Play interactive tour

Edit tour

Analysis Report Request for Price Quotation.pdf.exe

Overview

General Information

Sample Name:	Request for Price Quotation.pdf.exe
Analysis ID:	432812
MD5:	04ff13eb3759dbe4112b49738e9f5aee
SHA1:	460aa3f718ed5ce4c5d52a28fa2f275ebf076d30
SHA256:	836509e2435bbae2e7d695ff94a760a0aa3e3a362edd3e2f37e907bba48f6b72
Tags:	AgentTeslaexe
Infos:
Most interesting Screenshot:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Suspicious Double Extension

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains very large array initializations

.NET source code contains very large strings

Hides that the sample has been downloaded from the Internet (zone.identifier)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses an obfuscated file name to hide its real file extension (double extension)

Uses schtasks.exe or at.exe to add and modify task schedules

Antivirus or Machine Learning detection for unpacked file

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

Request for Price Quotation.pdf.exe (PID: 6496 cmdline: 'C:\Users\user\Desktop\Request for Price Quotation.pdf.exe' MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

schtasks.exe (PID: 6672 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD822.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

Request for Price Quotation.pdf.exe (PID: 6472 cmdline: {path} MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

Request for Price Quotation.pdf.exe (PID: 6748 cmdline: {path} MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

pGKuRU.exe (PID: 6744 cmdline: 'C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe' MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

schtasks.exe (PID: 6388 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD30D.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

pGKuRU.exe (PID: 808 cmdline: {path} MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

pGKuRU.exe (PID: 5644 cmdline: 'C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe' MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

schtasks.exe (PID: 6688 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpF0F5.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

pGKuRU.exe (PID: 6276 cmdline: {path} MD5: 04FF13EB3759DBE4112B49738E9F5AEE)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "mhd.nazri@vistakencana.com.mym33R3bus!mail.vistakencana.com.my"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Process Memory Space: Request for Price Quotation.pdf.exe PID: 6748	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Request for Price Quotation.pdf.exe PID: 6748	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Request for Price Quotation.pdf.exe PID: 6496	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Request for Price Quotation.pdf.exe PID: 6496	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: pGKuRU.exe PID: 6276	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: pGKuRU.exe PID: 6276	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: pGKuRU.exe PID: 5644	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: pGKuRU.exe PID: 5644	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: pGKuRU.exe PID: 808	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: pGKuRU.exe PID: 808	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: pGKuRU.exe PID: 6744	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: pGKuRU.exe PID: 6744	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author
33.0.pGKuRU.exe.400000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
33.0.pGKuRU.exe.400000.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
37.2.pGKuRU.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
37.2.pGKuRU.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
33.2.pGKuRU.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
33.2.pGKuRU.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
24.2.pGKuRU.exe.47d45f0.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
24.2.pGKuRU.exe.47d45f0.2.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
26.2.pGKuRU.exe.46645f0.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
26.2.pGKuRU.exe.46645f0.2.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
24.2.pGKuRU.exe.47d45f0.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
24.2.pGKuRU.exe.47d45f0.2.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
26.2.pGKuRU.exe.46645f0.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
26.2.pGKuRU.exe.46645f0.2.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
37.0.pGKuRU.exe.400000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
37.0.pGKuRU.exe.400000.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
18.2.Request for Price Quotation.pdf.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
18.2.Request for Price Quotation.pdf.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
18.0.Request for Price Quotation.pdf.exe.400000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
18.0.Request for Price Quotation.pdf.exe.400000.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Click to see the 19 entries

Sigma Overview

System Summary:

Sigma detected: Suspicious Double Extension

Show sources

Source: Process started

Author: Florian Roth (rule), @blu3_team (idea): Data: Command: {path}, CommandLine: {path}, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe, NewProcessName: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe, OriginalFileName: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe, ParentCommandLine: 'C:\Users\user\Desktop\Request for Price Quotation.pdf.exe' , ParentImage: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe, ParentProcessId: 6496, ProcessCommandLine: {path}, ProcessId: 6472

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "mhd.nazri@vistakencana.com.mym33R3bus!mail.vistakencana.com.my"}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Roaming\vRURxcnYJm.exe	ReversingLabs: Detection: 21%

Multi AV Scanner detection for submitted file

Show sources

Source: Request for Price Quotation.pdf.exe

ReversingLabs: Detection: 21%

Source: 33.0.pGKuRU.exe.400000.1.unpack	Avira: Label: TR/Spy.Gen8
Source: 37.2.pGKuRU.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 33.2.pGKuRU.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 37.0.pGKuRU.exe.400000.1.unpack	Avira: Label: TR/Spy.Gen8
Source: 18.2.Request for Price Quotation.pdf.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 18.0.Request for Price Quotation.pdf.exe.400000.1.unpack	Avira: Label: TR/Spy.Gen8

Source: Request for Price Quotation.pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Request for Price Quotation.pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: mscorrc.pdb source: Request for Price Quotation.pdf.exe, 00000001.00000002.301723615.0000000006930000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.435175637.0000000006D50000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.451550450.0000000006CA0000.00000002.00000001.sdmp

Source: Request for Price Quotation.pdf.exe, 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, pGKuRU.exe, 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	String found in binary or memory: http://lgGOBE.com
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.205550305.0000000005090000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.210317209.000000000508D000.00000004.00000001.sdmp, Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.292449495.0000000005080000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.292449495.0000000005080000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comrsiv
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.com;
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203308968.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.comc
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.comx
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.204968127.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.c
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.204968127.0000000005084000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.204952436.00000000050BD000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.204968127.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cnS
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp///
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/3
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/E
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/NegrW
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/fet
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/uche.
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203330941.00000000050A4000.00000004.00000001.sdmp, Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.coma-do
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.comd
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.204521592.0000000005086000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.204521592.0000000005086000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kre
Source: pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203564065.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.comc
Source: Request for Price Quotation.pdf.exe, 00000001.00000003.203537866.000000000509B000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.comtn
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, Request for Price Quotation.pdf.exe, 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, pGKuRU.exe, 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, pGKuRU.exe, 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, pGKuRU.exe, 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary:

.NET source code contains very large array initializations

Show sources

Source: 18.2.Request for Price Quotation.pdf.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b5BC708AEu002dEE51u002d4E9Eu002d8C5Au002d29C17F478EFEu007d/u003446AB6DCu002dB12Au002d4788u002d854Eu002d45AA3F287DBE.cs	Large array initialization: .cctor: array initializer size 11916
Source: 18.0.Request for Price Quotation.pdf.exe.400000.1.unpack, u003cPrivateImplementationDetailsu003eu007b5BC708AEu002dEE51u002d4E9Eu002d8C5Au002d29C17F478EFEu007d/u003446AB6DCu002dB12Au002d4788u002d854Eu002d45AA3F287DBE.cs	Large array initialization: .cctor: array initializer size 11916

.NET source code contains very large strings

Show sources

Source: Request for Price Quotation.pdf.exe, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: vRURxcnYJm.exe.1.dr, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 1.0.Request for Price Quotation.pdf.exe.580000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 1.2.Request for Price Quotation.pdf.exe.580000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 16.0.Request for Price Quotation.pdf.exe.300000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 16.2.Request for Price Quotation.pdf.exe.300000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: pGKuRU.exe.18.dr, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 18.2.Request for Price Quotation.pdf.exe.b70000.1.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 18.0.Request for Price Quotation.pdf.exe.b70000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 18.0.Request for Price Quotation.pdf.exe.b70000.2.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 24.2.pGKuRU.exe.fd0000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 24.0.pGKuRU.exe.fd0000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840
Source: 26.0.pGKuRU.exe.ee0000.0.unpack, ContactManagement/ContactForm.cs	Long String: Length: 11840

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample	Static PE information: Filename: Request for Price Quotation.pdf.exe
Source: initial sample	Static PE information: Filename: Request for Price Quotation.pdf.exe

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_06282A0E NtQuerySystemInformation,	1_2_06282A0E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_062829D4 NtQuerySystemInformation,	1_2_062829D4
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 18_2_013FB0BA NtQuerySystemInformation,	18_2_013FB0BA
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 18_2_013FB089 NtQuerySystemInformation,	18_2_013FB089
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_072527F2 NtQuerySystemInformation,	24_2_072527F2
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_072527BC NtQuerySystemInformation,	24_2_072527BC
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_058C26A6 NtQuerySystemInformation,	26_2_058C26A6
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_058C2675 NtQuerySystemInformation,	26_2_058C2675

