b823889259bedef1cd35a1e348ad4179df1990997824ed78bf89633cecc1cfb5
                                        • Instruction Fuzzy Hash: 0343F974E00219CFCB24DF68C888A9DB7B2BF49316F168599E549AB365DB30ED81CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ED2B0, Relevance: 4.0, Strings: 3, Instructions: 296COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: I[$I[$}pR
                                        • API String ID: 0-2281729398
                                        • Opcode ID: f9862fc8f1746fec4f0073601c7b1051bfe4b0eed10468daf03fd8896308c09d
                                        • Instruction ID: 5cc76c7e04306a53d9efa77a1d618073335e1ef0d7c224478968509a90351624
                                        • Opcode Fuzzy Hash: f9862fc8f1746fec4f0073601c7b1051bfe4b0eed10468daf03fd8896308c09d
                                        • Instruction Fuzzy Hash: C2D12A74D0120ADFCB04CFA9D5849AEFBB2FF88302B20955AE415AB255D734E982CF95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ED296, Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: I[$}pR
                                        • API String ID: 0-1686705283
                                        • Opcode ID: 38fb07ee530334705b8583a6da6736767cc6524678f51fd312aa4ebc600e0fd9
                                        • Instruction ID: 946abcdc92b8f4c60a8977fcbf6b135b0fd4156aaa0e4b2d867057fae01c85b0
                                        • Opcode Fuzzy Hash: 38fb07ee530334705b8583a6da6736767cc6524678f51fd312aa4ebc600e0fd9
                                        • Instruction Fuzzy Hash: 32D14E74D0520ADFCB04CFA9D5849AEFBB2FF88302B60D55AE415AB255D734E982CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E8F98, Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: d-l
                                        • API String ID: 0-1317474975
                                        • Opcode ID: 723ecc8bdccf9720f9146b9e51ea423e17711884f67cd490b6209931ea73edbc
                                        • Instruction ID: 9b56e2e30cd7f8c5487e22b8cd71d7990614e153791af86c501e07d998f77e06
                                        • Opcode Fuzzy Hash: 723ecc8bdccf9720f9146b9e51ea423e17711884f67cd490b6209931ea73edbc
                                        • Instruction Fuzzy Hash: B9D1F874E002189FDB14DFA9C884A9EBBF2FF89301F11816AE509AB3A5DB359D45CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E90B1, Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: d-l
                                        • API String ID: 0-1317474975
                                        • Opcode ID: 1cfecb141b548d37c4b07ebcc6b89c1c39c415a334939ca3e0e3080b2455e68c
                                        • Instruction ID: f7fe2074e30d49ed2a2749dafe212b0a34e0bcb33cb9e4a4f90e9332232639af
                                        • Opcode Fuzzy Hash: 1cfecb141b548d37c4b07ebcc6b89c1c39c415a334939ca3e0e3080b2455e68c
                                        • Instruction Fuzzy Hash: 9E91D774E002189FDB54DFA5D884ADEBBF2FF89300F2080AAE509AB355DB349945CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E1A98, Relevance: .9, Instructions: 910COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d69dd686cf1740c1d62331c13746d25e86125a57feabcd864184e5afc11a68a
                                        • Instruction ID: 5ea77fb00b459d5e676b08722cd678f20e11d030442c225bb223dddf8efc9b68
                                        • Opcode Fuzzy Hash: 0d69dd686cf1740c1d62331c13746d25e86125a57feabcd864184e5afc11a68a
                                        • Instruction Fuzzy Hash: 6292DC71D05268CFEB24DF66C9443EDBAF5FB48307F1480AAE009A6291D7B94AC5DF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E2BD8, Relevance: .9, Instructions: 889COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4041486ed84109fdaa932b93c49e858020279e9fba057998024cca6959179890
                                        • Instruction ID: 3b36fa4dbf78e3016d7e6e6e9d9519094c498a4ea578437a9e4d3b397eba974a
                                        • Opcode Fuzzy Hash: 4041486ed84109fdaa932b93c49e858020279e9fba057998024cca6959179890
                                        • Instruction Fuzzy Hash: 9892B871D05269CFEB25CFA6C9483EDFAF5BB48306F1480AAE009A7291D7794AC5DF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E4858, Relevance: .7, Instructions: 721COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d7382ec2df324f867de4f2525ef8e9452288821c68f62ae87712010cac0a75f8
                                        • Instruction ID: 8d10b1b2fa16ee3aa9b7795b9e86621ad3b9dd462d1442bcc7c11f2506917944
                                        • Opcode Fuzzy Hash: d7382ec2df324f867de4f2525ef8e9452288821c68f62ae87712010cac0a75f8
                                        • Instruction Fuzzy Hash: 06526D30B00515DFCB14DF69C484A6EBBB2BF89716B16816AF906DB361DB34EC42CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E1A88, Relevance: .5, Instructions: 528COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b8394151d9fc1cc224d1e2e0a75e4a0f90e2a5e61a51dca4a5f8a509b71af0e
                                        • Instruction ID: 22d02b46b736bb36890bea555fef6f42796d63dcabadcac3255158817285d90f
                                        • Opcode Fuzzy Hash: 5b8394151d9fc1cc224d1e2e0a75e4a0f90e2a5e61a51dca4a5f8a509b71af0e
                                        • Instruction Fuzzy Hash: 4B320D71D05268CFEB24CF66C8583EDBAF5FB48306F1481EAE109A6291D7794AC9CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E2BD5, Relevance: .5, Instructions: 502COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63ed529d441cd5e966d857f45c671e6016598beaff5f15863f9fe7d0923ca547
                                        • Instruction ID: 6eb96c719640a43203283882ac850c52c85d7080dbba7f6bf94d5c96ee462a14
                                        • Opcode Fuzzy Hash: 63ed529d441cd5e966d857f45c671e6016598beaff5f15863f9fe7d0923ca547
                                        • Instruction Fuzzy Hash: CA32E9B1D05268CFEB25CFA6C9183EDFAF5BB44346F0480AAD149A7291D7794AC9CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EAD5A, Relevance: .3, Instructions: 253COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 794b2be2144d8922281e4f57768e815c137714ac7698447c04b17d66251dda7c
                                        • Instruction ID: 2a574a8180a52ab3e56fb4ff30714bb9069435ae53ed67ba47982e920ae07ba9
                                        • Opcode Fuzzy Hash: 794b2be2144d8922281e4f57768e815c137714ac7698447c04b17d66251dda7c
                                        • Instruction Fuzzy Hash: B8A16774E046688FCB04CFA9C8846AEBFB2FF89312F14816AD519AB214D7359945CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EADF8, Relevance: .2, Instructions: 189COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 73a23f29e7f296b60d6b6178aab7bbc12ea7cfd31f6602c4763af8e85f65e4d5
                                        • Instruction ID: 5dc7a92b16547c5c3d6cd2e57fe68ae918e9e94c8e2e23eed69ddcdd33a43bfa
                                        • Opcode Fuzzy Hash: 73a23f29e7f296b60d6b6178aab7bbc12ea7cfd31f6602c4763af8e85f65e4d5
                                        • Instruction Fuzzy Hash: A481D374E01218CFDB08CFA9C984A9EBBB2FF88301F24812AD515AB354DB359946CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9D90, Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d7f5e430039710797731706f3f71fe16d7b78d208ce6f7cafa2eba24151f21c6
                                        • Instruction ID: 73d2f1c12e86f8ec3aaca9df66dae1dd98c023c7485fc7ac5d1cb4a6a69f3684
                                        • Opcode Fuzzy Hash: d7f5e430039710797731706f3f71fe16d7b78d208ce6f7cafa2eba24151f21c6
                                        • Instruction Fuzzy Hash: 4051C774E012199FCB14DFAAC581AEEFBB2FF88301F14C56AE514A7395DB349942CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBA12, Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c1dd8304bd443f5cddd3aac899da16c00a5d35ea87c7f7fed24d105a8d5413f
                                        • Instruction ID: ae985481624b289bcf81eb717f929b103c7773bf63dd613f922683913493f89a
                                        • Opcode Fuzzy Hash: 2c1dd8304bd443f5cddd3aac899da16c00a5d35ea87c7f7fed24d105a8d5413f
                                        • Instruction Fuzzy Hash: A65108B0E052199FCB08CFAAC9446AEFBF2EF88312F14C56AD419B7255D7344941CF64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBA20, Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 71584001942639fcb14871ec0487cc26787c7095161ead951e53d9a37c26e04f
                                        • Instruction ID: 5c5d3af0e5cba742a350ebcf7d38deade3784b7d42bd0ae60245a658d5be5ac4
                                        • Opcode Fuzzy Hash: 71584001942639fcb14871ec0487cc26787c7095161ead951e53d9a37c26e04f
                                        • Instruction Fuzzy Hash: 8C5107B4E052198FDB08CFAAC9406AEFBF2FF88312F14C56AD419B7255D73499418F64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9D11, Relevance: .1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 44b461c1c82099d93813f2e14c0cab85c6fb53710eda1545c8642b492fc35d47
                                        • Instruction ID: 5e9a963aabd2922612cbf929208012b3ace975998e1032dfcf5349fe517754c8
                                        • Opcode Fuzzy Hash: 44b461c1c82099d93813f2e14c0cab85c6fb53710eda1545c8642b492fc35d47
                                        • Instruction Fuzzy Hash: 9241D475E052089FDB04DFAAC8816EEBFF2EF89301F14C06AE414AB395DB349942CB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EC400, Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8a5a8ad1984d786e1a7ceed2bf099836cc72ce9e11ea2a6942f4a3a9398073b1
                                        • Instruction ID: d215e238ee8abc3f36d63816c532cf4cf1d40eebb3a3d60395bd7e003b06a270
                                        • Opcode Fuzzy Hash: 8a5a8ad1984d786e1a7ceed2bf099836cc72ce9e11ea2a6942f4a3a9398073b1
                                        • Instruction Fuzzy Hash: AE31D371E016188BDB18CFAAD9446DEFBB3EFC8311F14C1AAE409AB254DB355A85CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EC3F1, Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4552bc128cd7de64243aefc211b9fe2ec8c19dc531ed0e1f487b69889c3fd241
                                        • Instruction ID: 941c1d981fe47701d8427154c75028d6fc152015a844923d3432dbae520d5c78
                                        • Opcode Fuzzy Hash: 4552bc128cd7de64243aefc211b9fe2ec8c19dc531ed0e1f487b69889c3fd241
                                        • Instruction Fuzzy Hash: A121C970E016588BDB18CFABD94469EFFF3AFC9300F14C1AAD408AA259DB740945CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E4230, Relevance: 5.2, Strings: 4, Instructions: 179COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: Xcl$Xcl$Xcl$Xcl
                                        • API String ID: 0-3823498771
                                        • Opcode ID: 0b231a14411279d4acce4b9eec62b9bc046c62c4dff5a34bd0a2170653d65f66
                                        • Instruction ID: 98d9c6bbad18d61c37ecd350b545d80598b7ae0ad7c915eb889a1b7cde265993
                                        • Opcode Fuzzy Hash: 0b231a14411279d4acce4b9eec62b9bc046c62c4dff5a34bd0a2170653d65f66
                                        • Instruction Fuzzy Hash: E5616B31B00519DFCF14DF68D455AAE7BB6AF89216F15806AF902EB390CB34DC02CBA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ED889, Relevance: 3.8, Strings: 3, Instructions: 71COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: ?~>K$wK=$wK=
                                        • API String ID: 0-1562241126
                                        • Opcode ID: 59d240c10861d96af253dce8aafbd5bd480723d3727fb1ab5105221521e40ae3
                                        • Instruction ID: f2f16636479203d3d1b0cc6e1d056d6b53c5b7ef8835cfc9a71aa30eb5bc8506
                                        • Opcode Fuzzy Hash: 59d240c10861d96af253dce8aafbd5bd480723d3727fb1ab5105221521e40ae3
                                        • Instruction Fuzzy Hash: AC312870D09209EFCB44CFA9C9806AEFBF1FF99241F24D9AAD405AB255D7308A41DF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ED898, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: ,j{$,j{$?~>K
                                        • API String ID: 0-1630969029
                                        • Opcode ID: b0d733300fb6526b6132e9ddd156b1150f4bb4129c6e141f4265967d2f1e0605
                                        • Instruction ID: c1eac95cb79f7b0d84c6e0b4964d5f8a2cfcbb3112dc968c66bfc2f931dde297
                                        • Opcode Fuzzy Hash: b0d733300fb6526b6132e9ddd156b1150f4bb4129c6e141f4265967d2f1e0605
                                        • Instruction Fuzzy Hash: 9A2137B0D05209DFCB44CFAAC9406AEFBF2FB89342F24D9AAD405A7214D7309A419F55
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36A2D, Relevance: 1.6, APIs: 1, Instructions: 147processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 06F36B8B
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 9c45b1c89211071592ce2c8fd7ff582339a57ce83d68919a25c0fb019d01630b
                                        • Instruction ID: ae793b5a7a38fe1435be45ab11d198f4869e8c663ba311d9318bdbcd92d0ad94
                                        • Opcode Fuzzy Hash: 9c45b1c89211071592ce2c8fd7ff582339a57ce83d68919a25c0fb019d01630b
                                        • Instruction Fuzzy Hash: C1512671D003289FDF64CF99C880BDEBBB1BF48304F14809AE409A7210DB719A89CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36A38, Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 06F36B8B
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 30d31d5eb76403d01b2d116ab74a597db1c39ed01a8064b395d26602807b481a
                                        • Instruction ID: 419a7894234d14fb693cc930a4bd6ffeba37af163c9e06b7f95de740180e9be7
                                        • Opcode Fuzzy Hash: 30d31d5eb76403d01b2d116ab74a597db1c39ed01a8064b395d26602807b481a
                                        • Instruction Fuzzy Hash: 77511671D003289FDF64CF99C880BDDBBB1BF48304F15809AE909A7250DB709A89CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A4FD0D, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A4FE2A
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 70890315a4296dfe4fe73ca65d2f257f8ac056998ac2927408490d843b54f7e2
                                        • Instruction ID: e300652bbeb2733db5cbf8d8f8961a2fa004dcad20031f29df91d112a30e85d3
                                        • Opcode Fuzzy Hash: 70890315a4296dfe4fe73ca65d2f257f8ac056998ac2927408490d843b54f7e2
                                        • Instruction Fuzzy Hash: 9D51C2B5D00308DFDB14CFA9D884ADEBBB5FF88314F64812AE419AB250DB749946CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A4DDEC, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02A4FE2A
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: b24115fd639e2df21d97e506fc8a544a5ab06125e6eb31645295c948a4a73e96
                                        • Instruction ID: 6aa706bbffd4684bc38a783697b935c334bb2af3b1300965dafe43e60901ee73
                                        • Opcode Fuzzy Hash: b24115fd639e2df21d97e506fc8a544a5ab06125e6eb31645295c948a4a73e96
                                        • Instruction Fuzzy Hash: 9851C1B5D00309DFDB14CFA9D884ADEBBB5BF88314F24812AE819AB211DB749945CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A43DE8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 02A45421
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: a436ad02c9ee04945adb6bd2e1fb9264dec74653bb02d4bcfb66a563d84b178d
                                        • Instruction ID: 3c0798873730bd98989ee0336ac41f75fc0428f7092de007df6d1b0ac2b70659
                                        • Opcode Fuzzy Hash: a436ad02c9ee04945adb6bd2e1fb9264dec74653bb02d4bcfb66a563d84b178d
                                        • Instruction Fuzzy Hash: F041E4B0C04618CFDB24DFA9C88479EBBB1BF98308F608169D409BB251DB75A946CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A4536F, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 02A45421