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101F538	1_2_0101F538
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01017958	1_2_01017958
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01010180	1_2_01010180
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010141D8	1_2_010141D8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01014828	1_2_01014828
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010120B8	1_2_010120B8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101B0E0	1_2_0101B0E0
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101273C	1_2_0101273C
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101E7D8	1_2_0101E7D8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010197D8	1_2_010197D8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01019BF0	1_2_01019BF0
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01013E78	1_2_01013E78
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01013678	1_2_01013678
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101AEA8	1_2_0101AEA8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010156B0	1_2_010156B0
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101DD00	1_2_0101DD00
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101DD10	1_2_0101DD10
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01018960	1_2_01018960
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101F170	1_2_0101F170
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01018980	1_2_01018980
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01017580	1_2_01017580
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01017590	1_2_01017590
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01016408	1_2_01016408
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010120A9	1_2_010120A9
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010170C1	1_2_010170C1
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01019F40	1_2_01019F40
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01019F50	1_2_01019F50
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01018F50	1_2_01018F50
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01012B70	1_2_01012B70
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01017788	1_2_01017788
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01017798	1_2_01017798
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101E7C7	1_2_0101E7C7
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010197C8	1_2_010197C8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01019BE0	1_2_01019BE0
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010163F9	1_2_010163F9
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01015669	1_2_01015669
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101AE99	1_2_0101AE99
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101CEC4	1_2_0101CEC4
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0101CEC8	1_2_0101CEC8
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_010142F0	1_2_010142F0
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC30070	1_2_0CC30070
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03322733	24_2_03322733
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332E758	24_2_0332E758
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03323678	24_2_03323678
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03323E78	24_2_03323E78
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033256B0	24_2_033256B0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332AEA8	24_2_0332AEA8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03327958	24_2_03327958
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03320180	24_2_03320180
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033241D3	24_2_033241D3
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03324823	24_2_03324823
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03322421	24_2_03322421
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033220B8	24_2_033220B8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332B0E0	24_2_0332B0E0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03322B70	24_2_03322B70
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03329F50	24_2_03329F50
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03328F50	24_2_03328F50
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03329F40	24_2_03329F40
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332E748	24_2_0332E748
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03327798	24_2_03327798
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03327788	24_2_03327788
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03329BF0	24_2_03329BF0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033263F9	24_2_033263F9
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03329BE0	24_2_03329BE0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033297D8	24_2_033297D8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033283DC	24_2_033283DC
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033297C8	24_2_033297C8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03325667	24_2_03325667
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332AE99	24_2_0332AE99
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033242F0	24_2_033242F0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332CEC3	24_2_0332CEC3
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332CEC8	24_2_0332CEC8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332DD10	24_2_0332DD10
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332DD00	24_2_0332DD00
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03320170	24_2_03320170
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332ADBB	24_2_0332ADBB
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03327590	24_2_03327590
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03328980	24_2_03328980
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03327580	24_2_03327580
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033235D8	24_2_033235D8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03328426	24_2_03328426
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03326408	24_2_03326408
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033220A9	24_2_033220A9
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0332A497	24_2_0332A497
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_033270C1	24_2_033270C1
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_07D519CD	24_2_07D519CD
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_07D50070	24_2_07D50070
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_07D51ABA	24_2_07D51ABA
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_07D50006	24_2_07D50006
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05717958	26_2_05717958
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057141D3	26_2_057141D3
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05713DB8	26_2_05713DB8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05710180	26_2_05710180
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05714823	26_2_05714823
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571B0E0	26_2_0571B0E0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057120B8	26_2_057120B8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571E758	26_2_0571E758
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05712733	26_2_05712733
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05713678	26_2_05713678
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057156B0	26_2_057156B0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571AEA8	26_2_0571AEA8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05710170	26_2_05710170
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571555B	26_2_0571555B
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571895F	26_2_0571895F
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571894B	26_2_0571894B
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571DD10	26_2_0571DD10
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05717919	26_2_05717919
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571DD00	26_2_0571DD00
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05713DF8	26_2_05713DF8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05715DE0	26_2_05715DE0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057135D8	26_2_057135D8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05717590	26_2_05717590
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05718980	26_2_05718980
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05717580	26_2_05717580
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05718427	26_2_05718427
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05716408	26_2_05716408
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057170C1	26_2_057170C1
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057120A9	26_2_057120A9
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057140A8	26_2_057140A8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05712B70	26_2_05712B70
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05719F50	26_2_05719F50
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05718F50	26_2_05718F50
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05719BF0	26_2_05719BF0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057163F9	26_2_057163F9
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05719BE0	26_2_05719BE0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057197D8	26_2_057197D8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057183DC	26_2_057183DC
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057197C8	26_2_057197C8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05717798	26_2_05717798
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05717788	26_2_05717788
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05713E78	26_2_05713E78
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05716660	26_2_05716660
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571363B	26_2_0571363B
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057142F0	26_2_057142F0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571CEC8	26_2_0571CEC8
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_057142A0	26_2_057142A0
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_0571AE9B	26_2_0571AE9B
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_07C60070	26_2_07C60070
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_07C60007	26_2_07C60007
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_07C6003C	26_2_07C6003C

Source: Request for Price Quotation.pdf.exe, 00000001.00000002.303591199.000000000CA70000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.303591199.000000000CA70000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.296240189.0000000002CD1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMGJMJfWcOlHYGCsdlWbhHsPUysKpteyohndxgT.exe4 vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.302366710.0000000006C80000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.299993869.0000000006290000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameWindowsNetwork.dll> vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.296955820.0000000002D13000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.293718622.00000000005F8000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamezRdH.exeF vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.301723615.0000000006930000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000010.00000000.289699259.0000000000378000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamezRdH.exeF vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.476550547.0000000006300000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamezRdH.exeF vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.475378599.0000000005700000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameMGJMJfWcOlHYGCsdlWbhHsPUysKpteyohndxgT.exe4 vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.476304225.0000000005C20000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewbemdisp.tlbj% vs Request for Price Quotation.pdf.exe
Source: Request for Price Quotation.pdf.exe	Binary or memory string: OriginalFilenamezRdH.exeF vs Request for Price Quotation.pdf.exe

Source: Request for Price Quotation.pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: Request for Price Quotation.pdf.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: vRURxcnYJm.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: pGKuRU.exe.18.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: Request for Price Quotation.pdf.exe, ContactManagement/ContactForm.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: vRURxcnYJm.exe.1.dr, ContactManagement/ContactForm.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 1.0.Request for Price Quotation.pdf.exe.580000.0.unpack, ContactManagement/ContactForm.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 1.2.Request for Price Quotation.pdf.exe.580000.0.unpack, ContactManagement/ContactForm.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 16.0.Request for Price Quotation.pdf.exe.300000.0.unpack, ContactManagement/ContactForm.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 16.2.Request for Price Quotation.pdf.exe.300000.0.unpack, ContactManagement/ContactForm.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@20/8@0/0

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0628253E AdjustTokenPrivileges,	1_2_0628253E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_06282507 AdjustTokenPrivileges,	1_2_06282507
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 18_2_013FAF3E AdjustTokenPrivileges,	18_2_013FAF3E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 18_2_013FAF07 AdjustTokenPrivileges,	18_2_013FAF07
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_0725252A AdjustTokenPrivileges,	24_2_0725252A
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_072524F3 AdjustTokenPrivileges,	24_2_072524F3
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_058C252A AdjustTokenPrivileges,	26_2_058C252A
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_058C24F3 AdjustTokenPrivileges,	26_2_058C24F3

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File created: C:\Users\user\AppData\Roaming\vRURxcnYJm.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6636:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6012:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_01
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Mutant created: \Sessions\1\BaseNamedObjects\mFTSjiuFKGsZaFFdHZPfwAJpA

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File created: C:\Users\user\AppData\Local\Temp\tmpD822.tmp

Jump to behavior

Source: Request for Price Quotation.pdf.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Request for Price Quotation.pdf.exe

ReversingLabs: Detection: 21%

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File read: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe 'C:\Users\user\Desktop\Request for Price Quotation.pdf.exe'
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD822.tmp'
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe {path}
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe {path}
Source: unknown	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe 'C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe 'C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe'
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD30D.tmp'
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe {path}
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpF0F5.tmp'
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe {path}
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD822.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe {path}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD30D.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe {path}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpF0F5.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe {path}	Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: Request for Price Quotation.pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Request for Price Quotation.pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:

Data Obfuscation:

.NET source code contains method to dynamically call methods (often used by packers)

Show sources

Source: Request for Price Quotation.pdf.exe, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: vRURxcnYJm.exe.1.dr, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 1.0.Request for Price Quotation.pdf.exe.580000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 1.2.Request for Price Quotation.pdf.exe.580000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 16.0.Request for Price Quotation.pdf.exe.300000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 16.2.Request for Price Quotation.pdf.exe.300000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: pGKuRU.exe.18.dr, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 18.2.Request for Price Quotation.pdf.exe.b70000.1.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 18.0.Request for Price Quotation.pdf.exe.b70000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 18.0.Request for Price Quotation.pdf.exe.b70000.2.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 24.2.pGKuRU.exe.fd0000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 24.0.pGKuRU.exe.fd0000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
Source: 26.0.pGKuRU.exe.ee0000.0.unpack, ContactManagement/ContactForm.cs	.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_00EF7807 push ds; ret	1_2_00EF7816
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_00EF7990 push ss; ret	1_2_00EF7996
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_00EF790A push ss; ret	1_2_00EF795A
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_00EF5E34 push ds; ret	1_2_00EF5E36
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_01012CCE push cs; ret	1_2_01012CEF
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC31383 push es; ret	1_2_0CC3138A
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC31397 push cs; ret	1_2_0CC3139E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC313A3 push cs; ret	1_2_0CC313A6
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC313B3 push cs; ret	1_2_0CC313BA
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC31355 push cs; ret	1_2_0CC3135A
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC3135B push es; ret	1_2_0CC3136E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC31463 push es; ret	1_2_0CC3146E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC3146F push es; ret	1_2_0CC3147E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC3147F push cs; ret	1_2_0CC31482
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC30007 push ds; ret	1_2_0CC3001E
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Code function: 1_2_0CC3142B push cs; ret	1_2_0CC3142E
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 24_2_03322CCE push cs; ret	24_2_03322CEF
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Code function: 26_2_05712CE8 push cs; ret	26_2_05712CEF

Source: initial sample	Static PE information: section name: .text entropy: 7.68662347155
Source: initial sample	Static PE information: section name: .text entropy: 7.68662347155
Source: initial sample	Static PE information: section name: .text entropy: 7.68662347155

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	File created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe			Jump to dropped file
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	File created: C:\Users\user\AppData\Roaming\vRURxcnYJm.exe			Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD822.tmp'

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run pGKuRU			Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run pGKuRU			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

File opened: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe:Zone.Identifier read attributes | delete

Jump to behavior

Uses an obfuscated file name to hide its real file extension (double extension)

Show sources

Source: Possible double extension: pdf.exe

Static PE information: Request for Price Quotation.pdf.exe

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: Process Memory Space: Request for Price Quotation.pdf.exe PID: 6496, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 5644, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 6744, type: MEMORY

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: Request for Price Quotation.pdf.exe, 00000001.00000002.296240189.0000000002CD1000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.431012049.0000000003702000.00000004.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: Request for Price Quotation.pdf.exe, 00000001.00000002.296240189.0000000002CD1000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.431012049.0000000003702000.00000004.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Window / User API: threadDelayed 428

Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe TID: 6552	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe TID: 4152	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe TID: 4152	Thread sleep count: 428 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe TID: 4152	Thread sleep time: -12840000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 7024	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 1936	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 3980	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 6188	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 6188	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 6188	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 3636	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe TID: 3636	Thread sleep time: -510000s >= -30000s

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Thread delayed: delay time: 30000

Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: kr#"SOFTWARE\VMware, Inc.\VMware Tools
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.475378599.0000000005700000.00000002.00000001.sdmp, pGKuRU.exe, 00000021.00000002.448452037.0000000005900000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.476006527.0000000005680000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: krA"SOFTWARE\VMware, Inc.\VMware Tools
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: kr87HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\.
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.475378599.0000000005700000.00000002.00000001.sdmp, pGKuRU.exe, 00000021.00000002.448452037.0000000005900000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.476006527.0000000005680000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.475378599.0000000005700000.00000002.00000001.sdmp, pGKuRU.exe, 00000021.00000002.448452037.0000000005900000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.476006527.0000000005680000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: kr&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: kr#"SOFTWARE\VMware, Inc.\VMware ToolsH
Source: pGKuRU.exe, 0000001A.00000002.447069014.0000000003592000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.475378599.0000000005700000.00000002.00000001.sdmp, pGKuRU.exe, 00000021.00000002.448452037.0000000005900000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.476006527.0000000005680000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Memory written: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Memory written: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Memory written: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe base: 400000 value starts with: 4D5A	Jump to behavior

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD822.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Process created: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe {path}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD30D.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe {path}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpF0F5.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Process created: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe {path}	Jump to behavior

Source: Request for Price Quotation.pdf.exe, 00000012.00000002.471573774.0000000001A40000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.471547458.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.471573774.0000000001A40000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.471547458.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.471573774.0000000001A40000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.471547458.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Request for Price Quotation.pdf.exe, 00000012.00000002.471573774.0000000001A40000.00000002.00000001.sdmp, pGKuRU.exe, 00000025.00000002.471547458.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\Request for Price Quotation.pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 33.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Request for Price Quotation.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.Request for Price Quotation.pdf.exe.400000.1.unpack, type: UNPACKEDPE

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for Price Quotation.pdf.exe PID: 6748, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for Price Quotation.pdf.exe PID: 6496, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 6276, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 5644, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 808, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 6744, type: MEMORY
Source: Yara match	File source: 33.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Request for Price Quotation.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.Request for Price Quotation.pdf.exe.400000.1.unpack, type: UNPACKEDPE

Source: Yara match	File source: 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for Price Quotation.pdf.exe PID: 6748, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 6276, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 808, type: MEMORY

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 33.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Request for Price Quotation.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.Request for Price Quotation.pdf.exe.400000.1.unpack, type: UNPACKEDPE

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for Price Quotation.pdf.exe PID: 6748, type: MEMORY
Source: Yara match	File source: Process Memory Space: Request for Price Quotation.pdf.exe PID: 6496, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 6276, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 5644, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 808, type: MEMORY
Source: Yara match	File source: Process Memory Space: pGKuRU.exe PID: 6744, type: MEMORY
Source: Yara match	File source: 33.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.pGKuRU.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.pGKuRU.exe.47d45f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.pGKuRU.exe.46645f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.pGKuRU.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Request for Price Quotation.pdf.exe.bf72ab8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Request for Price Quotation.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.Request for Price Quotation.pdf.exe.400000.1.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation311	Scheduled Task/Job1	Access Token Manipulation1	Masquerading11	OS Credential Dumping	Security Software Discovery421	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job1	Registry Run Keys / Startup Folder1	Process Injection112	Disable or Modify Tools1	LSASS Memory	Process Discovery2	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Scheduled Task/Job1	Virtualization/Sandbox Evasion241	Security Account Manager	Virtualization/Sandbox Evasion241	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Registry Run Keys / Startup Folder1	Access Token Manipulation1	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Process Injection112	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Deobfuscate/Decode Files or Information1	Cached Domain Credentials	System Information Discovery113	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Hidden Files and Directories1	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Obfuscated Files or Information12	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Software Packing13	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Request for Price Quotation.pdf.exe	22%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe	22%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
C:\Users\user\AppData\Roaming\vRURxcnYJm.exe	22%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla