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 6343558f08f362ccb0e0dbcc8fe847e8ef64cc32722588e92789bfcebd0370cf
                                        • Instruction ID: 04b28b627def0445e8ab5c69261ed8c7142a43fae2076e86700ee8da8ea0870e
                                        • Opcode Fuzzy Hash: 6343558f08f362ccb0e0dbcc8fe847e8ef64cc32722588e92789bfcebd0370cf
                                        • Instruction Fuzzy Hash: 2741E5B1C00618CFDB24DFA9C8847CDBBB1BF98308F608159D419BB251DB75A946CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36FD8, Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F3706D
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 52d9709f7b9afde5963bc97a46e2a36125d2bea6eb11bf0842278aeadef8a038
                                        • Instruction ID: 9fcf24ffb7b7310f7dc2106e2671bd825825cb3c6458449d62705b6ae3671d4f
                                        • Opcode Fuzzy Hash: 52d9709f7b9afde5963bc97a46e2a36125d2bea6eb11bf0842278aeadef8a038
                                        • Instruction Fuzzy Hash: 872125B19002599FCB10CFAAC885BDEBBF4FF48320F108529E859A7351D374A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36FE0, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F3706D
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 8c22bda84f550a4fdf25dd6e7ed3cc5b2a27ef4f4bd498632d4e3f5d3aea7683
                                        • Instruction ID: 4b96101b718138f8956c91f604366a0fd10e69520fff63b33067604c7a01bb4e
                                        • Opcode Fuzzy Hash: 8c22bda84f550a4fdf25dd6e7ed3cc5b2a27ef4f4bd498632d4e3f5d3aea7683
                                        • Instruction Fuzzy Hash: 182114B19002199FCB10DFAAC884BDEBBF4FB48310F00842AE918A3340D778A944CFA4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A49820, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A4B89E,?,?,?,?,?), ref: 02A4B95F
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 58f1a5cb00ef12e1fd9b12336ec4f8a27ce6d64eec70259225d66b9d0992cb6f
                                        • Instruction ID: 3103d595e9c17bd92defcefd5441ec232235f6a3201885d309e509ea11ed7044
                                        • Opcode Fuzzy Hash: 58f1a5cb00ef12e1fd9b12336ec4f8a27ce6d64eec70259225d66b9d0992cb6f
                                        • Instruction Fuzzy Hash: 822105B5D00208DFDB10CFA9D884ADEBBF8EB48324F14841AE954B3310D774A954CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36E60, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F36EE7
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: c6870a332ce61ecadcc345fc4c9d0f3770e5adab2ad0b7592467b2540439d483
                                        • Instruction ID: 4fc3d4fb6fb817ada3dc7e38b67da28e6410cb37f34b46d776c27ce4bae7e49f
                                        • Opcode Fuzzy Hash: c6870a332ce61ecadcc345fc4c9d0f3770e5adab2ad0b7592467b2540439d483
                                        • Instruction Fuzzy Hash: 2A21F3B5901359AFCB10CFAAD884BDEBBF4FB48320F10852AE958A7610D3759945CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36DA0, Relevance: 1.6, APIs: 1, Instructions: 64threadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 06F36E1F
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: ContextThread
                                        • String ID:
                                        • API String ID: 1591575202-0
                                        • Opcode ID: 48b25cfdc63852beed63c5b0776b5ec2bbce34dffe4a01c9bbdde31991c370d9
                                        • Instruction ID: 72110d06bab20ad2f9357d30b261121c559c17c47a1b1f462e5f11f9a9c1fc28
                                        • Opcode Fuzzy Hash: 48b25cfdc63852beed63c5b0776b5ec2bbce34dffe4a01c9bbdde31991c370d9
                                        • Instruction Fuzzy Hash: 4E2135B1D002199FCB10CFAAC884BEEFBF4BB48324F14812AE418E3240D774A945CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A4B8D0, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A4B89E,?,?,?,?,?), ref: 02A4B95F
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 2e448f0c8e4264f882863fe1d1e72d15b18a1bc68c3d48e0700f22fc9e0e8a44
                                        • Instruction ID: ba1d0f7b628b86a287215441f72cdc3802119d9a1bceb489e58f1a5c13be380f
                                        • Opcode Fuzzy Hash: 2e448f0c8e4264f882863fe1d1e72d15b18a1bc68c3d48e0700f22fc9e0e8a44
                                        • Instruction Fuzzy Hash: 87212EB5900208DFCB00CFA9D984AEEBBF4FB48324F14841AE954A3310C778AA54CFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36E68, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F36EE7
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 87596d8897cbb8de530ab293602609d0674e2e4bac0b546cd267de9661dc0f7f
                                        • Instruction ID: 98ce77408b0a4f3f5a2244f2392977478d6a6fc06816f11600e43b6e3e963aff
                                        • Opcode Fuzzy Hash: 87596d8897cbb8de530ab293602609d0674e2e4bac0b546cd267de9661dc0f7f
                                        • Instruction Fuzzy Hash: 2821E2B59003599FCB10CF9AD884BDEBBF4FB48320F50842AE958A7350D374A944CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36DA8, Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 06F36E1F
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: ContextThread
                                        • String ID:
                                        • API String ID: 1591575202-0
                                        • Opcode ID: d656d9591f660acb86b89571745b10233806b6fa23a7d965cbc57e2c711f2ce8
                                        • Instruction ID: c0e674fa1a8e40a014e4506cc2724e55f0ad6fd4df6a4fc2c58d6d05b70f29f4
                                        • Opcode Fuzzy Hash: d656d9591f660acb86b89571745b10233806b6fa23a7d965cbc57e2c711f2ce8
                                        • Instruction Fuzzy Hash: D22106B1D006199FCB10DF9AC8857EEFBF4BB48224F54812AE418E3740D778A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A49498, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A49971,00000800,00000000,00000000), ref: 02A49B82
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 7b7720dfa11f01f5e423c7047bc7248f48f29b5add1f35215e0af5099d209710
                                        • Instruction ID: b845423d4c289953108a5d6e62d5adb5598394ae164c84e6bd5e837e43469fc2
                                        • Opcode Fuzzy Hash: 7b7720dfa11f01f5e423c7047bc7248f48f29b5add1f35215e0af5099d209710
                                        • Instruction Fuzzy Hash: E31103B69003099FDB10DF9AD444ADFFBF8EB98324F10842AE555B7200C774A946CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E8AE8, Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: <l
                                        • API String ID: 0-336738149
                                        • Opcode ID: e378a064192781f579357dd2754730402cc94fcc9428d30e47c6ef9d2960889f
                                        • Instruction ID: baf86a82d6599881a5e95d42fcfdcceab86ab6d54046fa3a4b81262a5ea14c6f
                                        • Opcode Fuzzy Hash: e378a064192781f579357dd2754730402cc94fcc9428d30e47c6ef9d2960889f
                                        • Instruction Fuzzy Hash: F9C15C34B001099FCF14DF68D859AAE7BF6AF89256F15806AF506EB790CB34DC42CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A49889, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02A498F6
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: f1ad202e460b921d3d730175fc6acb4d78eeac2c23e782c525bdcb198dc1e110
                                        • Instruction ID: bd32f890f9aab310d0f7d959fc816bbfc621018b5f06a4b50bf26535dc490078
                                        • Opcode Fuzzy Hash: f1ad202e460b921d3d730175fc6acb4d78eeac2c23e782c525bdcb198dc1e110
                                        • Instruction Fuzzy Hash: ED1114B6D002498FCB10CF9AC884ADFBBF4EB89224F14845AD469A7611D774A546CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36F30, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F36FA3
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 44f6f8b3c0ab981477d25773e9c657a1dc486966616ddeac073a404f8be2ddb9
                                        • Instruction ID: cdadfa047514a07ef69770bf34f232b4ad9dd9c9387768ea7d2ada49164936ef
                                        • Opcode Fuzzy Hash: 44f6f8b3c0ab981477d25773e9c657a1dc486966616ddeac073a404f8be2ddb9
                                        • Instruction Fuzzy Hash: 941116B58002499FCB20DF9AD884BDEBFF4FF48324F148419E518A7211D375A544CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F374B0, Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,?,?,?), ref: 06F37515
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 8f2e96be35a7a696833c4060b4a8734371c8357d6c7c12defd48fd921501bce2
                                        • Instruction ID: ed7dadf431db594b40aab60e0703e835a7da05a2836443c80549341bbe29ecd7
                                        • Opcode Fuzzy Hash: 8f2e96be35a7a696833c4060b4a8734371c8357d6c7c12defd48fd921501bce2
                                        • Instruction Fuzzy Hash: 8211F5B58002489FDB60DF9AD884BDFBFF8EB59324F108519E455A7600C375A945CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A49B14, Relevance: 1.5, APIs: 1, Instructions: 49libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A49971,00000800,00000000,00000000), ref: 02A49B82
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 559994e10ca042ae41b7a2b72e1bb54653de9ec4ead1827d5195bb34550cbe0a
                                        • Instruction ID: db0246684a42e68b9891cc9c2788d16015fbe9ef870f04f83230252adce6aef4
                                        • Opcode Fuzzy Hash: 559994e10ca042ae41b7a2b72e1bb54653de9ec4ead1827d5195bb34550cbe0a
                                        • Instruction Fuzzy Hash: 8D1134B6D003098FDB10CFAAD544BDEFBF5AB88328F14842AD959A7700C775A546CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F36F38, Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F36FA3
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 579b420d7cd8cba5cc51028a3e19bf11e320ec7a234092aaaf4f5d794bf347d2
                                        • Instruction ID: 42ecdf91a76fbb864c4a61f4f49f15fb1db64a359d4a9c25e3550a6bd308994f
                                        • Opcode Fuzzy Hash: 579b420d7cd8cba5cc51028a3e19bf11e320ec7a234092aaaf4f5d794bf347d2
                                        • Instruction Fuzzy Hash: CD11F2B59002599FCB20DF9AD884BDEBBF4FB88324F148419E929A7210D775A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 02A49890, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02A498F6
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.372694303.0000000002A40000.00000040.00000001.sdmp, Offset: 02A40000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 5825ddf5d01030cd123f92471f8d1d993c8cb0abc4a5fd8b3ac366b43125e59b
                                        • Instruction ID: 41e12a0f1c43ee529c11928b58705519ab84e71129468a07a271c210b5e65807
                                        • Opcode Fuzzy Hash: 5825ddf5d01030cd123f92471f8d1d993c8cb0abc4a5fd8b3ac366b43125e59b
                                        • Instruction Fuzzy Hash: CC110FB5D002498FCB20DF9AC884ADFFBF4EB88224F10841AD429B7600C774A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F37190, Relevance: 1.5, APIs: 1, Instructions: 45threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: eda992adaac9b7ae52340265d54d9be680c142bb9697248efc4b67ee5abc6d89
                                        • Instruction ID: 9c06225b81b2123c49dc982cbab23cfcbdefe4e4415d067d2257305889c2e431
                                        • Opcode Fuzzy Hash: eda992adaac9b7ae52340265d54d9be680c142bb9697248efc4b67ee5abc6d89
                                        • Instruction Fuzzy Hash: 0C1106B5900259CFCB10DF9AD988BDEBBF4AB48324F24845AE559B7200C375A544CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F374B8, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,?,?,?), ref: 06F37515
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: f4b53ee1be4b1b3642d5317551ad6e696b91559c68bbed8d9c95c6d583a58ac4
                                        • Instruction ID: dcbc59c891c10ccd48ea740f22936a83dc973315cd0c070b0d39b66049e4f13a
                                        • Opcode Fuzzy Hash: f4b53ee1be4b1b3642d5317551ad6e696b91559c68bbed8d9c95c6d583a58ac4
                                        • Instruction Fuzzy Hash: B411E2B58003599FDB60DF9AD888BDEBBF8FB48324F10881AE555A7700D375A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 06F37198, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386801818.0000000006F30000.00000040.00000001.sdmp, Offset: 06F30000, based on PE: false
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 2f5d92ef6d97b52a076e0e28d5396c97be0eb2215de3acc26d4c15d47168b26b
                                        • Instruction ID: e586f49b1c8a3497002d95b90398833dbf1c34a748de113fe7f1b2616af58249
                                        • Opcode Fuzzy Hash: 2f5d92ef6d97b52a076e0e28d5396c97be0eb2215de3acc26d4c15d47168b26b
                                        • Instruction Fuzzy Hash: 471112B58002598FCB20EF9AD884BDEBBF4EB48324F20841AD519A3300C774A944CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9468, Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: `l
                                        • API String ID: 0-379310572
                                        • Opcode ID: 035b23d57e1a2c230f45cf568ab7c02854f70e4bf114fd3a4183c17f6c277180
                                        • Instruction ID: 3098b3202d0f40410531cdb84ec808f1bbbb566fe1805ddcd301821a8b6b8124
                                        • Opcode Fuzzy Hash: 035b23d57e1a2c230f45cf568ab7c02854f70e4bf114fd3a4183c17f6c277180
                                        • Instruction Fuzzy Hash: 1B912635D00219DFDB24DFA5C984BDEFBB2BF49305F1084A9E408AB251DB719A8ACF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9458, Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: `l
                                        • API String ID: 0-379310572
                                        • Opcode ID: 3a40e4c2f269866a9c8652dac847df3505fad41f5c9acfc1cb8ef0aa79c57846
                                        • Instruction ID: 4ae59d73b77c6a609661ab6f63386503fbd4e0d6d0da34286f4fa84843162484
                                        • Opcode Fuzzy Hash: 3a40e4c2f269866a9c8652dac847df3505fad41f5c9acfc1cb8ef0aa79c57846
                                        • Instruction Fuzzy Hash: DB311B71D01219DFDB18DFA6D8447DEBBB2AF85301F10C5AAD408B7251DB345A8ACF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBCF2, Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: n0p
                                        • API String ID: 0-778890183
                                        • Opcode ID: a1433bb4426597b0f3a7ca0ed30e9c5799c8ae7c6ce104e6cb74254e5db16a1f
                                        • Instruction ID: a79a4ab8a6c08afc8ec3accc3801f15ffbb1c0720a1cb05efe2ab6d0a3be669b
                                        • Opcode Fuzzy Hash: a1433bb4426597b0f3a7ca0ed30e9c5799c8ae7c6ce104e6cb74254e5db16a1f
                                        • Instruction Fuzzy Hash: 62310974E052499FCB44CFA9C5819AEBBF2EF89311F24C9AAD014B7315D7349A41CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBD00, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: n0p
                                        • API String ID: 0-778890183
                                        • Opcode ID: 21abfcd7342d6fd9f1f3f5bc00ef0932e6416bea1c08680142effa3fb8420567
                                        • Instruction ID: 1299dd1e10eb721a0cc9a704cc71b2adce132445ca0e53326ea1e88db23a61d3
                                        • Opcode Fuzzy Hash: 21abfcd7342d6fd9f1f3f5bc00ef0932e6416bea1c08680142effa3fb8420567
                                        • Instruction Fuzzy Hash: B4310974E04209DFCB44CFAAC5819AEFBF2EB88311F24D9AAD418B7315D7349A418F51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0548, Relevance: .5, Instructions: 479COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 994766960215a9a156510610e504682c384cafd19252f5cfe1fc46ea100c1b8a