Unpacked PE Files

Source	Detection	Scanner	Label	Download
33.0.pGKuRU.exe.400000.1.unpack	100%	Avira	TR/Spy.Gen8	Download File
37.2.pGKuRU.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
33.2.pGKuRU.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
37.0.pGKuRU.exe.400000.1.unpack	100%	Avira	TR/Spy.Gen8	Download File
18.2.Request for Price Quotation.pdf.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
18.0.Request for Price Quotation.pdf.exe.400000.1.unpack	100%	Avira	TR/Spy.Gen8	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cnS	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://lgGOBE.com	0%	Avira URL Cloud	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/uche.	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/3	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/3	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/3	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/3	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
http://www.fontbureau.comrsiv	0%	URL Reputation	safe
http://www.fontbureau.comrsiv	0%	URL Reputation	safe
http://www.fontbureau.comrsiv	0%	URL Reputation	safe
http://www.fontbureau.comrsiv	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.comd	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fonts.comx	0%	URL Reputation	safe
http://www.fonts.comx	0%	URL Reputation	safe
http://www.fonts.comx	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://www.fonts.comc	0%	URL Reputation	safe
http://www.fonts.comc	0%	URL Reputation	safe
http://www.fonts.comc	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
http://www.founder.com.c	0%	URL Reputation	safe
http://www.founder.com.c	0%	URL Reputation	safe
http://www.founder.com.c	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/E	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/E	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/E	0%	URL Reputation	safe
http://www.sandoll.co.kre	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp///	0%	Avira URL Cloud	safe
http://www.tiro.comtn	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	Request for Price Quotation.pdf.exe, 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, pGKuRU.exe, 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designersG	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cnS	Request for Price Quotation.pdf.exe, 00000001.00000003.204968127.0000000005084000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://lgGOBE.com	pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.goodfont.co.kr	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.carterandcone.com	Request for Price Quotation.pdf.exe, 00000001.00000003.205550305.0000000005090000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/uche.	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	Request for Price Quotation.pdf.exe, 00000001.00000003.203330941.00000000050A4000.00000004.00000001.sdmp, Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.netD	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://fontfabrik.com	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/3	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Y0	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.comrsiv	Request for Price Quotation.pdf.exe, 00000001.00000003.292449495.0000000005080000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fonts.com	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.sandoll.co.kr	Request for Price Quotation.pdf.exe, 00000001.00000003.204521592.0000000005086000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sajatypeworks.comd	Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sakkal.com	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fonts.comx	Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	Request for Price Quotation.pdf.exe, 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, Request for Price Quotation.pdf.exe, 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, pGKuRU.exe, 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, pGKuRU.exe, 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, pGKuRU.exe, 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://DynDns.comDynDNS	pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fonts.comc	Request for Price Quotation.pdf.exe, 00000001.00000003.203308968.000000000509B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	pGKuRU.exe, 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.c	Request for Price Quotation.pdf.exe, 00000001.00000003.204968127.0000000005084000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/E	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sandoll.co.kre	Request for Price Quotation.pdf.exe, 00000001.00000003.204521592.0000000005086000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/jp/	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.coma	Request for Price Quotation.pdf.exe, 00000001.00000003.292449495.0000000005080000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp///	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comtn	Request for Price Quotation.pdf.exe, 00000001.00000003.203537866.000000000509B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cn/	Request for Price Quotation.pdf.exe, 00000001.00000003.204952436.00000000050BD000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn	Request for Price Quotation.pdf.exe, 00000001.00000003.204968127.0000000005084000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/fet	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Request for Price Quotation.pdf.exe, 00000001.00000003.210317209.000000000508D000.00000004.00000001.sdmp, Request for Price Quotation.pdf.exe, 00000001.00000002.298842775.00000000051F0000.00000002.00000001.sdmp, pGKuRU.exe, 00000018.00000002.433918370.0000000005C40000.00000002.00000001.sdmp, pGKuRU.exe, 0000001A.00000002.450841292.0000000005BA0000.00000002.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/NegrW	Request for Price Quotation.pdf.exe, 00000001.00000003.206601961.0000000005084000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comc	Request for Price Quotation.pdf.exe, 00000001.00000003.203564065.000000000509B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sajatypeworks.coma-do	Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fonts.com;	Request for Price Quotation.pdf.exe, 00000001.00000003.203281814.000000000509B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	432812
Start date:	10.06.2021
Start time:	19:15:19
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Request for Price Quotation.pdf.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	38
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@20/8@0/0
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 97% Number of executed functions: 676 Number of non-executed functions: 19
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:16:57	API Interceptor	647x Sleep call for process: Request for Price Quotation.pdf.exe modified
19:17:07	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run pGKuRU C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
19:17:15	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run pGKuRU C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
19:17:59	API Interceptor	37x Sleep call for process: pGKuRU.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Request for Price Quotation.pdf.exe.log Download File
Process:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	655
Entropy (8bit):	5.273171405160065
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
MD5:	2703120C370FBB4A8BA08C6D1754039E
SHA1:	EC0DB47BF00A4A828F796147619386C0BBEA66A1
SHA-256:	F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
SHA-512:	BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\pGKuRU.exe.log Download File
Process:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	655
Entropy (8bit):	5.273171405160065
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
MD5:	2703120C370FBB4A8BA08C6D1754039E
SHA1:	EC0DB47BF00A4A828F796147619386C0BBEA66A1
SHA-256:	F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
SHA-512:	BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Temp\tmpD30D.tmp Download File
Process:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1643
Entropy (8bit):	5.193740243738279
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB3Ntn:cbh47TlNQ//rydbz9I3YODOLNdq3Zn
MD5:	A8C5EF69C0DCAA0802DC8DC63D9F8A16
SHA1:	13C7ABCB956333BFBDE72B79FB9EA7C1EFEEED7C
SHA-256:	9428C3990CDD00D3B6D275AAD2523BEC5D008DA747974BA46B5A2964920B6EE1
SHA-512:	3C38AFE9099DD037467458B07B7C262A4043AF9EAF6B6D6E0A7A86165F55C62700928F2BE780106D8234464352E73CCB34D60A03F35F3D29A9586C49DD155A15
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true

C:\Users\user\AppData\Local\Temp\tmpD822.tmp Download File
Process:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1643
Entropy (8bit):	5.193740243738279
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB3Ntn:cbh47TlNQ//rydbz9I3YODOLNdq3Zn
MD5:	A8C5EF69C0DCAA0802DC8DC63D9F8A16
SHA1:	13C7ABCB956333BFBDE72B79FB9EA7C1EFEEED7C
SHA-256:	9428C3990CDD00D3B6D275AAD2523BEC5D008DA747974BA46B5A2964920B6EE1
SHA-512:	3C38AFE9099DD037467458B07B7C262A4043AF9EAF6B6D6E0A7A86165F55C62700928F2BE780106D8234464352E73CCB34D60A03F35F3D29A9586C49DD155A15
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true

C:\Users\user\AppData\Local\Temp\tmpF0F5.tmp Download File
Process:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1643
Entropy (8bit):	5.193740243738279
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB3Ntn:cbh47TlNQ//rydbz9I3YODOLNdq3Zn
MD5:	A8C5EF69C0DCAA0802DC8DC63D9F8A16
SHA1:	13C7ABCB956333BFBDE72B79FB9EA7C1EFEEED7C
SHA-256:	9428C3990CDD00D3B6D275AAD2523BEC5D008DA747974BA46B5A2964920B6EE1
SHA-512:	3C38AFE9099DD037467458B07B7C262A4043AF9EAF6B6D6E0A7A86165F55C62700928F2BE780106D8234464352E73CCB34D60A03F35F3D29A9586C49DD155A15
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true

C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe Download File
Process:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	483840
Entropy (8bit):	7.652339381133713
Encrypted:	false
SSDEEP:	6144:qw5+2TCe0Em2mReDAx49rXQTMi1+KWP2HSbs84jxIn6AJVUXND3CTM5e8nYJCa9:qwl5XmReDA+zQyPK8nv2Nzze8YJCa
MD5:	04FF13EB3759DBE4112B49738E9F5AEE
SHA1:	460AA3F718ED5CE4C5D52A28FA2F275EBF076D30
SHA-256:	836509E2435BBAE2E7D695FF94A760A0AA3E3A362EDD3E2F37E907BBA48F6B72
SHA-512:	98E9AC3BAF2ACBEB37CC4A257CC00A67568B256AB746707A123A6F1FE52D651CD432D9EE4EE7AA79EDD520C3C059419669D338634CE4AB163C48C622CCF476FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 22%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D..`..............0..L...........k... ........@.. ....................................@..................................k..O.......\............................................................................ ............... ..H............text....K... ...L.................. ..`.rsrc...\............N..............@..@.reloc...............`..............@..B.................k......H.......@...L.......?....v..............................................^.(........}......}.....0............t......t......o.....{....o....o......o.....{....o....o......o.....{....o....o.....o.....{....o....o.....(.......{........,....e..+......+.....0............}.....(.......(......r...p.(....(....o......{.....(....o......{....r...po......{.....(....o......{.....(....o......{.....(....o.....*..0.._........(.........(.....o............,)....t......o....r!..p(......,..o....

C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\vRURxcnYJm.exe Download File
Process:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	483840
Entropy (8bit):	7.652339381133713
Encrypted:	false
SSDEEP:	6144:qw5+2TCe0Em2mReDAx49rXQTMi1+KWP2HSbs84jxIn6AJVUXND3CTM5e8nYJCa9:qwl5XmReDA+zQyPK8nv2Nzze8YJCa
MD5:	04FF13EB3759DBE4112B49738E9F5AEE
SHA1:	460AA3F718ED5CE4C5D52A28FA2F275EBF076D30
SHA-256:	836509E2435BBAE2E7D695FF94A760A0AA3E3A362EDD3E2F37E907BBA48F6B72
SHA-512:	98E9AC3BAF2ACBEB37CC4A257CC00A67568B256AB746707A123A6F1FE52D651CD432D9EE4EE7AA79EDD520C3C059419669D338634CE4AB163C48C622CCF476FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 22%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D..`..............0..L...........k... ........@.. ....................................@..................................k..O.......\............................................................................ ............... ..H............text....K... ...L.................. ..`.rsrc...\............N..............@..@.reloc...............`..............@..B.................k......H.......@...L.......?....v..............................................^.(........}......}.....0............t......t......o.....{....o....o......o.....{....o....o......o.....{....o....o.....o.....{....o....o.....(.......{........,....e..+......+.....0............}.....(.......(......r...p.(....(....o......{.....(....o......{....r...po......{.....(....o......{.....(....o......{.....(....o.....*..0.._........(.........(.....o............,)....t......o....r!..p(......,..o....

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.652339381133713
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Request for Price Quotation.pdf.exe
File size:	483840
MD5:	04ff13eb3759dbe4112b49738e9f5aee
SHA1:	460aa3f718ed5ce4c5d52a28fa2f275ebf076d30
SHA256:	836509e2435bbae2e7d695ff94a760a0aa3e3a362edd3e2f37e907bba48f6b72
SHA512:	98e9ac3baf2acbeb37cc4a257cc00a67568b256ab746707a123a6f1fe52d651cd432d9ee4ee7aa79edd520c3c059419669d338634ce4ab163c48c622ccf476fb
SSDEEP:	6144:qw5+2TCe0Em2mReDAx49rXQTMi1+KWP2HSbs84jxIn6AJVUXND3CTM5e8nYJCa9:qwl5XmReDA+zQyPK8nv2Nzze8YJCa
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D..`..............0..L...........k... ........@.. ....................................@................................

File Icon


Icon Hash:	18da1abcb2d2d2b0

Static PE Info

General
Entrypoint:	0x476bd6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x60C21444 [Thu Jun 10 13:31:48 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x76b84	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x78000	0x105c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x74bdc	0x74c00	False	0.863875133833	COM executable for DOS	7.68662347155	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x78000	0x105c	0x1200	False	0.270616319444	data	2.85476457294	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x7a000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x78100	0x8a8	dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON	0x789b8	0x14	data
RT_VERSION	0x789dc	0x480	data
RT_MANIFEST	0x78e6c	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	December 19th, 2006
Assembly Version	1.0.7.8
InternalName	zRdH.exe
FileVersion	1.0.7.8
CompanyName	Coded by James O'Cull
LegalTrademarks
Comments	Contact management is a solution for anyone who needs to be able to access their list of contacts from removable media without any installation.
ProductName	Contact Management
ProductVersion	1.0.7.8
FileDescription	Contact Management
OriginalFilename	zRdH.exe

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Request for Price Quotation.pdf.exe PID: 6496 Parent PID: 5696

General

Start time:	19:16:06
Start date:	10/06/2021
Path:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Request for Price Quotation.pdf.exe'
Imagebase:	0x580000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000001.00000002.303244062.000000000BED1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000001.00000002.297905164.0000000003CD1000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: schtasks.exe PID: 6672 Parent PID: 6496

General

Start time:	19:16:45
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD822.tmp'
Imagebase:	0x2f0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6636 Parent PID: 6672

General

Start time:	19:16:46
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Request for Price Quotation.pdf.exe PID: 6472 Parent PID: 6496

General

Start time:	19:16:46
Start date:	10/06/2021
Path:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
Wow64 process (32bit):	false
Commandline:	{path}
Imagebase:	0x300000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: Request for Price Quotation.pdf.exe PID: 6748 Parent PID: 6496

General

Start time:	19:16:47
Start date:	10/06/2021
Path:	C:\Users\user\Desktop\Request for Price Quotation.pdf.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0xb70000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.473375885.00000000032D1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000012.00000000.291844857.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000012.00000002.468490022.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: pGKuRU.exe PID: 6744 Parent PID: 3388

General

Start time:	19:17:15
Start date:	10/06/2021
Path:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe'
Imagebase:	0xfd0000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000018.00000002.431644231.00000000046D1000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 22%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: pGKuRU.exe PID: 5644 Parent PID: 3388

General

Start time:	19:17:23
Start date:	10/06/2021
Path:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe'
Imagebase:	0xee0000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000001A.00000002.447980592.0000000004561000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: schtasks.exe PID: 6388 Parent PID: 6744

General

Start time:	19:17:50
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpD30D.tmp'
Imagebase:	0x12d0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6012 Parent PID: 6388

General

Start time:	19:17:51
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: pGKuRU.exe PID: 808 Parent PID: 6744

General

Start time:	19:17:51
Start date:	10/06/2021
Path:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0xed0000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000021.00000000.429160919.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000021.00000002.446501477.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000002.447853207.00000000035A1000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: schtasks.exe PID: 6688 Parent PID: 5644

General

Start time:	19:17:58
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\vRURxcnYJm' /XML 'C:\Users\user\AppData\Local\Temp\tmpF0F5.tmp'
Imagebase:	0x12d0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6048 Parent PID: 6688

General

Start time:	19:17:58
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: pGKuRU.exe PID: 6276 Parent PID: 5644

General

Start time:	19:17:59
Start date:	10/06/2021
Path:	C:\Users\user\AppData\Roaming\pGKuRU\pGKuRU.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0xa50000
File size:	483840 bytes
MD5 hash:	04FF13EB3759DBE4112B49738E9F5AEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000025.00000000.445224986.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000025.00000002.468461465.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000025.00000002.473835627.00000000032E1000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Request for Price Quotation.pdf.exe PID: 6496 Parent PID: 5696 Request for Price Quotation.pdf.exeCOMMON

Executed Functions

Function 010120A9, Relevance: 6.5, Strings: 5, Instructions: 204COMMON

Download Yara Rule

Strings

Load, xrefs: 010121A6
X1kr, xrefs: 01012281
EntryPoint, xrefs: 01012232
Invoke, xrefs: 01012305
8}ir, xrefs: 010120FB

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
API String ID: 0-2582972406
Opcode ID: ad4c1286fb1a866c9088eb72bf69fd0da4ac0560a41ff52ee172a3d67f0e7bbd
Instruction ID: 31b1bb4337a49b834724979a6929b1fe8f9b3bec78d30ad80e27fadfdbf8c032
Opcode Fuzzy Hash: ad4c1286fb1a866c9088eb72bf69fd0da4ac0560a41ff52ee172a3d67f0e7bbd
Instruction Fuzzy Hash: E591C474E002588FDB54DFAAC844AAEBBF2BF88300F24C16AD508BB365DB759945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010120B8, Relevance: 6.4, Strings: 5, Instructions: 199COMMON

Download Yara Rule

Strings

Load, xrefs: 010121A6
X1kr, xrefs: 01012281
EntryPoint, xrefs: 01012232
Invoke, xrefs: 01012305
8}ir, xrefs: 010120FB

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
API String ID: 0-2582972406
Opcode ID: 6f2e6d64d41d91aec0ce05ff9bb746d352679b791a199ec22a90c0a4c49b32ed
Instruction ID: 0dd566f6b1de20787fb66fac796aa91dbb4d416ba1ae1e5d436607d627c478e9
Opcode Fuzzy Hash: 6f2e6d64d41d91aec0ce05ff9bb746d352679b791a199ec22a90c0a4c49b32ed
Instruction Fuzzy Hash: 1891A274E002589FDB58DFAAC844AAEBBF2BF88300F24C16AD508BB355DB719945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01010180, Relevance: 2.7, Strings: 1, Instructions: 1451COMMON

Download Yara Rule

Strings

"Uq, xrefs: 01011142

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: "Uq
API String ID: 0-3550767893
Opcode ID: fb4bceeca47e96db2566b91beba42680b466dd1158ae2ce9332d9926e4085c07
Instruction ID: fde91e2add4d9f9a58f4a56ca4ac90360ff83d4dadd1345ce1f6aeda6e868d8b
Opcode Fuzzy Hash: fb4bceeca47e96db2566b91beba42680b466dd1158ae2ce9332d9926e4085c07
Instruction Fuzzy Hash: 71E2C234A01219CFDB64DB28C894BE9B7B2FF8A311F5141E8D549AB365CB31AE95CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0101273C, Relevance: 2.6, Strings: 2, Instructions: 142COMMON

Download Yara Rule

Strings

X1kr, xrefs: 010127D7
X1kr, xrefs: 010127CC

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: X1kr$X1kr
API String ID: 0-2397868964
Opcode ID: d0099f611b0310f1dba2020fb1cf1821d91bad88a3a1c8f4aeba17b8f8e57a3e
Instruction ID: 596c79fd9d6fe3fbead578237441592bcce03d53ba1502c9e058e390ddd624b3
Opcode Fuzzy Hash: d0099f611b0310f1dba2020fb1cf1821d91bad88a3a1c8f4aeba17b8f8e57a3e
Instruction Fuzzy Hash: DA51D6B4E01259DFDB04DFA9C580AAEFBF2BF88300F24D56AD854A7255D734AA41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06282507, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 06282587

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: fbc0f1618321721ea16a8718e71cfee70c3c4a92e3bbf4e1bffdc8358f36ee9a
Instruction ID: e9dc7fbddc9f483419137513ce40a54997185faec5b4ac6a068e79582ab12805
Opcode Fuzzy Hash: fbc0f1618321721ea16a8718e71cfee70c3c4a92e3bbf4e1bffdc8358f36ee9a
Instruction Fuzzy Hash: 0E21917550A784AFEB228F25DC40B52BFF4AF06310F0885DAED858B5A3D2759908DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 062829D4, Relevance: 1.6, APIs: 1, Instructions: 60nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 06282A49

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 8b51fdb3ab0f54f6afb196088ab00366c4ebbb7fe23cf2df5fde21c1dd8ac5e5
Instruction ID: 7aeecf000be78f48335fa3b39e3c9440ffb656511eef460973380539d4894151
Opcode Fuzzy Hash: 8b51fdb3ab0f54f6afb196088ab00366c4ebbb7fe23cf2df5fde21c1dd8ac5e5
Instruction Fuzzy Hash: 7D119076409780AFDB228B21DC45A92FFB0EF06314F0984DAEDC44B163D265A508DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0628253E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 06282587