                                        • Instruction ID: c680d28b95cae9fc122e116e053cfde92443fa13bc7100259dabed426269cb0a
                                        • Opcode Fuzzy Hash: 994766960215a9a156510610e504682c384cafd19252f5cfe1fc46ea100c1b8a
                                        • Instruction Fuzzy Hash: AB225D35A00709DFDB15DF64C8406DDBBB2FF95305F10869AE859AB250EB70EA86CF81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E8AD8, Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 611746b8b97bea7ac2026ee8929ba73107da954069af2e0f48fb1fbacca810f7
                                        • Instruction ID: af6e1c57e4d0e1caa0a94411cf6667270ed0afe018dc8e859377213c461f1288
                                        • Opcode Fuzzy Hash: 611746b8b97bea7ac2026ee8929ba73107da954069af2e0f48fb1fbacca810f7
                                        • Instruction Fuzzy Hash: 87510274E01219DFCF24DF68D988AAEBBF5AF49716F14846AF805AB360D7309841CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E4997, Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 937871c75fed4ca28c830085668130bbf206a17514540851c41790fd024b5173
                                        • Instruction ID: 80983b7637bd9703921b6639da4c89e5e4655d7c35b25540e48e64804e70a21b
                                        • Opcode Fuzzy Hash: 937871c75fed4ca28c830085668130bbf206a17514540851c41790fd024b5173
                                        • Instruction Fuzzy Hash: A0414B31B0021A9FCF24AF64D895AAE7BA7EF84216F148429F90297394CB34DD52CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E2A67, Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2f93eb7ef4576ea0edfe8cadb2a78b53692ffb1fd3a2b422489df328db54748
                                        • Instruction ID: f4f7c13d259c5ae1f0dc271daba81b49c604570744893a769befb06bd8daeb54
                                        • Opcode Fuzzy Hash: c2f93eb7ef4576ea0edfe8cadb2a78b53692ffb1fd3a2b422489df328db54748
                                        • Instruction Fuzzy Hash: 40519074E002098FCB48CFA9D58099DBBF2FF89301F24806AE515BB365DB30A905CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9D80, Relevance: .1, Instructions: 114COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d52f0b685596be3c87239ac7f465daeef6e576c794f2e1ff4167c67b6b89da2
                                        • Instruction ID: 3a8bc9af7de937a51f1bd623b35df2a7e22ee23bee2d243e10cfbbbe51c2d050
                                        • Opcode Fuzzy Hash: 7d52f0b685596be3c87239ac7f465daeef6e576c794f2e1ff4167c67b6b89da2
                                        • Instruction Fuzzy Hash: 11412774E012489FDB04CFAAC840AEEFFF2AF89301F14C16AE414AB355DB349946CB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E88B0, Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 929e451e7c366f3c19264d9e20969bbc737c95cbc60360273816c4270aabe440
                                        • Instruction ID: 955b514299305b8a5c85332b98f10fba387cb20c9439f58019e05796f1c8af8d
                                        • Opcode Fuzzy Hash: 929e451e7c366f3c19264d9e20969bbc737c95cbc60360273816c4270aabe440
                                        • Instruction Fuzzy Hash: 1541C374E002089FDB14DFE9D850AEEBBB6EF88300F108029E915BB398DB759946CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E2A78, Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e442fe9acee616e33fa91d307210439a35ad6f8db6f16d4424f9243a2ec831c5
                                        • Instruction ID: 9929652198af9fd45206f116d99e57843bf48fd754935714fb3592be45776f10
                                        • Opcode Fuzzy Hash: e442fe9acee616e33fa91d307210439a35ad6f8db6f16d4424f9243a2ec831c5
                                        • Instruction Fuzzy Hash: 38516DB4E002189FCB48DFA9D58499EBBF2FF89301F248069E515BB364DB30A905CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9F58, Relevance: .1, Instructions: 107COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 17ab02b79fee9393565f366d8d6de426fe23d388776db9b1bdf714c112fa2e49
                                        • Instruction ID: 26e59a169edea0f0e90f794c3860e26fd4da8b3c09fa5593e665a6901573c99e
                                        • Opcode Fuzzy Hash: 17ab02b79fee9393565f366d8d6de426fe23d388776db9b1bdf714c112fa2e49
                                        • Instruction Fuzzy Hash: FB410A74E01218AFDB08CFA9D884A9EBBF2AF89300F149129E405BB364DB705D46CF55
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E9F68, Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9b765e08f18b6894f547f81f400196e7de1bef1995c5a2c2aa2b665fb1ed534f
                                        • Instruction ID: 3bb5bcc31c5d7aa241811a62ef363fd9c50b961d1f35b8c68c02cb85436da014
                                        • Opcode Fuzzy Hash: 9b765e08f18b6894f547f81f400196e7de1bef1995c5a2c2aa2b665fb1ed534f
                                        • Instruction Fuzzy Hash: F241E574E002189FDB08CFA5D884A9EBBF2BF89300F20912AE405BB364DB749D46CF55
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EA130, Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9d4e9de0f7429bf201d9521fa5a07f378a2a4540d3bf2cd2abaa9e2c95dc1203
                                        • Instruction ID: e3b7b3fb11acb192550f1fbab7cb98f42af0d256692251e058240e81b79ea3c5
                                        • Opcode Fuzzy Hash: 9d4e9de0f7429bf201d9521fa5a07f378a2a4540d3bf2cd2abaa9e2c95dc1203
                                        • Instruction Fuzzy Hash: 2631D230E15208DFCB04EFB8D48999EBFB1EF51205F2489EED405AB756DB318A0ADB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E1280, Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d48aecb09750d83d9f01556736f68bd71f937d1342ff9d81990c562d5ce6f6b
                                        • Instruction ID: 974811ea4cb1309b374d8106f16c454f6d1fedbd59fe6b8d58e2f4458e973b93
                                        • Opcode Fuzzy Hash: 0d48aecb09750d83d9f01556736f68bd71f937d1342ff9d81990c562d5ce6f6b
                                        • Instruction Fuzzy Hash: E2218135E006198FCB00EB79D8446BEB7F4FF89312F00466AE519E7350EB709945CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBBE8, Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3255180c173cbe0822f5691c132a5d6045b2c7188c418940fde65d50bf0833c
                                        • Instruction ID: 04698be2756f6897e60c8e09946f47fabfdc9c879c2b28d6f7c3a5d6679dc786
                                        • Opcode Fuzzy Hash: a3255180c173cbe0822f5691c132a5d6045b2c7188c418940fde65d50bf0833c
                                        • Instruction Fuzzy Hash: 8031E7B4E042099FCB44CFA9C5809AEBBF1EF89211F1085AAD819E7715D7749A41CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E4658, Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 711b14120fa03f462df935241219f2a8d0b5ada1c7db5c83028efd6a477b8e37
                                        • Instruction ID: efd2fc11657eb33d25f0a6014786b554022852fb53fd4c6979319a082309028a
                                        • Opcode Fuzzy Hash: 711b14120fa03f462df935241219f2a8d0b5ada1c7db5c83028efd6a477b8e37
                                        • Instruction Fuzzy Hash: 3B214F35B005168FCB10DFB8C484A9EBBF5EF49212F1540AAE905DB362DB74ED86CB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E3D4C4, Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371754659.0000000000E3D000.00000040.00000001.sdmp, Offset: 00E3D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d0e051ab7f171fe5f2407b2fe6206847c884dad222e0c7a8949f1097c262aab
                                        • Instruction ID: e89ac30c4e12304e03b4884d61e7aee7534dd9da61887a5681b2c97a63d4350f
                                        • Opcode Fuzzy Hash: 0d0e051ab7f171fe5f2407b2fe6206847c884dad222e0c7a8949f1097c262aab
                                        • Instruction Fuzzy Hash: 4A2137B1508240EFCB11DF14EDC4B66BF65FB8832CF24C5A9E8055B646C336D856CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E4202, Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d22386375e646265047eedfb39e1865fe2b179422fc9abc4cc9f6f14d8975aac
                                        • Instruction ID: 257568f3719e503a4a1d91e72a8b18ab0994b0d01d3764347b41d85c8fd22df4
                                        • Opcode Fuzzy Hash: d22386375e646265047eedfb39e1865fe2b179422fc9abc4cc9f6f14d8975aac
                                        • Instruction Fuzzy Hash: 21318971A04208EFCF05DFA4D8549DDBFB1EF49212F0484AAF901AB291DA309C45CB66
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0C18, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db727202a9c04ce53dd32d9c3e6b4d71e9f5ac3052b88810ecbbc745b315d1bb
                                        • Instruction ID: a3fbd1776361e5379f247110c3fd42a91fa461f702d5e666ad739b3528d5b02f
                                        • Opcode Fuzzy Hash: db727202a9c04ce53dd32d9c3e6b4d71e9f5ac3052b88810ecbbc745b315d1bb
                                        • Instruction Fuzzy Hash: 28217F79B016468FCF44DF78C8845AEBBB6FF8930171041AAD905E7351EB30A90ACBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E4D1D4, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371804881.0000000000E4D000.00000040.00000001.sdmp, Offset: 00E4D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e13cdb369605a8e80c342738816c4c0a45eeb0a35985472e6e61e0212c202c46
                                        • Instruction ID: 9d5ae68dcb5f57ef0bb41ceb31a76554659102a7b72c367bddd0ea17f7e180fd
                                        • Opcode Fuzzy Hash: e13cdb369605a8e80c342738816c4c0a45eeb0a35985472e6e61e0212c202c46
                                        • Instruction Fuzzy Hash: 672149B1508200DFCB01DF50EDC0B26BBA5FB84318F20C6ADE8096B752C376D806CB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E4D01C, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371804881.0000000000E4D000.00000040.00000001.sdmp, Offset: 00E4D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 86297b253ebeef31653f13008d66c0625e3a5302b3673044e95de51088363f80
                                        • Instruction ID: 12bd0622fb04391a3a6f3bfb3769515a3824a0d0d1f88701a13c410425b8b3b4
                                        • Opcode Fuzzy Hash: 86297b253ebeef31653f13008d66c0625e3a5302b3673044e95de51088363f80
                                        • Instruction Fuzzy Hash: 1621F2B1508240DFCB14DF24EDC4B26BB66FB84318F24C9A9E80A5B746C73AD847CA61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0C28, Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a126ad8006f8c47b73249490e01219d8c07f4baaab295c18b703dc608c5d4f8c
                                        • Instruction ID: ea9795e92759f76a595c1c803fbffe0194067c6007ae1f456aeb3452a40dde30
                                        • Opcode Fuzzy Hash: a126ad8006f8c47b73249490e01219d8c07f4baaab295c18b703dc608c5d4f8c
                                        • Instruction Fuzzy Hash: CE213075F0060A8FCF44EF69C8848AEB7B5FF893007508669E905B7311EB70A946CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBBF8, Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3ab6f4267fd1155fb1e2e5c5dc46ff97e37e6a9b79946b330e0fc07e667064d
                                        • Instruction ID: 252fe67c1170c73148195510e62142b6174171337cb861e1d34dc11e429f5f88
                                        • Opcode Fuzzy Hash: a3ab6f4267fd1155fb1e2e5c5dc46ff97e37e6a9b79946b330e0fc07e667064d
                                        • Instruction Fuzzy Hash: 013186B4E04209DFCB44CFA9C580AAEBBF1FB88211F1085AAD819A7755D774AA41CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E2950, Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5f51a559ab1a0a5d6f0124f622645c93f34df5690fe2ec1313ad0aabf949915
                                        • Instruction ID: 2f26fca36b802cb7e8235670e22a80da22397652c11ae423cebd379a616468b7
                                        • Opcode Fuzzy Hash: f5f51a559ab1a0a5d6f0124f622645c93f34df5690fe2ec1313ad0aabf949915
                                        • Instruction Fuzzy Hash: 7D21A2B4E01219CFCB44DFA9C5806EEBBF5BB48305F24916AD808B7344E7745A41CBA4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0E0F, Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 06bf8020614a5be434593145c4c8896407e2e303164c721c7045fe85fb908449
                                        • Instruction ID: 0a46596f68ce3c18b64c7bd89ea1c3f0b3a2deab008ae165fe6ffd558e03a9b9
                                        • Opcode Fuzzy Hash: 06bf8020614a5be434593145c4c8896407e2e303164c721c7045fe85fb908449
                                        • Instruction Fuzzy Hash: 6E219332F10A168BDB21EE6D98811BFB7F2FFC5611F14857ED515A7300DAB899428B81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ED998, Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: df50e57bd7f887bd2d86a83217aea17f5c84031225209603e0adedbc281ee2d8
                                        • Instruction ID: 5571de83caf1f3ba1e3d510807de22c1f79ab3c3ecd62ad1706294ac11272c58
                                        • Opcode Fuzzy Hash: df50e57bd7f887bd2d86a83217aea17f5c84031225209603e0adedbc281ee2d8
                                        • Instruction Fuzzy Hash: 2B212C74E05208AFCB44CFA9C945A9EBFF2EF49200F15C1EAD414AB266D7319A41DB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E4D005, Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371804881.0000000000E4D000.00000040.00000001.sdmp, Offset: 00E4D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d76efe9c43a73dc7475d2fec40aab8ac0871a046f5761056b68c18e69ecf679c
                                        • Instruction ID: 940e528a1e66323fb1b8da127cff2aeb3da6f8a795c526864ae4ef63b662acf2
                                        • Opcode Fuzzy Hash: d76efe9c43a73dc7475d2fec40aab8ac0871a046f5761056b68c18e69ecf679c
                                        • Instruction Fuzzy Hash: 3821507550D3C08FCB12CF24D994715BF71EB46314F29C5EAD8498B697C33A984ACB62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E3D4BF, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371754659.0000000000E3D000.00000040.00000001.sdmp, Offset: 00E3D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c44e5517e690f366dff050201c0b94941bd0826892d3e316883c0148e970eb9
                                        • Instruction ID: 7e04d39648682aefe2b48cb1c6ce0e033e00da82e289298fe953bdced2b820b2
                                        • Opcode Fuzzy Hash: 4c44e5517e690f366dff050201c0b94941bd0826892d3e316883c0148e970eb9
                                        • Instruction Fuzzy Hash: B311E676504280DFCF12CF14E9C4B16BF71FB84328F24C6A9D8455B616C336D85ACBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E2940, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 55e1b5f4243f86fca769be1adfaa0bf8d80f5d2352bd7b5409d67f55a4002820
                                        • Instruction ID: 03c4983472b5f053f8ff2e31740c97d152e88a49f94d00a59bcf2b77a18e9337
                                        • Opcode Fuzzy Hash: 55e1b5f4243f86fca769be1adfaa0bf8d80f5d2352bd7b5409d67f55a4002820
                                        • Instruction Fuzzy Hash: 6F2100B4E05219CFCB44CFAAD4403EEBBF1AF49305F2491AAE808E7251E7744A45CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ED9A8, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2bed52658a219f583f4def8050ad5c4b4ac2e7b7aa2369fedc43672f0a2742f9
                                        • Instruction ID: e6bd6a5918e3c9064079a2462193a5c57be3cf1245f49d48299bb94ca0dac3c2
                                        • Opcode Fuzzy Hash: 2bed52658a219f583f4def8050ad5c4b4ac2e7b7aa2369fedc43672f0a2742f9
                                        • Instruction Fuzzy Hash: 0B11F974E04208DFCB44DFA9D544A9EBBF2EB88201F15C4AAD819AB355D7709A41DB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EEF30, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3f1277ed78e28eb5e62c55a2adbe59e866d1584fb546890900999055f46f1d75
                                        • Instruction ID: e3813cb8af6790146aa86af0fcc9bcbdbed7842093282092a177dc7a10ce7b6c
                                        • Opcode Fuzzy Hash: 3f1277ed78e28eb5e62c55a2adbe59e866d1584fb546890900999055f46f1d75
                                        • Instruction Fuzzy Hash: 96115874D002999FCB10DBA8C8409EFBFF5BF49311F1484AAE551AB242C7389A45CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E4D1CF, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371804881.0000000000E4D000.00000040.00000001.sdmp, Offset: 00E4D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction ID: e17784d67748a8ca323255b5f7f7944a8b0119bfa5c80aa61d8afeeefbdb9711
                                        • Opcode Fuzzy Hash: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction Fuzzy Hash: 3D11BE75908280DFCB11CF10D9C4B15FBB1FB84328F24C6A9D8495B666C37AD85ACB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0441, Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e15c1d46c303edbfa6c61124be0379da939432545d6b3d0b7ded53245c84edbd
                                        • Instruction ID: 61c8d2d666ba149620f9764dd957f3802f01b3647904489a6c26f6f9cac7c390
                                        • Opcode Fuzzy Hash: e15c1d46c303edbfa6c61124be0379da939432545d6b3d0b7ded53245c84edbd
                                        • Instruction Fuzzy Hash: 8101DE3291069A9ACB11AFB4D8409D9BF31FF8A304B11866BE04567151E770A699C791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E3D745, Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371754659.0000000000E3D000.00000040.00000001.sdmp, Offset: 00E3D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 14c22b070512d862632e4d2ef21bd805510987d0d037ea975fedeb9d93f58228
                                        • Instruction ID: 8634fdc067fb0c9900f0db8c6a09ecf7582fb3c71a4c425b3c4dbcba6a414d3b
                                        • Opcode Fuzzy Hash: 14c22b070512d862632e4d2ef21bd805510987d0d037ea975fedeb9d93f58228
                                        • Instruction Fuzzy Hash: 1601F77140C3809AE7205F26EC88BA6BF9CEF41378F18855BFE056B246D3799844CAB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0338, Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c369a24feac58aaccee8d234eca95018fb40e265e94c42001de004bea0680f1c
                                        • Instruction ID: ac59a57a066d4dd2a6749d5184ec07d28c988c82e7ebf0c9d4546c12b17b8575
                                        • Opcode Fuzzy Hash: c369a24feac58aaccee8d234eca95018fb40e265e94c42001de004bea0680f1c
                                        • Instruction Fuzzy Hash: 4F11E534E006468FDB14DF69C8047AEBBB1FF45314F14425AD866AB3D2DB749516CF84
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EEF40, Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e193115cd3c386b3ef98cf5d51aea5c6cc90c782410c5a0e60484a104e20203c
                                        • Instruction ID: d9644d7bf5d79c6ad967485ee9cf16099f5221fc00e40dd59c8c59b171272275
                                        • Opcode Fuzzy Hash: e193115cd3c386b3ef98cf5d51aea5c6cc90c782410c5a0e60484a104e20203c
                                        • Instruction Fuzzy Hash: 5D113974D0025A9FCB00DFA9C8449EEBBF5BB4C301F10846AE554A7340D735AA41CFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0348, Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2a63ae7c80bb03ecaff4134d7cc239280d6a094f602586339b2d00e734559c1
                                        • Instruction ID: 0554b765610abefaa331b210f85b87421727ab684da9dfa32075e4fb647142c6
                                        • Opcode Fuzzy Hash: b2a63ae7c80bb03ecaff4134d7cc239280d6a094f602586339b2d00e734559c1
                                        • Instruction Fuzzy Hash: 3C018034E006098FDB04EFA9C8547AEBBB1EF45304F10452AD429E7391DB749916CFC4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0D18, Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: abfc0644173c26af8bb33d4a9566ca105d49dadf2541136f690024add9ec3751
                                        • Instruction ID: 68db3d2523827bdd422eb183ca52a50a6c44d2f00590f05c30d390b81167cb8b
                                        • Opcode Fuzzy Hash: abfc0644173c26af8bb33d4a9566ca105d49dadf2541136f690024add9ec3751
                                        • Instruction Fuzzy Hash: AD0186347001418FD7549739D854D6A77EAEF89515B2980EAE509CB3B2CE61DC06CB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0D90, Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b6d427c375e5ab0dad96b44c3b5193c2d1a152069a2441378251695aac0ff886
                                        • Instruction ID: f6b82564993d2a517dfc16a34a5e7c247dcfe3098c9aa74090697787c857cd6f
                                        • Opcode Fuzzy Hash: b6d427c375e5ab0dad96b44c3b5193c2d1a152069a2441378251695aac0ff886
                                        • Instruction Fuzzy Hash: D1F0C23A6497C20BC71357385864599BFB19F8353131C42DBD9E4CB2B3CA1858478396
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00E3D744, Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.371754659.0000000000E3D000.00000040.00000001.sdmp, Offset: 00E3D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f81eaa2777195c7326da97cea6456abda503db9475941c407ad2213faf107e8c
                                        • Instruction ID: aa6a4ec009d4dc0db4e5f45e1ba9ba6effad5ec2513c9fb670321aaf258d0f4a
                                        • Opcode Fuzzy Hash: f81eaa2777195c7326da97cea6456abda503db9475941c407ad2213faf107e8c
                                        • Instruction Fuzzy Hash: D6F06271408284AEEB109E16DC88BA2FF98EB51778F18C45AED085B786C3799C44CAB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ECE85, Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1525ea643f91afb95d462e00d9af7ba2d96deafd983baf25a29e6f5a9d5c4702
                                        • Instruction ID: 2954befb6b1e8440c4a26ab21018654e4673799d6eaeeacb5e96870426edc064
                                        • Opcode Fuzzy Hash: 1525ea643f91afb95d462e00d9af7ba2d96deafd983baf25a29e6f5a9d5c4702
                                        • Instruction Fuzzy Hash: 38112878901268CFCB65CFA5C980B98BBB1FB48311F5051EAE909A7325D7359E81DF20
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E977F, Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b7b71683caf6c749cca301c7988f1f987890603e0ddeb54b65b17a7b38d49778
                                        • Instruction ID: 6430e28c0c9a4af6302151cb4e8a445b3c10e66ca8d6e04d836b00d6a87d938b
                                        • Opcode Fuzzy Hash: b7b71683caf6c749cca301c7988f1f987890603e0ddeb54b65b17a7b38d49778
                                        • Instruction Fuzzy Hash: 2AE04F613493502B831A666E98904AEAFEEDEC703231A81BFF09CCB612D9554807C361
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBE18, Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 933ae4cc3c2112915009ff1a897552c1da845c5a7a193d7b2056578eff187cab
                                        • Instruction ID: 20aa7a8ea48fd3a6e8a61324bcaf31fc0c7888b9a9a4faaccade7486f8d6f254
                                        • Opcode Fuzzy Hash: 933ae4cc3c2112915009ff1a897552c1da845c5a7a193d7b2056578eff187cab
                                        • Instruction Fuzzy Hash: 02F04970C093889FCB05CFB8C48459EBFB0EB1A211F1085DED844AB202C3754905DF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0BD0, Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 88071d1245ae28b8c5d60f74588ab71b82621b13a747e606e89773b75b04dcf2
                                        • Instruction ID: e89363d2028a3b6c9d49520f43e1043815f4991450b09370c518fa7c118a0b15
                                        • Opcode Fuzzy Hash: 88071d1245ae28b8c5d60f74588ab71b82621b13a747e606e89773b75b04dcf2
                                        • Instruction Fuzzy Hash: B1E06D71B80A684B9708EB7EA51086AB6DBAFC8614394C57ED40D8B665ED70E9028E90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E4647, Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4a2b886525a16efe4c062a1969a1651e0919f150a976448cc9edb8f534640f16
                                        • Instruction ID: 55e58264cf40c84121afb810b97ab73681a02d5f26ec99942ec7c74d40f5bacf
                                        • Opcode Fuzzy Hash: 4a2b886525a16efe4c062a1969a1651e0919f150a976448cc9edb8f534640f16
                                        • Instruction Fuzzy Hash: 1AF0E530609381AFCB121BB8FC5899BBFAC8F97262F0540BBF940C6153C6748419C732
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EAB97, Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c946e19ee0aaf65fa6ff5cbf64b97eefd9d2534e4b2375b55bd60508f475f94
                                        • Instruction ID: 1ebaa3ad92d081836c19abb250ba30eba82311b2b67c336df75dfd1d5b1ca949
                                        • Opcode Fuzzy Hash: 8c946e19ee0aaf65fa6ff5cbf64b97eefd9d2534e4b2375b55bd60508f475f94
                                        • Instruction Fuzzy Hash: 21F0F970D042288FDB54DBA5C841B8ABBB1AF88300F00D0EBD00DBB255DB348E858F21
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E420C, Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 778416d46f4387ac2b8c0953db7c2721b6e4bab66fc19f744526a066435c229e
                                        • Instruction ID: 00e93489a28d22c3e956e0cce4e429d59de4a31ae217ef0f226dd5439f14a277
                                        • Opcode Fuzzy Hash: 778416d46f4387ac2b8c0953db7c2721b6e4bab66fc19f744526a066435c229e
                                        • Instruction Fuzzy Hash: 49D05BB17053145713146A5F58C087FFADEEBC912A355447FF14DD3700DD609C028391
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0DC0, Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a52033cf9006757b9a3427aa58c0f50f854432029dbeaa39d9f6fa8cf5f885aa
                                        • Instruction ID: 8d78726a560e78e0411c8e2559fed0f6f10f3f1e46eabfc80d3c19e98aab299e
                                        • Opcode Fuzzy Hash: a52033cf9006757b9a3427aa58c0f50f854432029dbeaa39d9f6fa8cf5f885aa
                                        • Instruction Fuzzy Hash: 61E0C232790E64034A2A321DA828D6E62CBDBC5623318452AE055C7B10CD59EC0282D9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0BC1, Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d400aee6229cbb36699ce2f68ae2e4c0df2fcc8a1b8148a8e6768c2f8180774
                                        • Instruction ID: 48708c3b610efcc14896b06c0331b26253c405d4be03f621e4a2e5bac6096eec
                                        • Opcode Fuzzy Hash: 6d400aee6229cbb36699ce2f68ae2e4c0df2fcc8a1b8148a8e6768c2f8180774
                                        • Instruction Fuzzy Hash: F1E02630A847E04FC309CB3998008667FBBAEC6200308C1AFD88DCB656EE30DD068F94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084ECC1C, Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8636351bfdf7f354f3106eec09d0fbcb41ada0cc06b8cf5549d34d0c3c67748a
                                        • Instruction ID: c92e7a6bf635ab126a7d5f8b5e49e6db412c0fd8184cba5acf17a21dcef912be
                                        • Opcode Fuzzy Hash: 8636351bfdf7f354f3106eec09d0fbcb41ada0cc06b8cf5549d34d0c3c67748a
                                        • Instruction Fuzzy Hash: A5F04D75D05219DFCB61CFA8CA809EDBBF1FB48310F20969AE519A7315D630AA85CF10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EBE28, Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 60020fd5a00273f4f3b7e0311e93fbd780de8435fb79784bc038feb7c1633fce
                                        • Instruction ID: c560ce67a8efa2dac7a1b0a6cd6aabd3a20acd10b454aed856953e28a05a7148
                                        • Opcode Fuzzy Hash: 60020fd5a00273f4f3b7e0311e93fbd780de8435fb79784bc038feb7c1633fce
                                        • Instruction Fuzzy Hash: 93F0C9B4D00218DFCB04DFA8D545AAEBBF5FB08301F1085AAD914A7301D7759A51EF95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E8AA8, Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7715f6b4d5c823fe9521ab1473849d8d95ed27361d5fd4494425d05d8be5c434
                                        • Instruction ID: 5f972bdff5c4ec2c4cc482d19878443890ade3947920b84b88462e1d515e1a6b
                                        • Opcode Fuzzy Hash: 7715f6b4d5c823fe9521ab1473849d8d95ed27361d5fd4494425d05d8be5c434
                                        • Instruction Fuzzy Hash: 58D06235004249BFCF025F91DC45D963F76EF16310F054441FA4599063D6B69565EFA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E0307, Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 914debc52d3050377bcbb7e31827fd31aa212b940e38cf57e5ddf52eda076191
                                        • Instruction ID: 842eecd64be50326693f2e1bbfb28d9b2d97c92e2c094949f1c96fbbd5fd25d5
                                        • Opcode Fuzzy Hash: 914debc52d3050377bcbb7e31827fd31aa212b940e38cf57e5ddf52eda076191
                                        • Instruction Fuzzy Hash: 94D02B2694D3A187EB32863124D128DBB51FF50212F19498FE0E0C6195C0848C4BC791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084EA71E, Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e131e7104e45a5d88e4697705dd29af1f0a4fc0f5db74d34021ae02751879bcf
                                        • Instruction ID: 28b4a2710772fe74b171c86795545750b2eab43c16b762b3a6afe49fa42f1c11
                                        • Opcode Fuzzy Hash: e131e7104e45a5d88e4697705dd29af1f0a4fc0f5db74d34021ae02751879bcf
                                        • Instruction Fuzzy Hash: 28E09270E152299FCBA4DFA4D991B9CB7B2FB85204F1184AAD11EB6224DB315E85CF20
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 084E8AB8, Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2818b7f595570bcfc528d30df3df2c840697f4b4e1aae0bb06c873e7a8cc2f16
                                        • Instruction ID: 28a0a2223e6f7f6c68e79a9525f6594fcaf0f84d9485f06accbaa2c45f0ac084
                                        • Opcode Fuzzy Hash: 2818b7f595570bcfc528d30df3df2c840697f4b4e1aae0bb06c873e7a8cc2f16
                                        • Instruction Fuzzy Hash: F3C0023604420DBFCF025FC1EC05EDA3F2AFB09750F048401FA194406187B39570ABA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 084EECD0, Relevance: 5.2, Strings: 4, Instructions: 160COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000013.00000002.386950731.00000000084E0000.00000040.00000001.sdmp, Offset: 084E0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: /),$/),$_|'$_|'
                                        • API String ID: 0-3327303074
                                        • Opcode ID: 1995cfd1d39ef41722053ad6baf062ba185845ec247a811fb504062bb59e52ec
                                        • Instruction ID: 0784f0fc9c125deff1242e4c807651eb772e477d2e3d96eca344ca93cdcaeee1
                                        • Opcode Fuzzy Hash: 1995cfd1d39ef41722053ad6baf062ba185845ec247a811fb504062bb59e52ec
                                        • Instruction Fuzzy Hash: 497117B4E0421ADFCB04CF99D5809AEFBB2FF48311F14965AE515AB314C734A982CF95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Analysis Process: dhcpmon.exe PID: 5668 Parent PID: 3388 dhcpmon.exeCOMMON

                                        Executed Functions

                                        Function 07DF5720, Relevance: 8.8, Strings: 5, Instructions: 2596COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: <l$<l$D0l$Xcl$Xcl
                                        • API String ID: 0-3012072445
                                        • Opcode ID: 3ad80e2c881e4ef5641241d188a4f53908485b35837066600fff1466bc274d75
                                        • Instruction ID: aedf1b88fe63a3da53f2579e27eee028bafe39fa5bdf9ea44e6480d561bf4af6
                                        • Opcode Fuzzy Hash: 3ad80e2c881e4ef5641241d188a4f53908485b35837066600fff1466bc274d75
                                        • Instruction Fuzzy Hash: DC43FBB4A00219CFCB24DF68C888A9DF7B2BF49314F568595E649AB365CB30ED81CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFD2B0, Relevance: 4.0, Strings: 3, Instructions: 296COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: I[$I[$}pR
                                        • API String ID: 0-2281729398