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 0192a01d43d389e240f832d4242294acb9d7403839e4d060ac1adb077c336553
Instruction ID: 41080286464453f72b7893ad7075bb2db036011cdf70223b34552ce0d2a2ca9f
Opcode Fuzzy Hash: 0192a01d43d389e240f832d4242294acb9d7403839e4d060ac1adb077c336553
Instruction Fuzzy Hash: EC118C71911700DFEB20DF55DC84B66FBE4EF04220F08C46AED868B656D275E518DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 06282A0E, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 06282A49

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 16bbfbc90f1ea34c3dbf9fadb9563f985500d57dfc090ecb1389b899dd53e8ef
Instruction ID: ef5f16c893281a4988f199be523ce899187eca7b352dde7c9dc143ece45f9efc
Opcode Fuzzy Hash: 16bbfbc90f1ea34c3dbf9fadb9563f985500d57dfc090ecb1389b899dd53e8ef
Instruction Fuzzy Hash: 4F01DF31411600DFEB209F05DC84B62FFA0EF08320F08C09ADE890B252D2B1A108CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 0101B0E0, Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

r@>@, xrefs: 0101C1FF

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: r@>@
API String ID: 0-2817613862
Opcode ID: 9f771ddf486c03dbc370637a820df845fea4d7186a4aca7ee0d57e769fdd1a07
Instruction ID: 3ac327512d9ff1f492c1258692875717433217411ededc3a27064b886307d00b
Opcode Fuzzy Hash: 9f771ddf486c03dbc370637a820df845fea4d7186a4aca7ee0d57e769fdd1a07
Instruction Fuzzy Hash: A0812974E452298FDBA4DF25D9887ADBBB5BB89300F1090EAC04DE7215DB389A85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0101E7C7, Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 0101E8AC

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: 6436085149eab713b16e7da1c9d3e8fdef5779eb9d50a0c98f32a5f874570a1c
Instruction ID: a00c8746ff3720e9260d88a8baa181b2b7c7f4e31568416dc26b8385052526e9
Opcode Fuzzy Hash: 6436085149eab713b16e7da1c9d3e8fdef5779eb9d50a0c98f32a5f874570a1c
Instruction Fuzzy Hash: E181E374E05259DFCF08DFA5D9845AEBFB2FF89300F20906AD846BB258DB349A45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0101E7D8, Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 0101E8AC

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: d890e344914b3b3cb05b7271c254d6e062ecb490be4c9b8f63722f5b89d7d369
Instruction ID: 7d1f0e0edd75efa51bf8ab5d90e8ba494f46e854ceebe6bda6b931f38cad19ef
Opcode Fuzzy Hash: d890e344914b3b3cb05b7271c254d6e062ecb490be4c9b8f63722f5b89d7d369
Instruction Fuzzy Hash: 6D81D374E05219DFCB08DFA5D9845AEBBB2FF89300F20906AD846BB258DB349A45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 01015669, Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 432f3fdcb9eeb4eb126f2618449bae379d90a292819923283c20d4e2d65846a4
Instruction ID: 6a6f65a0e3144e2092a3194e44fb5c4230ccc55260e43a0126707ed1f850b5d8
Opcode Fuzzy Hash: 432f3fdcb9eeb4eb126f2618449bae379d90a292819923283c20d4e2d65846a4
Instruction Fuzzy Hash: FFD15D70D0520ADFCB44CFA4D9908AEBBB1FF8A310B24995AC441BB215D739EE45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 010156B0, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1900f205e775d108c91c87ec01d316985b2c6597786fc4222757ef081a520a3b
Instruction ID: 64121e40a8b5e2b78af240a463d0c257346b08fcc3a512316a23c90d9bab498a
Opcode Fuzzy Hash: 1900f205e775d108c91c87ec01d316985b2c6597786fc4222757ef081a520a3b
Instruction Fuzzy Hash: DBC16174D0520ADFCB04CFA5D9908AEFBB1FF8A310B64995AC442BB215D734EA45CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 010197D8, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a53268b89e16db4c24079743e60f17b4ce7a0a967bd4c77319afda67c02e77
Instruction ID: fea01f439443be2b5359219c1b9eb88d354ecc2952149fbc460929f431a78878
Opcode Fuzzy Hash: 96a53268b89e16db4c24079743e60f17b4ce7a0a967bd4c77319afda67c02e77
Instruction Fuzzy Hash: 1D9125B0D0120ADFDB04CFAAC5906EEFBF6BF89314F54815AD415AB259D7389A42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 010197C8, Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61d161e5b76902133a92f6f44debb9bbc7bbb854891f5d5e9502f4988fdc5ef
Instruction ID: 53e510e51fde3514e08bc8984062861aec7d2ba0beeecc005623cf0b0abb7cce
Opcode Fuzzy Hash: d61d161e5b76902133a92f6f44debb9bbc7bbb854891f5d5e9502f4988fdc5ef
Instruction Fuzzy Hash: 9E9137B0D0120ADFCB04CFAAD5906EEFBF6BF89314F54816AD415AB259D7349A41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01013678, Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b13cac6475749cea3476bbe3b7a59231877cdb8941d7361b5e916b8f97036cd
Instruction ID: 77221979f3841b1e84f402c9f2e384a3d104ffc3c2d54ab1a0126a03a91f778c
Opcode Fuzzy Hash: 4b13cac6475749cea3476bbe3b7a59231877cdb8941d7361b5e916b8f97036cd
Instruction Fuzzy Hash: 0971F374E05209DFDB04CFAAD9516ADBBB2FF89310F20842AD506BB354DB385A45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01019BE0, Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76779620348ec551b840b5fc390364572fe5e8a1e682039ca3d940d0876cf12c
Instruction ID: 8443a492c993682dac525e14351701dd815c2569af4674426db4fdb36fcd5d37
Opcode Fuzzy Hash: 76779620348ec551b840b5fc390364572fe5e8a1e682039ca3d940d0876cf12c
Instruction Fuzzy Hash: D4617A70D0520A8FCB08CFA6C5915EEFBF2FF99314F14995AD491BB269D3389A008F65

Uniqueness

Uniqueness Score: -1.00%

Function 01019BF0, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d63bf0d9d2a09a8c0c8e31317b78ffc2b74a58901d93451edb31853b47d5823a
Instruction ID: 7802b7f2cc5301f9d2bb34634d31a45e7f87fd293ac2cce9a10c8045a06b260f
Opcode Fuzzy Hash: d63bf0d9d2a09a8c0c8e31317b78ffc2b74a58901d93451edb31853b47d5823a
Instruction Fuzzy Hash: FC616970D0520E8FCB08CFA6C5916AEFBF2FF99314F14995AD491BB259D3389A008F65

Uniqueness

Uniqueness Score: -1.00%

Function 01013E78, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a03a769941c00a8ad7eb28a5d5f78a45bab4bffd34d27497dc75068d6e0125
Instruction ID: f0672e7f9b11f280a6d24c651b2473a06a9d23d6d49c322b4c8584a9e8d193a7
Opcode Fuzzy Hash: 95a03a769941c00a8ad7eb28a5d5f78a45bab4bffd34d27497dc75068d6e0125
Instruction Fuzzy Hash: 1F5126B1D0920ACFCB08CFA6C4405AEFBF2FB89310F14946AD155BB295C7399A41CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30070, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01c64e43016aa3af6437e14257b4b36bbaafba798a6694bc9655d8685784cc5
Instruction ID: 29f348432ea7ec0bbcf06789e5e6d463848359c39ee5fb22115c66fefff8556c
Opcode Fuzzy Hash: c01c64e43016aa3af6437e14257b4b36bbaafba798a6694bc9655d8685784cc5
Instruction Fuzzy Hash: 04512A71E052198FDB64CF66DC44BEEB7F6AB88300F1080FAD519A7254EB705A85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0101F538, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163341d703efa9dc1e5972a82b56bdb7fc4ebefc3dcd29ce720893c7895ab328
Instruction ID: 9969f7839d5f1b9d4477a2976d52deccd8f524dc0362af909eee5fda70a49c3f
Opcode Fuzzy Hash: 163341d703efa9dc1e5972a82b56bdb7fc4ebefc3dcd29ce720893c7895ab328
Instruction Fuzzy Hash: 91416475C1920AEFCF14CFE4E0806EEBBB1FB59310F10A41AE166B6228DB389549CF15