                                        • Opcode ID: 035ad3fd40f50736eace80e63af5d2169bbf6d766191466a69f25a55aa43bf3d
                                        • Instruction ID: 47225110ee2b07e233942ddaf403740f1c926689d9946c5b25b80b316d05a790
                                        • Opcode Fuzzy Hash: 035ad3fd40f50736eace80e63af5d2169bbf6d766191466a69f25a55aa43bf3d
                                        • Instruction Fuzzy Hash: CBD149B0E1120ADFCB04CFA6C4918AEFBB6FF89301F51A555C615AB214C734EA82CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFD297, Relevance: 2.8, Strings: 2, Instructions: 303COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: I[$}pR
                                        • API String ID: 0-1686705283
                                        • Opcode ID: 25b10cd27bb8480dea1cc13bff83b9d9122e776039a03e5056087bf7f9c977c5
                                        • Instruction ID: 11066d503f3b339d43db997398f1a793ebe4011d5ce1ef8afb6e475ff2dd1d6b
                                        • Opcode Fuzzy Hash: 25b10cd27bb8480dea1cc13bff83b9d9122e776039a03e5056087bf7f9c977c5
                                        • Instruction Fuzzy Hash: 63D15AB0E1120ADFCB04CFA6C4958AEFBB6FF89301F51A555D615AB214D734EA82CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF90C0, Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: d-l
                                        • API String ID: 0-1317474975
                                        • Opcode ID: e82d076c0fbbf26d6679fa9081bc251fb7dd6be9ee7159d100ca3e4c061eb7b2
                                        • Instruction ID: 3d53f68f681d193a85421ab34a8a592c671104ed1a43737ec7d19a3374433e9b
                                        • Opcode Fuzzy Hash: e82d076c0fbbf26d6679fa9081bc251fb7dd6be9ee7159d100ca3e4c061eb7b2
                                        • Instruction Fuzzy Hash: 3191D474E002189FDB54DFA9D895ADEBBB2FF89300F208069E509AB365DB349D41CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF1AE8, Relevance: .9, Instructions: 910COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c8a03b7d84e43e06a50bb10cbd15430e0412f3b3c072903b2da1927658c8b78
                                        • Instruction ID: 8f219960a2191f2a363cee090030e90acf9355299981d6c8c0c504575d2ecb62
                                        • Opcode Fuzzy Hash: 0c8a03b7d84e43e06a50bb10cbd15430e0412f3b3c072903b2da1927658c8b78
                                        • Instruction Fuzzy Hash: 0A9206B1C05269CFEB28CFAAC8483EDFAF5FB49305F1590A9C149A6291D7794AC5DF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF2BD8, Relevance: .9, Instructions: 889COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ecfcbc9d608d5e0ef451310576758df048d59fcf2c5710e4c6bd438b27508a99
                                        • Instruction ID: bb5bf1d29771bd48e80d1aff5c9d565ac5fcae3c53e73f21505802a4a329edfa
                                        • Opcode Fuzzy Hash: ecfcbc9d608d5e0ef451310576758df048d59fcf2c5710e4c6bd438b27508a99
                                        • Instruction Fuzzy Hash: 039206B1D05269CFEB24CFAAC8083EDFAF5BF49305F1590A9D149A6291D7794AC9CF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF4858, Relevance: .7, Instructions: 719COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f0e1d27f4a0178b561d00f50b0d902d877de75c50a0ec91d7c41bc13dc00afba
                                        • Instruction ID: ec61b684c787566eef5daf42fb48737f1df9af0b31234be3ab69e8757932bc07
                                        • Opcode Fuzzy Hash: f0e1d27f4a0178b561d00f50b0d902d877de75c50a0ec91d7c41bc13dc00afba
                                        • Instruction Fuzzy Hash: 5E5280B4B001159FCB14DF68D484AAEBBB6FF89314F168169EA06DB360DB35EC51CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF1AD8, Relevance: .5, Instructions: 524COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b08634d2aacd1b7b43e4f688b332de4bab24ded46b5d6e457fd89f4ade1b1bd4
                                        • Instruction ID: 8ef9dae38b357ffa32e931495e52326eb464508cd1119bea2e4a34fe45e72894
                                        • Opcode Fuzzy Hash: b08634d2aacd1b7b43e4f688b332de4bab24ded46b5d6e457fd89f4ade1b1bd4
                                        • Instruction Fuzzy Hash: 103209B1C05269CFEB28DFA6C8583EDFAF5FB49305F1480A9C149A6291D7794AC8DF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF2BC8, Relevance: .5, Instructions: 505COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb9da336c6fa0e4b1f4768f2f4c0491f001267a828807d0e079114c42414aa4f
                                        • Instruction ID: e34261bf8bf7f50aadd83a89726ea7f3f1418acabee62d5d43b10e81f3b0cbd0
                                        • Opcode Fuzzy Hash: bb9da336c6fa0e4b1f4768f2f4c0491f001267a828807d0e079114c42414aa4f
                                        • Instruction Fuzzy Hash: 9C3209B1C05269CFEB28DFA6C9183EDFAF5BB45305F0580A9D149AB291D7794AC8CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFADD5, Relevance: .2, Instructions: 204COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ac1b416f74a23d08cd30936813bdc1ff9dcc133a5c3e39ad4fbe0cb581ebde29
                                        • Instruction ID: 453e7536398a63aba5826dd3c9287c79acdf24e55dab2aa1dfc63416235628b9
                                        • Opcode Fuzzy Hash: ac1b416f74a23d08cd30936813bdc1ff9dcc133a5c3e39ad4fbe0cb581ebde29
                                        • Instruction Fuzzy Hash: DF81E3B4E11218CFCB08CFA9C84069EFBB2BF89300F24C12AD519AB354EB359945CF65
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFADF8, Relevance: .2, Instructions: 189COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eaa29dade3dfcabbed0586b84102fa1c4ef41dac6fd96b2fefbd767613d66571
                                        • Instruction ID: f8d032558ee045c0ae79b3b9da3dcf0c06313726fce2e72af07f98232036137e
                                        • Opcode Fuzzy Hash: eaa29dade3dfcabbed0586b84102fa1c4ef41dac6fd96b2fefbd767613d66571
                                        • Instruction Fuzzy Hash: 4881C2B0E11218CFDB08CFA9C984A9EFBB2FF89300F20D12AD519AB254DB3599458F51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF9D90, Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e38ee5df1ee53c721d9ec0cf0ef22f6ecb3758ce86b5c0844960a7db668904f
                                        • Instruction ID: 39ba5aee72311b0048f6f3d0aa3bbd029d3daf0f9349d23c379696f20e57526f
                                        • Opcode Fuzzy Hash: 8e38ee5df1ee53c721d9ec0cf0ef22f6ecb3758ce86b5c0844960a7db668904f
                                        • Instruction Fuzzy Hash: CB51E7B4E052199FCB04DFAAC490AEEFBF2FF88300F15C569D514A7255DB34A982CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBA11, Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fae19a622496e78c32add2e271cbf356e3f90c5df80812d0bae3241ec96753e6
                                        • Instruction ID: 13087c9afe7da8a0939514075cfb97ca3d7a94c6424acb726e6c8b53efc05a17
                                        • Opcode Fuzzy Hash: fae19a622496e78c32add2e271cbf356e3f90c5df80812d0bae3241ec96753e6
                                        • Instruction Fuzzy Hash: 96514AB0E056198FCB08CFAAC940AAEFBF2FF88300F15C56AD509B7255D73489418FA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBA20, Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 83964d9db66559a3bdff3d6b1cf2ce4777a987db440ab4fb37643b8a8688911e
                                        • Instruction ID: fcc06f63d3aaa8d8f723a1c5331894ba2829d950c31448ff3c80df0a24dc0526
                                        • Opcode Fuzzy Hash: 83964d9db66559a3bdff3d6b1cf2ce4777a987db440ab4fb37643b8a8688911e
                                        • Instruction Fuzzy Hash: C55125B0E056198FCB08CFAAC940AAEFBF2FF88300F15D56AD519B7254D7349A418F64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFC400, Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c81aabdb6ed1a57c67c61cd952110a308d7ba509ff2fa405d43c2ff7376a78e3
                                        • Instruction ID: 78626d744f9d9038c926968a271401b8a8073323033d70c8d8471f371336af0b
                                        • Opcode Fuzzy Hash: c81aabdb6ed1a57c67c61cd952110a308d7ba509ff2fa405d43c2ff7376a78e3
                                        • Instruction Fuzzy Hash: 7131E4B1E016188BDB28CFAAD84469EFBB7BFC8311F14C06AD509A6254DB355A46CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFC3F1, Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6f950ef72f95b30f5e353d9e2a7e869fc420cbc27b5f038c298079118eadbb69
                                        • Instruction ID: 87880f48c3e6f5d9bcc1a00cdc8ce2b9e5f0758c128e0f9b0e1cf117f7de4e4c
                                        • Opcode Fuzzy Hash: 6f950ef72f95b30f5e353d9e2a7e869fc420cbc27b5f038c298079118eadbb69
                                        • Instruction Fuzzy Hash: 7E21C5B0E016588BDB18CFABD8446DEFBF7AFC9310F14C16AD408A6258DB341A45CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF4230, Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: Xcl$Xcl$Xcl$Xcl
                                        • API String ID: 0-3823498771
                                        • Opcode ID: cf452b53ccaa7fd7b49bf9c2d70f63f76b8eb2f1df78a6b8fac5c614ac582180
                                        • Instruction ID: 80dc7c6e96d45f22ca3b3624641acb1c51375144b53091d36d6ef81efa70ade4
                                        • Opcode Fuzzy Hash: cf452b53ccaa7fd7b49bf9c2d70f63f76b8eb2f1df78a6b8fac5c614ac582180
                                        • Instruction Fuzzy Hash: 5F616DB1B001558FCB149F64D455AEEBBF6EF89215F16406AEA02EB3A0CB30DD51CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFD898, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: ,j{$,j{$?~>K
                                        • API String ID: 0-1630969029
                                        • Opcode ID: 2a75c7d1c268c38fb57f0fe3e03640adce742cc951f8c303834193d0cb590981
                                        • Instruction ID: e03ec1e20fe2ee5e3925b3ad8bef55349029b968a1c4904e9089c7b26df31e23
                                        • Opcode Fuzzy Hash: 2a75c7d1c268c38fb57f0fe3e03640adce742cc951f8c303834193d0cb590981
                                        • Instruction Fuzzy Hash: 762157B0E1520ADFCB08CFA6C5405AEFBF2FB89340F25D8AA8505A7214D7309A41DF55
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6A35, Relevance: 1.6, APIs: 1, Instructions: 148processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 068E6B8B
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: ba3ad62523bed931c54a91a3a9b099359aa3943b464b8e6044a857b5542503da
                                        • Instruction ID: 92543edd654f75f08bf55fdc5ec9dd11f5246df37ab02691dc966d84f2bdc548
                                        • Opcode Fuzzy Hash: ba3ad62523bed931c54a91a3a9b099359aa3943b464b8e6044a857b5542503da
                                        • Instruction Fuzzy Hash: 0D511571D003289FDB64DF99C880BDDBBB1AF59314F15809AE509B7250DB309A89CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6A38, Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 068E6B8B
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 62f34eecbccf823df7326a34503a2a9f5bf39cf9424438fccb64fc7512f9254d
                                        • Instruction ID: 1551171a43df699f7249e641fdfaf743747420b38291126f3e176a934dc5b14f
                                        • Opcode Fuzzy Hash: 62f34eecbccf823df7326a34503a2a9f5bf39cf9424438fccb64fc7512f9254d
                                        • Instruction Fuzzy Hash: 02511571D003289FDB64CF99C880BDDBBB1BF59314F15809AE909B7250DB709A89CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00ACDDEC, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00ACFE2A
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: a0edf6b0caaa5db3ee58bdf143f59b99d4465bc48127bf8e8ca5f2eed1256acf
                                        • Instruction ID: a0bfc978c851c50e165086496a4fec08b7a2a4d07c016a5549abde2e80c1a1e4
                                        • Opcode Fuzzy Hash: a0edf6b0caaa5db3ee58bdf143f59b99d4465bc48127bf8e8ca5f2eed1256acf
                                        • Instruction Fuzzy Hash: DE51D1B1D00308DFDB14DFAAD884ADEBBB6BF48314F25852EE819AB211D7709945CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00ACFD0D, Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00ACFE2A
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: ce05a4dcd7929c4bbe4050127a2844ee6a9fce85721be60a99d45cce810242dd
                                        • Instruction ID: 7edf7bf1028acdb148f161452658ff8a3883c216e7cbf401fe0941b6684fecb8
                                        • Opcode Fuzzy Hash: ce05a4dcd7929c4bbe4050127a2844ee6a9fce85721be60a99d45cce810242dd
                                        • Instruction Fuzzy Hash: D751EEB1D00308DFDB14CFAAD884ADEBBB6BF48314F25852AE819AB251D7709945CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC3DE8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 00AC5421
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 044fc3e2440599aa808da4b4fda4e7a00921e09c72c1ce61c34e77f05f148438
                                        • Instruction ID: 82c23ef345946b926a9c45b75e6ec73273020d9e42652f53c4f3e8962a69f8ec
                                        • Opcode Fuzzy Hash: 044fc3e2440599aa808da4b4fda4e7a00921e09c72c1ce61c34e77f05f148438
                                        • Instruction Fuzzy Hash: 8741E570C04618CFDB24DFA9C944B9DBBB6BF49308F61806DE409BB251DB756985CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC536E, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 00AC5421
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 76f5c12c5c6ab0c8157c58b8622a731b675ba8d488a05c762768fff79514db6d
                                        • Instruction ID: 7cd635d8821973f70262a36ddc2dec241a860a6a3413c2ccc37aae769eedbca7
                                        • Opcode Fuzzy Hash: 76f5c12c5c6ab0c8157c58b8622a731b675ba8d488a05c762768fff79514db6d
                                        • Instruction Fuzzy Hash: 9E41C571C00618CBDB24DFA9C944BDDBBB2BF49308F218169D419BB251DB75698ACF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 049E23B0, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                        Download Yara Rule
                                        APIs
                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 049E2471
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.394271453.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: false
                                        Similarity
                                        • API ID: CallProcWindow
                                        • String ID:
                                        • API String ID: 2714655100-0
                                        • Opcode ID: bf0327cd1fe2315e38e55ae24f05b9b11eaf748c0b48d0e61b8e0ad512d0c9d7
                                        • Instruction ID: 4c37c1ae09ba76af0c9cc4a97784e3fdf51b4aeaaccd30f19ac3b07ac296149a
                                        • Opcode Fuzzy Hash: bf0327cd1fe2315e38e55ae24f05b9b11eaf748c0b48d0e61b8e0ad512d0c9d7
                                        • Instruction Fuzzy Hash: 71413DB5A003058FDB15CF5AC448BAABBF9FF88314F25C4A9E519A7321D734A845CFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC9B12, Relevance: 1.6, APIs: 1, Instructions: 75libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AC9971,00000800,00000000,00000000), ref: 00AC9B82
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 48b080f6d753619460ccf0617d9f19e32aa51260946dcb3342098159a1907017
                                        • Instruction ID: e692714f5aa49ecc94f50f4f2899bbf155c501ddb0b3f8c7ee8623cbaa82816b
                                        • Opcode Fuzzy Hash: 48b080f6d753619460ccf0617d9f19e32aa51260946dcb3342098159a1907017
                                        • Instruction Fuzzy Hash: 0C2157B6C00208DFCB20DF9AD448ADEFBB4EB98364F15842ED415B7600C774A94ACFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6FD8, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 068E706D
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 0a3a48c110ba45d2a7d7c0533126935890be1c4bf709df5c05b4ee6ea94687e5
                                        • Instruction ID: b666fbf0d875264b5161c08bd3b478247eb5a2e29eb7211df23821cba79acf61
                                        • Opcode Fuzzy Hash: 0a3a48c110ba45d2a7d7c0533126935890be1c4bf709df5c05b4ee6ea94687e5
                                        • Instruction Fuzzy Hash: AD2124B19002499FCB10CFAAC884BDEFBF4FB49310F10852AE918A3341D774A944CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 049E0006, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetWindowLongW.USER32(?,?,?), ref: 049E009D
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.394271453.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: false
                                        Similarity
                                        • API ID: LongWindow
                                        • String ID:
                                        • API String ID: 1378638983-0
                                        • Opcode ID: 6364a4f8c5ae6d919103985b450f674bdd0df495bc5fde550de6927446b25648
                                        • Instruction ID: c28528fa7783432e1894ccbd1e378c9d253a8f56f53f36f831a0a7607613becf
                                        • Opcode Fuzzy Hash: 6364a4f8c5ae6d919103985b450f674bdd0df495bc5fde550de6927446b25648
                                        • Instruction Fuzzy Hash: 5321C2B18043898FDB11DFA9C484ADEBFF4EF4A314F15849AD445A7242C374A90ACFA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6FE0, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 068E706D
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: efb9e265af3ed16d991e4f074d376c8bb617a525a6507d87262849cfb685da46
                                        • Instruction ID: 5dfef6429ce6be79fa8c62e3830168fb3c9ad3780f98b764833e5708997c5fa0
                                        • Opcode Fuzzy Hash: efb9e265af3ed16d991e4f074d376c8bb617a525a6507d87262849cfb685da46
                                        • Instruction Fuzzy Hash: 5C2125B19002099FCB10CFAAC884BDEBBF4FB49310F10842AE918E3340D778A944CFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00ACB8D0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00ACB89E,?,?,?,?,?), ref: 00ACB95F
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 6027b59f909b28f67a3c1109c9035880ce1a054a9151849dcad45a3bf0cedce5
                                        • Instruction ID: e92147d101de597c91af31cf726b0cbc0f80c53c52a2ada751b0d7787f46475c
                                        • Opcode Fuzzy Hash: 6027b59f909b28f67a3c1109c9035880ce1a054a9151849dcad45a3bf0cedce5
                                        • Instruction Fuzzy Hash: 112105B5900248DFDB10CFAAD984ADEBFF4EB48324F14842AE914B3351D374A945CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC9820, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00ACB89E,?,?,?,?,?), ref: 00ACB95F
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: f98fb5f9232ba43599da58ea8f253d4a2130bc0ca8cbbf9adb061d05b2c98f94
                                        • Instruction ID: fb95c45ae7c4a5a3b9120bea82b4104e847c0b71260d59e9fef8a3760bdc050b
                                        • Opcode Fuzzy Hash: f98fb5f9232ba43599da58ea8f253d4a2130bc0ca8cbbf9adb061d05b2c98f94
                                        • Instruction Fuzzy Hash: 0721E5B5900209DFDB10DFAAD484AEEBBF8EB48324F54841AE914B7350D375A954CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6E60, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 068E6EE7
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 71f74d9f842a64bed67186b6977adde5ed69f8e0a34c23d8385bd3add09558e6
                                        • Instruction ID: 67e3a14a1ec6312be730a7085e090733f6b22256ad1e267b0f9c204e77737e08
                                        • Opcode Fuzzy Hash: 71f74d9f842a64bed67186b6977adde5ed69f8e0a34c23d8385bd3add09558e6
                                        • Instruction Fuzzy Hash: 5B21F5B5900649DFCB10DFAAD884BDEFBF4FB49320F50842AE918A7650D375A544CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6DA0, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 068E6E1F
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: ContextThread
                                        • String ID:
                                        • API String ID: 1591575202-0
                                        • Opcode ID: 3153a1be65cb68cb8672532c51d644c2daa5e7d11a2a2adcb8025ff171369f97
                                        • Instruction ID: 0eecffcc20221abe3f7ac18e0b661b9af4653f06d6cca8960a4a671ed6bf1ef1
                                        • Opcode Fuzzy Hash: 3153a1be65cb68cb8672532c51d644c2daa5e7d11a2a2adcb8025ff171369f97
                                        • Instruction Fuzzy Hash: 7A2127B1D0061A9BCB10CFAAD8857EEFBF4BB59224F54812AE518A3740D774A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6E68, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 068E6EE7
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: ae606048058a45b0058cd0f5a3106e68e8c8bd6a4e6c9f2fa50efc58ed6b94d2
                                        • Instruction ID: 50059dd05440884b75c3cb47b4f28f6f011d8a7d66d28efc8844ab837f7fe47e
                                        • Opcode Fuzzy Hash: ae606048058a45b0058cd0f5a3106e68e8c8bd6a4e6c9f2fa50efc58ed6b94d2
                                        • Instruction Fuzzy Hash: 6A21E2B59006599FCB10DFAAD884BDEBBF4FB49320F50842AE918A3250D374A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6DA8, Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 068E6E1F
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: ContextThread
                                        • String ID:
                                        • API String ID: 1591575202-0
                                        • Opcode ID: 1f8bb87beb8fdb2769d1934b87c1097c4005c3ce888bdad16d7b7f080080ebc7
                                        • Instruction ID: 3fbc1e686969de1f1c7c74bf39e947722e31041ab52e4b6cb41c171bd650c748
                                        • Opcode Fuzzy Hash: 1f8bb87beb8fdb2769d1934b87c1097c4005c3ce888bdad16d7b7f080080ebc7
                                        • Instruction Fuzzy Hash: C02108B1D0061A9FCB10DF9AC8457EEFBF4BB49224F548129D518B3740D774A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF8AE8, Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: <l
                                        • API String ID: 0-336738149
                                        • Opcode ID: 95cac2d06ac986e65192d68543e2bb69cb0b3637e1a166a5366c24c6ee63b3aa
                                        • Instruction ID: b200e631017ca8a8ca98a36d4b07e20e3e28bdb8f108de9ea1177fa09bb2ab52
                                        • Opcode Fuzzy Hash: 95cac2d06ac986e65192d68543e2bb69cb0b3637e1a166a5366c24c6ee63b3aa
                                        • Instruction Fuzzy Hash: F8C19674B002099FCB14DF68D859AAEBBF6EF88314F158069E606D7390DB34DC51DBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC9498, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AC9971,00000800,00000000,00000000), ref: 00AC9B82
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 9c7e2c5686733563f61fc488e784b0ef69209b8e095dd4dc80c2820af078f286
                                        • Instruction ID: ea032729059774e05a2e955efbb3ef615745736f0a3068ffa40333446ad114b2
                                        • Opcode Fuzzy Hash: 9c7e2c5686733563f61fc488e784b0ef69209b8e095dd4dc80c2820af078f286
                                        • Instruction Fuzzy Hash: 7C11F4B59002089BDB10DF9AD448BDEFBF4AB48324F11842EE415A7200C374A945CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E74B0, Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,?,?,?), ref: 068E7515
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 91c2835fb3302ea0fcadcb652e75e988c486e047a6194bd56489f6d531ca2400
                                        • Instruction ID: 4dedbbc89899065556f73d8c70cef99e528d78e38a91572a8100de922b0e1cde
                                        • Opcode Fuzzy Hash: 91c2835fb3302ea0fcadcb652e75e988c486e047a6194bd56489f6d531ca2400
                                        • Instruction Fuzzy Hash: E11125B58002489FDB50DF9AC985BDEFFF8EB59324F20881AE515B7200C375A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6F30, Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068E6FA3
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 983f3b6cce446b8568599cb006f2017a145fdcd4c51edff89205836a12826607
                                        • Instruction ID: b3db7d6dedd592658a8e45db468e426f8854b504070daa99207668cb17ccc90c
                                        • Opcode Fuzzy Hash: 983f3b6cce446b8568599cb006f2017a145fdcd4c51edff89205836a12826607
                                        • Instruction Fuzzy Hash: 441104B59042489FCB10DF9AD884BDEBFF4EB49324F148419E518A7250D379A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E6F38, Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068E6FA3
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: c85ddcb1e531be6cb964b4dfda852c69bfd20e668442828f8521fae34570dfe9
                                        • Instruction ID: 5726cd3f89543cc6d5bebc10386b8d0b5d81c50029c0ae29d5521174e0c0ecb8
                                        • Opcode Fuzzy Hash: c85ddcb1e531be6cb964b4dfda852c69bfd20e668442828f8521fae34570dfe9
                                        • Instruction Fuzzy Hash: 101122B58002489FCB20DF9AC884BDEBBF4FB89324F148419E628A7210C375A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC9889, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00AC98F6
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 35a71e9b48f4de1fac01eb00249a7451335f69a46201044a79e9b6970eb24c3d
                                        • Instruction ID: 1d8ce1086fc93e417902ca846061e8fc2ec28f12411f196ae16347989e55a08d
                                        • Opcode Fuzzy Hash: 35a71e9b48f4de1fac01eb00249a7451335f69a46201044a79e9b6970eb24c3d
                                        • Instruction Fuzzy Hash: 3711F0B6C006498BCB10DFAAD448BDEFBF4EB89324F15846AD429B7600D375A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00AC9890, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00AC98F6
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.388035056.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 46c6081c09de721b110100f773d47a3f5fba6f0adf19a0840333fc964cf83507
                                        • Instruction ID: 61d9d1de43c4f65a5e68f6ab97660f50fcabffd6ffd6903fac6a094d2af9ab80
                                        • Opcode Fuzzy Hash: 46c6081c09de721b110100f773d47a3f5fba6f0adf19a0840333fc964cf83507
                                        • Instruction Fuzzy Hash: 2B1113B5C002498FCB10DF9AC448BDEFBF4EB89324F11845AD429B7600C374A545CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E7190, Relevance: 1.5, APIs: 1, Instructions: 45threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: e345ac7eab4bd2017a466d79681804974f4ce01968086cf87fa00c189433d47d
                                        • Instruction ID: b1a4bbc84d43f511b16914e38770307eca0af1c551a49c68e4a4414e84ac61b8
                                        • Opcode Fuzzy Hash: e345ac7eab4bd2017a466d79681804974f4ce01968086cf87fa00c189433d47d
                                        • Instruction Fuzzy Hash: 001115B1900249CFCB10DFAAD444BDEBBF4EB49324F24845AD519A7740C775A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 049E0040, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetWindowLongW.USER32(?,?,?), ref: 049E009D
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.394271453.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: false
                                        Similarity
                                        • API ID: LongWindow
                                        • String ID:
                                        • API String ID: 1378638983-0
                                        • Opcode ID: 33598bcb6b1e3d6d0831eff3612f2907f32d283e9c38a5cba5460ca644a9cd20
                                        • Instruction ID: 155d10ef02497126f4bd188c826afbe3ff6765607ac4acf863e631f276096120
                                        • Opcode Fuzzy Hash: 33598bcb6b1e3d6d0831eff3612f2907f32d283e9c38a5cba5460ca644a9cd20
                                        • Instruction Fuzzy Hash: 0311E5B58003199FDB20DF9AD584BEEBBF8EB48324F20841AE915B7740C375A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E74B8, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,?,?,?), ref: 068E7515
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 2bde8b3562dcf1dcedb40c7815345a2f16385b2b0507534dd9110075f1904ff5
                                        • Instruction ID: 01f29ac46db6dd5c38e0294afadaaf3ca2ccc212e2253b13633181d73749d912
                                        • Opcode Fuzzy Hash: 2bde8b3562dcf1dcedb40c7815345a2f16385b2b0507534dd9110075f1904ff5
                                        • Instruction Fuzzy Hash: CE11E2B58003499FDB20DF9AD884BDEBBF8EB49324F10881AE515A7700D375A948CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 068E7198, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397442733.00000000068E0000.00000040.00000001.sdmp, Offset: 068E0000, based on PE: false
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: f5382d0a601d24a98ac4d581765de9de3cbe63e25959e5040a6ba72af982d2e0
                                        • Instruction ID: b14960183b3d59a515f622ed6002e17b3bbb6b607a4236ac7937f203f1903292
                                        • Opcode Fuzzy Hash: f5382d0a601d24a98ac4d581765de9de3cbe63e25959e5040a6ba72af982d2e0
                                        • Instruction Fuzzy Hash: A411F3B58002498FCB20DF9AD884BDEFBF4EB49324F24845AD519B7740C775A948CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF9468, Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: `l
                                        • API String ID: 0-379310572
                                        • Opcode ID: 1f47311a939bc162ae62f7499e1dde16bd5701d9faa93f7bbccccc21058bb339
                                        • Instruction ID: 47fd7093b0b4adf500d3b68c930496ad7e2031f2e3fdd6555d9f1cceca59d171
                                        • Opcode Fuzzy Hash: 1f47311a939bc162ae62f7499e1dde16bd5701d9faa93f7bbccccc21058bb339
                                        • Instruction Fuzzy Hash: D4910270D00219DFDB24DFA5C884BDDFBB2BF49304F1584A9D508AB251DB35AA89CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF9458, Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: `l
                                        • API String ID: 0-379310572
                                        • Opcode ID: fe92065f7702e22e3894866bd3daa527a6c4d2cdd8438b9c91ac5fd86d34ded0
                                        • Instruction ID: 47b8dd9ff927d7787f4fd1019e955f4175cacd4e8462641e23b992b02599b313
                                        • Opcode Fuzzy Hash: fe92065f7702e22e3894866bd3daa527a6c4d2cdd8438b9c91ac5fd86d34ded0
                                        • Instruction Fuzzy Hash: DB3139B0E04219DFDB18DF6AC8507DEFBB2AF85300F1181A9D548A7250DB355A85CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBCF1, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: n0p
                                        • API String ID: 0-778890183
                                        • Opcode ID: 72c63a84fe714203160493424b7b0be3b67a5fa44ab11dc729a7e8adee7855b1
                                        • Instruction ID: e229942dc73069f8c7aa78afa392c78b12460e2206b0b4235941ae712e7b4495
                                        • Opcode Fuzzy Hash: 72c63a84fe714203160493424b7b0be3b67a5fa44ab11dc729a7e8adee7855b1
                                        • Instruction Fuzzy Hash: F0313AB4E04209DFCB44CFA9C8415AEFBF2EF89300F29C5AAC515AB355D7349A41CB52
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBD00, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: n0p