Uniqueness

Uniqueness Score: -1.00%

Function 010141D8, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ccd0d15f5a697eb86706a6428f4cc9ab7f244eb6ec9a44aae706d79748b911
Instruction ID: a8dc4479c87bc0e65f0032f0ea671a5bb8de47389a2905c49ab35d2d2d9fc70b
Opcode Fuzzy Hash: 31ccd0d15f5a697eb86706a6428f4cc9ab7f244eb6ec9a44aae706d79748b911
Instruction Fuzzy Hash: 165107B4E0520A9FCB44CFA9C4809AEBBF1FF99300F1195AAD814EB325D7389A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101AE99, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5c7e7d9a81265cad27b2014739803d227b25dd03ac0c993c9cf25bbf6dfb36
Instruction ID: 2bbf6081619990f8c5a67a2883d2a0a0062fe9abf28012b6f6609c3ed283821e
Opcode Fuzzy Hash: 0e5c7e7d9a81265cad27b2014739803d227b25dd03ac0c993c9cf25bbf6dfb36
Instruction Fuzzy Hash: 22418A70E16249CFCB44CFB9D984AEDBBF1EB89310F2094AAD445F7258D7349904CB64

Uniqueness

Uniqueness Score: -1.00%

Function 01017958, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3892a6744a515e6fef6e6d0eb2bbc9d9ea0a9ee00fb1a94d4adc808157f32bb7
Instruction ID: d10477493f4cbf962e8589f38605ab1901f9bc8e3af80418445efb17152ee43d
Opcode Fuzzy Hash: 3892a6744a515e6fef6e6d0eb2bbc9d9ea0a9ee00fb1a94d4adc808157f32bb7
Instruction Fuzzy Hash: F9413A71E062199FEB58CFAAD84069EFBB3BFC5200F04D1AAD448AA214D7385A45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0101AEA8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675ed0fca7e1898a6cf18a06b4b7f191f38728b2cec4252d3a4d14edc7390c60
Instruction ID: f7e4256bafd8c568768b4f03692a9b84cfccc79dc0c7910fc8dd747c4770e491
Opcode Fuzzy Hash: 675ed0fca7e1898a6cf18a06b4b7f191f38728b2cec4252d3a4d14edc7390c60
Instruction Fuzzy Hash: E3315C70E16249CFCB44CFA9D9849EDBBF5EB8A310F10A42AD045F7258D73899008B68

Uniqueness

Uniqueness Score: -1.00%

Function 01014828, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 188958f4a36d08d15c30adfa6f29f754b3c3a6e5515659c737389ee60891b54c
Instruction ID: 653a7813ef0853c1ec498f0e42c26715b6f9730792b0312e2ecad5cf28a6f806
Opcode Fuzzy Hash: 188958f4a36d08d15c30adfa6f29f754b3c3a6e5515659c737389ee60891b54c
Instruction Fuzzy Hash: B1316871E052588FDB19CF66C9406EEBBF3AFC9310F14C0AAE809AB265DB354A45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0CC3036E, Relevance: 2.5, Strings: 2, Instructions: 31COMMON

Download Yara Rule

Strings

R^, xrefs: 0CC303E5
R^, xrefs: 0CC303EF

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID: R^$R^
API String ID: 0-3555706379
Opcode ID: 6a6b728dca32e86764e3483d9085b4afdf78a4ca589c3ca8767966994549e3ac
Instruction ID: 23b32e744553910a29f7477de6d80f9a06723571457803edf48b3faceab6d9c4
Opcode Fuzzy Hash: 6a6b728dca32e86764e3483d9085b4afdf78a4ca589c3ca8767966994549e3ac
Instruction Fuzzy Hash: C7012476C15328DFCF64CF21C9857EABBB0AB49304F10A5EAE48966600D7311ACADF00

Uniqueness

Uniqueness Score: -1.00%

Function 0CC3055A, Relevance: 2.5, Strings: 2, Instructions: 23COMMON

Download Yara Rule

Strings

YL6z, xrefs: 0CC305AE
YL6z, xrefs: 0CC305B8

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID: YL6z$YL6z
API String ID: 0-3855105777
Opcode ID: e23e504f714c6ef31bac8d3999bb66eadb9a644688e1e56194d82d40a3ca0bb4
Instruction ID: 427075b9f93bec386d1257de0ac6476ab18102ad6f7a5621e2ebf1372b54e22e
Opcode Fuzzy Hash: e23e504f714c6ef31bac8d3999bb66eadb9a644688e1e56194d82d40a3ca0bb4
Instruction Fuzzy Hash: 5BF0E8B5C05228EFDB24CF61CA62BDCBAB1AB08300F2004DA922DA2284D7365BC0DF10

Uniqueness

Uniqueness Score: -1.00%

Function 06281FB3, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 06282063

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b4b6329c2431ccbb564d0742edc96a1fccaef05d6ec94e3739baf5996141f869
Instruction ID: f3bdedde90776c59689ddbcab35e350e454019bedb9dfc63cb6d62fe37f0c955
Opcode Fuzzy Hash: b4b6329c2431ccbb564d0742edc96a1fccaef05d6ec94e3739baf5996141f869
Instruction Fuzzy Hash: 2431B471405384AFE7228B65DC44FA7BFACEF46310F04849BED85DB192D224A909DB71

Uniqueness

Uniqueness Score: -1.00%

Function 062818A2, Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 0628194C

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 9ffed383a0f5d90892843d8dad37d5dae20ea9add4cf84b651f028ed27a99254
Instruction ID: cddd7b026d95c31a3e4e7e688a4ea0a78b4d8f2cd3f92a5f4cac60b154c636e2
Opcode Fuzzy Hash: 9ffed383a0f5d90892843d8dad37d5dae20ea9add4cf84b651f028ed27a99254
Instruction Fuzzy Hash: 2331C771409385AFE7128F64DC45FA7BFB8EF06310F08849BE9849B193D224A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00EEACD1

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f4b6d0f103258cb1b44fb8c1b131075d7db87196b42a8a6b9e3f1c4781eca167
Instruction ID: 041fff6b0e836fc5389b0dd3fedf2589b15b38666ed4cb9364a7511df48d1196
Opcode Fuzzy Hash: f4b6d0f103258cb1b44fb8c1b131075d7db87196b42a8a6b9e3f1c4781eca167
Instruction Fuzzy Hash: 4B31B672504384AFE7128B25DC85FA7BFBCEF16710F0884ABED819B152D265E809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06281430, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 062814D1

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3b5045a58c2302357dc833abe16bdb583e4cad654df0fd218ebb392aedc5bdfc
Instruction ID: a88f63b8a55146247e4c61eb4a1c19462f4c8fdd34eafaf523c735cde684ba5c
Opcode Fuzzy Hash: 3b5045a58c2302357dc833abe16bdb583e4cad654df0fd218ebb392aedc5bdfc
Instruction Fuzzy Hash: 8A318D71505340AFE722CF65DC84F66BFE8EF45210F0884AEED858B292D365E815CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 00EEADD4

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b9b0b66108cc26610b601464c40b3918ccb8bdda4b2f5eed37709efe8f8bf2fd
Instruction ID: bddd142dc727532bdf3ec0e91e3f874855b46cdd4756421c8c1b00cf6abd191f
Opcode Fuzzy Hash: b9b0b66108cc26610b601464c40b3918ccb8bdda4b2f5eed37709efe8f8bf2fd
Instruction Fuzzy Hash: FB319371509384AFD722CB25CC84FA2BFF8EF06314F18849AE9859B252D264E949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 062807E2, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 06280889

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 419d84f439552e5921dbec452f72a41d3b852021610b9b924ed3be3f1657b47d
Instruction ID: 3c76db16abebc6c397ee6157f29e84af3855433c30eeead0477cf76d00ab9c4b
Opcode Fuzzy Hash: 419d84f439552e5921dbec452f72a41d3b852021610b9b924ed3be3f1657b47d
Instruction Fuzzy Hash: 3F318171509780AFE712DB25DC84F56FFE8EF06310F08849AED849B292D365E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06282838, Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 062828CC

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2f8099f237b4cfe59cea83ba915ec74fb35b62a7b4d9686221b39f0237c56533
Instruction ID: c74429b43e000b0575f63c05313b63ce926723f75f3f3b0e0b74ff8f14016a98
Opcode Fuzzy Hash: 2f8099f237b4cfe59cea83ba915ec74fb35b62a7b4d9686221b39f0237c56533
Instruction Fuzzy Hash: C421B47250A381AFE7128B25DC45F96BFA8EF46320F1884EBE984DF192D2649909C761

Uniqueness

Uniqueness Score: -1.00%

Function 062808E0, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 06280996

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d403adf6ad4003a386ed0f6265a50bac7bf597b6459ae067b825987f82100ab5
Instruction ID: 29d5bedb1b9a8ab3bdf0d4268b7cb549eb84c57bf509eacb32255cfc7b94c322
Opcode Fuzzy Hash: d403adf6ad4003a386ed0f6265a50bac7bf597b6459ae067b825987f82100ab5
Instruction Fuzzy Hash: DD31D7754097C06FD3038B259C51B62BF78EF47720F0A81DBE8848B5A3E224691AC7B1