                                        • API String ID: 0-778890183
                                        • Opcode ID: dbdd539f89779ca985183907fcf228b677808902e28080140371307d01faa2cd
                                        • Instruction ID: f8dec8d6162fb39251b7ebb7ca3ac0abf245bbe4920042ec2f90e732b9d1dcf7
                                        • Opcode Fuzzy Hash: dbdd539f89779ca985183907fcf228b677808902e28080140371307d01faa2cd
                                        • Instruction Fuzzy Hash: E2312CB4E04209DFCB44CFA9C94159EFBF2EB89300F19D4A6C519A7314D7349A418F51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0548, Relevance: .5, Instructions: 474COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3db41b4c64b55d2ad76bca05b05e43280170c9d19d0dc2f94f6034f2d0b8d5b3
                                        • Instruction ID: 55cba488103a887f597f27f2da0ad5088c7406061c61ff915a61e70f3ea754dc
                                        • Opcode Fuzzy Hash: 3db41b4c64b55d2ad76bca05b05e43280170c9d19d0dc2f94f6034f2d0b8d5b3
                                        • Instruction Fuzzy Hash: 7F126D71A00209DFDF11DF64C540AEDB7B2FF85300F1186AAE949AB251EB70EA85CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF4658, Relevance: .2, Instructions: 181COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d3f16851313c03da3f42f7dd889f12d8535f0f55a16e941c37647341e72a8635
                                        • Instruction ID: 3f347eeb72ae94b53b9a69aeddc414a2e2284a17ab39b7577fc5498955237069
                                        • Opcode Fuzzy Hash: d3f16851313c03da3f42f7dd889f12d8535f0f55a16e941c37647341e72a8635
                                        • Instruction Fuzzy Hash: 065183F5B042868FCB14DFA9C88456FBBF2AF86214F0B846AD645D7261EB31E841C791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF8AD8, Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 00524920967cff6c96477284f2d0a3309cf24078bd8d5c43cc7d44ddaa025524
                                        • Instruction ID: b55ea0d70729b3a74a8f90cbbbae9ad54098fe77ab4f34fbc1210aabd896c00f
                                        • Opcode Fuzzy Hash: 00524920967cff6c96477284f2d0a3309cf24078bd8d5c43cc7d44ddaa025524
                                        • Instruction Fuzzy Hash: 5A512AB4A0121ADFCB24DF68D988AADBBF1FF48715F15806AE905EB260D730DC40DB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF9D80, Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5ba558aa61745ff78ed2d7222e0ffa4be0cd72fff2d6d68986cf312abd1e2b94
                                        • Instruction ID: d7af517ef219908c0525ed29cf8f8a69050e842ebf555d09aa759c64d4ad0691
                                        • Opcode Fuzzy Hash: 5ba558aa61745ff78ed2d7222e0ffa4be0cd72fff2d6d68986cf312abd1e2b94
                                        • Instruction Fuzzy Hash: 0741F6B5E052089FDB04DFAAC8506EEFBF2EF89300F15C16AD514AB354DB30A942CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF4997, Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0a813e73bcdeb9ad301afbe367a8fa123a3d89bffffce22c06697000afa7512e
                                        • Instruction ID: f0f043a9b31e351a52d3e29fce54e25589f277594ecb3c59f2580a006eee7935
                                        • Opcode Fuzzy Hash: 0a813e73bcdeb9ad301afbe367a8fa123a3d89bffffce22c06697000afa7512e
                                        • Instruction Fuzzy Hash: B2415B71B0011A9FCF14AF64D845AEEBBA6EF84219F058029F90297394DB34DD62CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF2A68, Relevance: .1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b8141038b9c1d52b0c5042be6eba00f410ded9160a6705e3f821976bcb1bb900
                                        • Instruction ID: 85e73cc72e59bcfa3a20f641d34f471f30388db1ccb1fc3feb1fc4cb9f3d80d6
                                        • Opcode Fuzzy Hash: b8141038b9c1d52b0c5042be6eba00f410ded9160a6705e3f821976bcb1bb900
                                        • Instruction Fuzzy Hash: 04518FB8E012098FCB48DFA9D58499EBBF2FF89300F148069E515AB364DB30A905CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF2A78, Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fc4fccc2babcb8944a7e8b4e609ff8cc971b8ca257ca09f8a9b898cc3b9fafb1
                                        • Instruction ID: 19a12f628d566837b28168d0984c7f1bc0a92bd9d1675aee64459aedb2fc67a5
                                        • Opcode Fuzzy Hash: fc4fccc2babcb8944a7e8b4e609ff8cc971b8ca257ca09f8a9b898cc3b9fafb1
                                        • Instruction Fuzzy Hash: 54515FB4E002099FCB44DFA9D58499EBBF2FF89314F248069E515AB364DB31AD05CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF9F58, Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6c09eddc2d0fedcbae0647b2141c0ffe3bb8d477cd59757aefdb868eb7cb636
                                        • Instruction ID: 5cbf23c997ed4c1378133ec79be79095d0dd6153dadd106afe7c045e7c5437c5
                                        • Opcode Fuzzy Hash: a6c09eddc2d0fedcbae0647b2141c0ffe3bb8d477cd59757aefdb868eb7cb636
                                        • Instruction Fuzzy Hash: 1841D5B4E002089FDB14CFA9D885ADEBBB2BF89300F249129E505BB354DB749946CF55
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF9F68, Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f37d265690369e17397dd9754e96a8c13716c24897d4087e6cc6d73a68b1f5e5
                                        • Instruction ID: 7fab4dbdef3628d0697224143e39e244e8b4a04186646cf408896a9c9455a8bb
                                        • Opcode Fuzzy Hash: f37d265690369e17397dd9754e96a8c13716c24897d4087e6cc6d73a68b1f5e5
                                        • Instruction Fuzzy Hash: B141D574E002089FDB18DFA5D884A9EBBB2BF89300F209129E505BB364DB749946CF54
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFA130, Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc09af771f92e51cefead2412843053c2f93920a20153128f4c1bb6d4ae00dab
                                        • Instruction ID: 0e75f52d2702917db321e9a30672e66522cd50cfb3d0f11e9cbc70040df724d0
                                        • Opcode Fuzzy Hash: dc09af771f92e51cefead2412843053c2f93920a20153128f4c1bb6d4ae00dab
                                        • Instruction Fuzzy Hash: 8C313770A05208DFC700EFB4D44959DFBF6EF86304F11C8A9C5099B255DB359B468B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0DE1, Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: adc97d929b3804a7332a40770d7df5f58f1c242921bd31476c8e5ec95d109f91
                                        • Instruction ID: bebb7fa723b483cbe6bb3dd54164eff8863aa4dd57dbb729745bd7358251bc3e
                                        • Opcode Fuzzy Hash: adc97d929b3804a7332a40770d7df5f58f1c242921bd31476c8e5ec95d109f91
                                        • Instruction Fuzzy Hash: F521A2753001118BDB18972DD844E7DB3D6DFC8A21B1A427AE24ECB3A2DF11EC038791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBBE8, Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87cfec8efc6abac09e11608047acc5ec3522ebdfe45a293d22b76d9c234a63a5
                                        • Instruction ID: 5e08de11c4806f7e6e713e8f9a517898eba0d96b3b3c6da245c58d4ce632e40a
                                        • Opcode Fuzzy Hash: 87cfec8efc6abac09e11608047acc5ec3522ebdfe45a293d22b76d9c234a63a5
                                        • Instruction Fuzzy Hash: 7E31C6B4E042099FCB44CFA9C5819AEBBF2FB89201F11856AD919E7314D7749A41CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF12D0, Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6ff363ad6ad0818d3281d66f2605689218bb89b87579138b2ff0fbc44d3ce41
                                        • Instruction ID: fa61087f89dcaf69e62befdef9ea24e6f51da2a97077da6a70c452afe37b7e01
                                        • Opcode Fuzzy Hash: e6ff363ad6ad0818d3281d66f2605689218bb89b87579138b2ff0fbc44d3ce41
                                        • Instruction Fuzzy Hash: BE215C71E0060ACFDB11EBA8C4446BEF7F5FF89210F01466AD919E7260EB709A45CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF4202, Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9524850a5fc6f811a38be4f1815081c75c3b8ef17398c619905ae5ced99a3544
                                        • Instruction ID: 53ab2f6f84fb19b5685c3f3b448e5fec23751406341dbbd49f9efcdad7f54d72
                                        • Opcode Fuzzy Hash: 9524850a5fc6f811a38be4f1815081c75c3b8ef17398c619905ae5ced99a3544
                                        • Instruction Fuzzy Hash: A031BD71E042499FCF01DFA4E809AEEBBB1EF49224F05446AE901B7250D7319D54CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0071D4C4, Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387404415.000000000071D000.00000040.00000001.sdmp, Offset: 0071D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4ac6833e66bcab61a4069a83eecd4b84165a25bfc0d889ff0c4884abaf568d6b
                                        • Instruction ID: 542dec7d8ea2b3a8c4562d60fe21a12efc87a91ab784e0dfdd912cc6d0faf28a
                                        • Opcode Fuzzy Hash: 4ac6833e66bcab61a4069a83eecd4b84165a25bfc0d889ff0c4884abaf568d6b
                                        • Instruction Fuzzy Hash: 0921F8B1504240DFDB25DF18D9C0B66BF66FB84318F248569E9054B686C33ADCA6CFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0E51, Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9f1c38d4c9f40d8aabcaac1b41c454c9b934ae7e0f411706c68e43c72f42215
                                        • Instruction ID: e111c340081c769e4296b75b668917b81434c9f38af06aa18503071dbaca7bab
                                        • Opcode Fuzzy Hash: e9f1c38d4c9f40d8aabcaac1b41c454c9b934ae7e0f411706c68e43c72f42215
                                        • Instruction Fuzzy Hash: 4721D4B2F0061A4BDB21AF6888406BFF7F2EFC9600F05852ED64597341DB74A90187C1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0C67, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e7bf5b8635fb6fd32e32873452045602876035ce859ae0a65aa5a5b8ca5a3c89
                                        • Instruction ID: 5a7d9469fcaa64ac1ccdd944036021069a9fb6a25cc17734c52b1609a7efab57
                                        • Opcode Fuzzy Hash: e7bf5b8635fb6fd32e32873452045602876035ce859ae0a65aa5a5b8ca5a3c89
                                        • Instruction Fuzzy Hash: E82130B5B002098FDF44DF69D8848AEFBB5FF89300B114679D906A7351EB30E946CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0083D1D4, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387484012.000000000083D000.00000040.00000001.sdmp, Offset: 0083D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cd501cf05619247216e8b9410c954be3f9381b5712732a9ddbb57bc89424c1f1
                                        • Instruction ID: 005e2da4ce14f78ae671d28cc4b95168f4f09e066e145f098b4a96c861b307af
                                        • Opcode Fuzzy Hash: cd501cf05619247216e8b9410c954be3f9381b5712732a9ddbb57bc89424c1f1
                                        • Instruction Fuzzy Hash: 0921F5B1504344DFDB11DF20E9C0B26BB65FBC4318F24C5A9E8498B246C736E846CAA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0083D01C, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387484012.000000000083D000.00000040.00000001.sdmp, Offset: 0083D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 357e4627c0c0963dc37c6bb079f07303c414da4b67a66770a4e3044905d1554e
                                        • Instruction ID: 5200c1f25631823e4179d6d1e03c4c6c36e65eb53226f99c9a72addde81aae9c
                                        • Opcode Fuzzy Hash: 357e4627c0c0963dc37c6bb079f07303c414da4b67a66770a4e3044905d1554e
                                        • Instruction Fuzzy Hash: A821F5B1504744DFCB18DF24E9D0B26BB65FB84718F24C5A9E84A8B346C73AD847CAA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0C78, Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b32ee4b0aa33602f6daab710482bb501280555d69f5786485a47ee3836619242
                                        • Instruction ID: 031198da154e8b30b3fc1f62b09c4be58cbec5c5c6d2f4ac6dcad3aa2c3dee25
                                        • Opcode Fuzzy Hash: b32ee4b0aa33602f6daab710482bb501280555d69f5786485a47ee3836619242
                                        • Instruction Fuzzy Hash: BC211075A0020A8FDF54EF69C8848AEF7B9FF893007518679D905A7311EB34A945CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBBF8, Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c10e3b299379a2e641cc660123cef9ee7b398f0f16b12f94aec3d3836dd209fb
                                        • Instruction ID: 7fbd4e6b313520dfda1604a1370a0d1e277104425af036d30a672683dd409535
                                        • Opcode Fuzzy Hash: c10e3b299379a2e641cc660123cef9ee7b398f0f16b12f94aec3d3836dd209fb
                                        • Instruction Fuzzy Hash: 8A31A8B4E04209DFCB44CFA9C581AAEFBF1BF88301F11946AD919A7314D7749A41CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF29A0, Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1963f35fc39b4ee694f8a63d910bb315176c87ebaeac61a97805100c3ac0df46
                                        • Instruction ID: bd7119608b9bd8521c7691f115fbd7296e127f3335c56fc033e0f7a9151ddffd
                                        • Opcode Fuzzy Hash: 1963f35fc39b4ee694f8a63d910bb315176c87ebaeac61a97805100c3ac0df46
                                        • Instruction Fuzzy Hash: 8C218CB4D01209DFCB44DFA9C5806EEFBF5BB48304F24956AD908B7354E734AA81CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFD998, Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8ea43a7bbd5bf8e83b85d651c0bcb851790b7ab4d20635e8ed5da27d67dff1d
                                        • Instruction ID: 107babeb2c1bdcf34adeb31411ec32a5023a8d557d331830c13b71d3e71e7cb7
                                        • Opcode Fuzzy Hash: d8ea43a7bbd5bf8e83b85d651c0bcb851790b7ab4d20635e8ed5da27d67dff1d
                                        • Instruction Fuzzy Hash: B7216D74E05209EFCB04CFA9C945A9DFBF2EF89200F15C4AAD4149B355D734DA41CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFD9A8, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3138139aae48e807d8525885c6d9f251aa83ff3af7548fa28310379fefe9b1e6
                                        • Instruction ID: b5836b6710dd0c524b8edc421c089439a1afc8babeccfec6777cf6238cb4cf3c
                                        • Opcode Fuzzy Hash: 3138139aae48e807d8525885c6d9f251aa83ff3af7548fa28310379fefe9b1e6
                                        • Instruction Fuzzy Hash: F1112674E05108EFCB04DFA9C695A9EFBF2EB88300F15C4AA9918AB354DB34DA41DB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0071D4BF, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387404415.000000000071D000.00000040.00000001.sdmp, Offset: 0071D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c44e5517e690f366dff050201c0b94941bd0826892d3e316883c0148e970eb9
                                        • Instruction ID: a767753930147822254357be3912a55d388871a2d5aea1507782d197762c5fab
                                        • Opcode Fuzzy Hash: 4c44e5517e690f366dff050201c0b94941bd0826892d3e316883c0148e970eb9
                                        • Instruction Fuzzy Hash: AC11B176404280CFCB15CF14D5C4B56BF72FB84324F24C6A9D8450B656C33AD8AACFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0083D017, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387484012.000000000083D000.00000040.00000001.sdmp, Offset: 0083D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction ID: f02b9799dcb95bc7d5d14536bf6b39efd3f71666b35dfa0d99a0eae8e92c66df
                                        • Opcode Fuzzy Hash: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction Fuzzy Hash: F511BB75504780CFCB15CF24E5D4B15FBA1FB84724F28C6AAD8498B656C33AD84ACBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0083D1CF, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387484012.000000000083D000.00000040.00000001.sdmp, Offset: 0083D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction ID: fbcb98abb34842aea6cc9b21c1ad65f06e3c1dc462ccd247fd0d4db712595da8
                                        • Opcode Fuzzy Hash: 088bb676d9cc58b7b5583b2d12a323ce7eb7cea81b0eb8fe1e3b9802e29bf41a
                                        • Instruction Fuzzy Hash: 18118E75504280DFCB11DF14D5C4B16FB71FB84314F24C6A9D8498B656C33AE85ACBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFEF30, Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e609ac1d5a2f9b0a7665cc4c4cf25e757cb94d1eed6a34182946bf7835bcefe6
                                        • Instruction ID: 3a40bcbfe72362257c6b70bfaafad52367eb29a30d383f8981109116e1aabb9f
                                        • Opcode Fuzzy Hash: e609ac1d5a2f9b0a7665cc4c4cf25e757cb94d1eed6a34182946bf7835bcefe6
                                        • Instruction Fuzzy Hash: 141188B5D0028A8FCB10CFA9D8409EEBFF4BF49310F118566E554A7391D738AA41CFA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0338, Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 02d3da87dbd17eded0dfd7013f7585f9407b20ccc82996a66f4c6cfec1d0b959
                                        • Instruction ID: 139b62c3cd7199e51cc84b6bb1ed8a3daed5ab25d9bb4d3dcccf78ff1843281c
                                        • Opcode Fuzzy Hash: 02d3da87dbd17eded0dfd7013f7585f9407b20ccc82996a66f4c6cfec1d0b959
                                        • Instruction Fuzzy Hash: CF117070D002198FDB04EFA8D9547AEBBF1EF45304F104529D91AE7391D77499168BC5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0D38, Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9ffe22197753e26666608ad8c8762a325d0c9df0205d264119e35193ab31e95e
                                        • Instruction ID: 808fca5d40b8983b97c6c13875fbdd8eb99e8c496df64658f551c6172808c3d5
                                        • Opcode Fuzzy Hash: 9ffe22197753e26666608ad8c8762a325d0c9df0205d264119e35193ab31e95e
                                        • Instruction Fuzzy Hash: 7C01A2703511518FE7159B28CC58E7877E6AFC5654B1980FAE946CF3B3DA24DC028761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0071D745, Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387404415.000000000071D000.00000040.00000001.sdmp, Offset: 0071D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bfdc30dbe56db02c5e46eb2c387326f78de643ff764ddb64c0f575a70625249f
                                        • Instruction ID: 1c7ac8711906f1bb4ae0f2e2b4bf48486eaefdc73a9e132ba4d3b5c64d7f79c7
                                        • Opcode Fuzzy Hash: bfdc30dbe56db02c5e46eb2c387326f78de643ff764ddb64c0f575a70625249f
                                        • Instruction Fuzzy Hash: 1901D4710083409AE7305A2AC884BA6BB9CDB41368F18855AE9055B6C6D37C9C84CEB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFEF40, Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4046c15cb80945f4c9ebd4a1f9b4297d2e26b8242db40f054ada6e71ec5d6524
                                        • Instruction ID: d91f05daf0fb3ff519a5a861cb8a55e44d80d9ad94fb0785fd0654cf2a9b3695
                                        • Opcode Fuzzy Hash: 4046c15cb80945f4c9ebd4a1f9b4297d2e26b8242db40f054ada6e71ec5d6524
                                        • Instruction Fuzzy Hash: A71109B5D0025A9FCB10DFA9D8449EEBBF9BF4C311F108466E554A7340D738AA41CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0441, Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 98cc70f45cc1baa382ee83038fe25a4f766423d8cb8a595534b9c64d6c7eb6ed
                                        • Instruction ID: 9d71b7db4fc5987ce1c0bf56de0cae8bf6ae48112c660d23658f7d93246660ec
                                        • Opcode Fuzzy Hash: 98cc70f45cc1baa382ee83038fe25a4f766423d8cb8a595534b9c64d6c7eb6ed
                                        • Instruction Fuzzy Hash: 8301F77291070A9BCF10EFA5CC449DAFB36FFD9308F118629E10527260EB71A595C791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0348, Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c5ed5b18ccece5f2375e3822e3555226f2f3a4aeca292fd940cee2f4232e3795
                                        • Instruction ID: 69103811de21485b934d8dcec657e65e3c38c13a638e71e190559eb67684a3f7
                                        • Opcode Fuzzy Hash: c5ed5b18ccece5f2375e3822e3555226f2f3a4aeca292fd940cee2f4232e3795
                                        • Instruction Fuzzy Hash: AD016974D0020A8FEB04EFA8C9507AEBBF1EF45308F108529C529A7391DB74AA158BC4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0D68, Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6303b139f1653785e9d0623478e1c2d88b67966caf97fedd80592ee9785d817d
                                        • Instruction ID: 2d213816fba2805d2902bc2db07e6186dfa156ee342c4681a05546c22d151f59
                                        • Opcode Fuzzy Hash: 6303b139f1653785e9d0623478e1c2d88b67966caf97fedd80592ee9785d817d
                                        • Instruction Fuzzy Hash: 150181343111118FE7049B29D858D2A77EAAFC962472A80F7E209CF372CE60EC01CB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0071D744, Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.387404415.000000000071D000.00000040.00000001.sdmp, Offset: 0071D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9ee913bb88690e015c9f5d8ecc3e00d310c6e823e12358eb8c2c629576d82632
                                        • Instruction ID: a00139fa445ed9af31d300ca2fee1f0e0bfe9911295e5619cee7bafb4f894afd
                                        • Opcode Fuzzy Hash: 9ee913bb88690e015c9f5d8ecc3e00d310c6e823e12358eb8c2c629576d82632
                                        • Instruction Fuzzy Hash: 76F06271404244AEE7209E1ADC84BA2FF98EB51774F18C45AED085B7C6C3799C84CEB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBE18, Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d60570fe86a5e7097bf089432b46bd276928a4ecb6a51c5a16f0da316ba7230c
                                        • Instruction ID: f5c8394edb0592d0f44046d55a85936d0001896683f1bf6c05554ec6d6502b6d
                                        • Opcode Fuzzy Hash: d60570fe86a5e7097bf089432b46bd276928a4ecb6a51c5a16f0da316ba7230c
                                        • Instruction Fuzzy Hash: F4F044B4905308DFCB11DFB8D8056AEBFB0FB09201F1085AAD80497201D7355A42DF92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFCE85, Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0fd116768f63119971f259a621ba301ef5d91f79780a10fcb3f06b47b1f358f3
                                        • Instruction ID: d1aadf7c2215477fbe7f7f3e4943e3977ef985deca1ed9604d40904ab041fd93
                                        • Opcode Fuzzy Hash: 0fd116768f63119971f259a621ba301ef5d91f79780a10fcb3f06b47b1f358f3
                                        • Instruction Fuzzy Hash: 08113978901268DFCB65CFA5C980B98BBB2BB48310F5151EAE90DB7320D7359E81DF20
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0E00, Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7374c040c6e831e81b0d0a69e4e322b66485961b88a3e3b0a6afab6e4770cd91
                                        • Instruction ID: b6f82c5dd3f6d836715aea4d716605cf07516625b0fc67a5d793cb2d32f5e804
                                        • Opcode Fuzzy Hash: 7374c040c6e831e81b0d0a69e4e322b66485961b88a3e3b0a6afab6e4770cd91
                                        • Instruction Fuzzy Hash: E5E026BB740A5843CA39220DE854BBDB7D3DBC5A12B09013AD29BC7741CC0A9D1382DA
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF4647, Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 62e4fd92288ed02dff4e891abf41dddca3a4fa67734a5acc5649163f0667e92f
                                        • Instruction ID: 4a8ed483c1e18a65005674f844281dd2ab599502ad3f27f4a8768af884cb27e6
                                        • Opcode Fuzzy Hash: 62e4fd92288ed02dff4e891abf41dddca3a4fa67734a5acc5649163f0667e92f
                                        • Instruction Fuzzy Hash: 26E0E5B16082C5ABCB111AB1E8484D7BF68DB42158F014077DE41C6252D6718829C6A2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0BD0, Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 93feab1e57a2d1b97cc902a325fbf125bb7b84379609b6a16c78b0ff4da41f97
                                        • Instruction ID: 0dfa3ecbd815b89461e42dfd351c3592217a28a1ffb3c56d3b1e50d3d824f54e
                                        • Opcode Fuzzy Hash: 93feab1e57a2d1b97cc902a325fbf125bb7b84379609b6a16c78b0ff4da41f97
                                        • Instruction Fuzzy Hash: 39E02B71B006684B4B08E77F9411856F6DB9FC8210315C07EE40D87766EE31E9014BC0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFD1CB, Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b48b0bd205a48281f7483d46ab68b4e666468c753ae38111e8e6467accf4fabf
                                        • Instruction ID: 13f6bfaef2cf5c3ace1824ac942cd9beb48e93a7f34ae415dda34eac7cb92f13
                                        • Opcode Fuzzy Hash: b48b0bd205a48281f7483d46ab68b4e666468c753ae38111e8e6467accf4fabf
                                        • Instruction Fuzzy Hash: 11E0267BB23114CBC721EBAAF8520C5F322FBC032572200A7C6108B112E7314523DF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF977F, Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9cb27a740e62813a8853224612c8eb876102516f53688ca6fda6ab453920cc79
                                        • Instruction ID: c656845621613cc367b7b22e28170b1d6bf59c092c418f4151613510520ee12b
                                        • Opcode Fuzzy Hash: 9cb27a740e62813a8853224612c8eb876102516f53688ca6fda6ab453920cc79
                                        • Instruction Fuzzy Hash: 45E086F17093805FC316661E68904ADFFE5DDC711535A41BFD1CDC7351D56548068322
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFAB97, Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69149487337bb6f556806036a5826d769d8286ebed8c8c9af2e933fe45762b98
                                        • Instruction ID: 3dd15296cf844f06288ba03c952176de9f59ed442a2c7eb2c4df617e11896c99
                                        • Opcode Fuzzy Hash: 69149487337bb6f556806036a5826d769d8286ebed8c8c9af2e933fe45762b98
                                        • Instruction Fuzzy Hash: 37F0FF70D14228CFDB54DBA5C841B8AB6B1AF85300F00D0AAC10DBB655DB348E858F21
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0E10, Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6274dddcc6be2066d9bec415d22785bacbd3440ae59c4f382baf7718dc99f4a7
                                        • Instruction ID: 11df33f93d4e4bc03c259c3edb4880b94273fde9bee4cf52fb59da5f713107f9
                                        • Opcode Fuzzy Hash: 6274dddcc6be2066d9bec415d22785bacbd3440ae59c4f382baf7718dc99f4a7
                                        • Instruction Fuzzy Hash: C1E02B36340A5943493A321DD844F7EB6CBDBC5522709003AE289C7B01CD1DDD1282DA
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF420C, Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6f04989b1f1be4c7fbbef77387176240a59f87f395ca821b2da697d12e1bfec2
                                        • Instruction ID: 597058b619c4a57fedeb070abfc4a5ac2c73e85343758a64339a99dd8c4b2fb3
                                        • Opcode Fuzzy Hash: 6f04989b1f1be4c7fbbef77387176240a59f87f395ca821b2da697d12e1bfec2
                                        • Instruction Fuzzy Hash: 75D05BF17153145753147A9F649047FF6CAEBCA138356443EE34ED7300DD61AC0143A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFBE28, Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f12af253d46f5694bd79638074f8308cf2163774136eb599a8154be0170d209d
                                        • Instruction ID: 5cebeee6ed9e9f7b18b7360615b988f24af3df9d05b75838af96082ef74f0ff2
                                        • Opcode Fuzzy Hash: f12af253d46f5694bd79638074f8308cf2163774136eb599a8154be0170d209d
                                        • Instruction Fuzzy Hash: 68F039B4D0120CDFCB14DFA8D545AAEBBB4FB08301F1085AAD914A3300D7319A41DF95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFCC1C, Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c17bc1b3aba30bc0880c728ceb86a054ff5499f9a560f3c54882f8aa3a168fc
                                        • Instruction ID: f6225483913fc41a1b4b212a3f7532d16205b5de9f35e0d23be9588ae8b66862
                                        • Opcode Fuzzy Hash: 7c17bc1b3aba30bc0880c728ceb86a054ff5499f9a560f3c54882f8aa3a168fc
                                        • Instruction Fuzzy Hash: 4CF09D74D05219CFCB60CFA8CA809EDBBF1BB88310F209699A518A7315D630AA80CF10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0BC1, Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1fdaab49430308de718b62cc61a81699adde4d134158bbf8da130de635f2036
                                        • Instruction ID: ec1e1432ece3cb4bf6c5ff660040003286a7f53a56295e16f23f481e61b28f3e
                                        • Opcode Fuzzy Hash: b1fdaab49430308de718b62cc61a81699adde4d134158bbf8da130de635f2036
                                        • Instruction Fuzzy Hash: B4E0CDF27006540BD718D6299C11A66BB97EFDC700705C16DD50D4B756ED22ED0147C1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF0307, Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8fa195cc18fd39517a848827e1cc6e2c1ce457739c0b6e52b46c4d29a1daac9c
                                        • Instruction ID: 3a3b45031d357bcbb2e743b37d2c551ebd2bf01660047f629f4f64a11cc374a1
                                        • Opcode Fuzzy Hash: 8fa195cc18fd39517a848827e1cc6e2c1ce457739c0b6e52b46c4d29a1daac9c
                                        • Instruction Fuzzy Hash: FBD0233754401007E520C510F9C13CC33C3FBC4204F5A4955D180D7154C13ED9838600
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF8AA8, Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 86ce90cc55b1f5e48e7e9d597ff87d921049a27f9155d99c6f771b67a0a6c166
                                        • Instruction ID: a3c11771e6a63001df3ba65a93eef87c397dfe6794de89195da777f2b8855bce
                                        • Opcode Fuzzy Hash: 86ce90cc55b1f5e48e7e9d597ff87d921049a27f9155d99c6f771b67a0a6c166
                                        • Instruction Fuzzy Hash: 68D06776408248FFCF125FD0DD159D63F22BB16350F198142FA485A5A286729939EBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DFA71E, Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 752d95313afe29f62d99e3ec78416e85a7111c8f4ff539f50ba6d8ee816980c9
                                        • Instruction ID: 526e0cd7fbb8fd690dd53ae3e45b07811f741776c33a7ee1b6f7d070d406d116
                                        • Opcode Fuzzy Hash: 752d95313afe29f62d99e3ec78416e85a7111c8f4ff539f50ba6d8ee816980c9
                                        • Instruction Fuzzy Hash: 96E09A70A152599FCB64DFA4D99178CB7B5FB85204F0194A6D11DB6224DB315E418F20
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07DF8AB8, Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a3b71d3d25a1a53fd79750379a80a687179754bea36598d09da884ed6e752c8
                                        • Instruction ID: 3a1d9510b8be6c67eb8faede4f7ca8ac9f34a7fec252ca738f57b425000038e8
                                        • Opcode Fuzzy Hash: 9a3b71d3d25a1a53fd79750379a80a687179754bea36598d09da884ed6e752c8
                                        • Instruction Fuzzy Hash: 2BC0023604420DBBCF025EC1EC05EDA3F2AFB08750F048401FA190506187B39570ABA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 07DFECD0, Relevance: 5.2, Strings: 4, Instructions: 160COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000015.00000002.397691923.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: /),$/),$_|'$_|'
                                        • API String ID: 0-3327303074
                                        • Opcode ID: c158df32ce48a4f200c6a671ef948249d8ad66a32a05e5e5d2abf26262d7b927
                                        • Instruction ID: 54f60117e0aecbd9e8f4222c6f54d9c7f98bc364b0e6d4923e49ad23c112bd8b
                                        • Opcode Fuzzy Hash: c158df32ce48a4f200c6a671ef948249d8ad66a32a05e5e5d2abf26262d7b927
                                        • Instruction Fuzzy Hash: 847127B4D1421ADFCB04CF99D8809AEFBB2FF49310F19951AD615AB324C334A982CF95
                                        Uniqueness

                                        Uniqueness Score: -1.00%