Uniqueness

Uniqueness Score: -1.00%

Function 06281BD3, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 06281C6F

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: fa621b43632f3604f0c29a6d19ac89ecf47b3df975e8e252727b6620f23df466
Instruction ID: c899d57ff87db9486c7bbb9c6462c10057644b7767dd14ef2cfc81f5ecd79ab7
Opcode Fuzzy Hash: fa621b43632f3604f0c29a6d19ac89ecf47b3df975e8e252727b6620f23df466
Instruction Fuzzy Hash: C921A572505344AFE711DF65DC44FA6FFA8EF45310F08849BED84DB292D325A405CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06281528, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 062815BD

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 9d787629cf6cc93338e326cb1c1393145d7099147ec56740e557260048cff6b0
Instruction ID: 0126f858388ce380d24bb0d9cdfee13b118bd5bc256b7fd5bfa0575954559a33
Opcode Fuzzy Hash: 9d787629cf6cc93338e326cb1c1393145d7099147ec56740e557260048cff6b0
Instruction Fuzzy Hash: 0621F8B54093816FE7128B25DC81FA2BFA8DF47720F1884D7ED848B293D2646909C771

Uniqueness

Uniqueness Score: -1.00%

Function 06281FE6, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 06282063

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 870b4249112843f6cbd5057ae23e05d1f7ff2fe937af49eec0cd2a8be60af641
Instruction ID: fda3b26985c92c246d2674203945b16d2bc691501ec9ffe209a62c59ac2e743d
Opcode Fuzzy Hash: 870b4249112843f6cbd5057ae23e05d1f7ff2fe937af49eec0cd2a8be60af641
Instruction Fuzzy Hash: E021C172500204EFEB219F64DC84FABFBACEF04310F14886BEE459B291D670A508CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EEA2AC, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00EEA346

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 643d417b0c40e3863eaa610aef9506a8e606ab4a4f76487de132de7b5d22a893
Instruction ID: a7e9a773e61358a5dd024433c5d1801028f8b6775aae2e6c6208b3a0ea6515d4
Opcode Fuzzy Hash: 643d417b0c40e3863eaa610aef9506a8e606ab4a4f76487de132de7b5d22a893
Instruction Fuzzy Hash: 8A21A47144D3C06FD3138B259C51B62BFB4EF87614F0A81DBE884CB653D225A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 06281452, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 062814D1

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8b33d91e4a064ae86b9ae80ad378de0557a678e1073e4de27b8d6650c296fbaf
Instruction ID: e8482efc4eb7765366875393a002989452ed5722d4ab36ad3a48a6b4dc333ac0
Opcode Fuzzy Hash: 8b33d91e4a064ae86b9ae80ad378de0557a678e1073e4de27b8d6650c296fbaf
Instruction Fuzzy Hash: 0421BC71500200AFE721DF25CC84F66FBE8EF48310F04846AEE858B282D371E419CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00EEACD1

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d3eb5edb4d12a8af61e3f61f8957b4745f755ab8ac7198cabd3da465c8017d95
Instruction ID: 375d830cf26c7a7d9e2d88db241ca551d35fdea2e7c6fa298ae4e9341f870d47
Opcode Fuzzy Hash: d3eb5edb4d12a8af61e3f61f8957b4745f755ab8ac7198cabd3da465c8017d95
Instruction Fuzzy Hash: 7221C672500704AFE7219F55DC84FABFBECEF14710F18846BEE459B241D664E8088B71

Uniqueness

Uniqueness Score: -1.00%

Function 06280816, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 06280889

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 098a7f61b806c2a00d9d5cc777d671c8f0936f3bb756da50514709ef76371dad
Instruction ID: 7edacb42ffbf19d8ec0326e14ca3e9ad2c698274e5e6581349847b80aec3c07d
Opcode Fuzzy Hash: 098a7f61b806c2a00d9d5cc777d671c8f0936f3bb756da50514709ef76371dad
Instruction Fuzzy Hash: 2421BE71901200AFF720EF65CC85BA6FBE8EF04310F14846AED859B282D770E848CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 06281BFE, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 06281C6F

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 050c8552ac8dca4e8d27993eafc619683720648f647e3129e990f6afcd2a0a41
Instruction ID: 8c6cda685d555debb680a565e4645ed9acfcb219bfb89ed66d700fd4883dbf6a
Opcode Fuzzy Hash: 050c8552ac8dca4e8d27993eafc619683720648f647e3129e990f6afcd2a0a41
Instruction Fuzzy Hash: 6121A171500205AFE760DF25DC85FAAFBACEF44710F14886AEE44DB282D660A415CB76

Uniqueness

Uniqueness Score: -1.00%

Function 062820D3, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE ref: 06282148

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: f0312881cd966241d855e8595db99c23f506bbd550f22e9bbeffa15a0ecf447c
Instruction ID: e98ab5ebeed4925f560ad19c979f7c0c8f9534647d8d27ba695caea6a90eeca7
Opcode Fuzzy Hash: f0312881cd966241d855e8595db99c23f506bbd550f22e9bbeffa15a0ecf447c
Instruction Fuzzy Hash: 0221D47190A7C1AFD712CB25CC94B52BFA4DF46210F1984DFDD84CF2A3D265A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 062816DA, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 06281759

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: b693f55b3a950c1085267939c6b604c9f2532b4cef0807d148d49e423aa0afcd
Instruction ID: d4780394ab8bca273e6d386c1fcff65065c0f0fe80d16f3dbf5edbec3fb1339e
Opcode Fuzzy Hash: b693f55b3a950c1085267939c6b604c9f2532b4cef0807d148d49e423aa0afcd
Instruction Fuzzy Hash: BA219272405380AFDB228F55DC84FA7FFB8EF46310F08849BEA859B192D264A409CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 00EEADD4

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c10ff5ac678e8c93eddcac9ec2351bf2b7bb29f3a5cf088d2c1d99e21ad4a32b
Instruction ID: 3f08b206cc4cb21b74928580ddaad93e1560391981b2acc6355c1a7330be1a19
Opcode Fuzzy Hash: c10ff5ac678e8c93eddcac9ec2351bf2b7bb29f3a5cf088d2c1d99e21ad4a32b
Instruction Fuzzy Hash: 67218E71600648AFE720CF26DC80FA7BBECEF04715F18846AED45AB651D660F848CB72

Uniqueness

Uniqueness Score: -1.00%

Function 062818E2, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 0628194C

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 2fb07c960d704d5aa5558ceab0c2c7b2b87ae50e85b1f1036c3ba408ab0bf5af
Instruction ID: dc3d5d21a2aec7ec1232efd3a636859f5834035967641c23971815d235170d68
Opcode Fuzzy Hash: 2fb07c960d704d5aa5558ceab0c2c7b2b87ae50e85b1f1036c3ba408ab0bf5af
Instruction Fuzzy Hash: 0E11C071500205AFEB219F65DC85FABBBACEF04320F14846BEE459B281D670A415CB71

Uniqueness

Uniqueness Score: -1.00%

Function 062809BF, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 06280A4B

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2f2c09d40f4968d3a8a32b1ec567e48267afdce377d7894e8dafe1f35b89cb9a
Instruction ID: 43fea55a22afdec082323b08bc32cced6a554d474d9eaada4b2eb749a3e96c38
Opcode Fuzzy Hash: 2f2c09d40f4968d3a8a32b1ec567e48267afdce377d7894e8dafe1f35b89cb9a
Instruction Fuzzy Hash: 3021E771505384AFE721CB14DC85FA6FFA8DF46720F14809AFE845B292D264A948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 06282689, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,1BC6EC67,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 062826FA

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: fa0b97ded142fec43de55a934dd5d50ed09ffe6a16aac0e2f860e234c58ad293
Instruction ID: 422961b437f13022ac1f8c240c8ce7c678871a8cf43c9cd38e1e5ec1abd02012
Opcode Fuzzy Hash: fa0b97ded142fec43de55a934dd5d50ed09ffe6a16aac0e2f860e234c58ad293
Instruction Fuzzy Hash: 7021507550A3849FD712CF65DC84A92BFE4AF06210F0984EAED85CF262D274A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EEB7C9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00EEB845

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: b72f7da2877c513a48a24b9f514f5be737af777381e5362cd1353aa06788fe3a
Instruction ID: 559316f35bac64726267ae6c619b1487d02f21fd52657cdd639f855d57073b53
Opcode Fuzzy Hash: b72f7da2877c513a48a24b9f514f5be737af777381e5362cd1353aa06788fe3a
Instruction Fuzzy Hash: 9B219075509384AFD7228A25DC85B63BFE8EF16714F08809AED84DB253D375E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06282925, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06282998

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: d26022e635b543f2feb4d7a13bdc2b6e6915dd4ff0abacfdb519907a9959c7fa
Instruction ID: c0f0b5cd8865952b64c626972dc9efa56bee12fce6a754dbb285301af0339332
Opcode Fuzzy Hash: d26022e635b543f2feb4d7a13bdc2b6e6915dd4ff0abacfdb519907a9959c7fa
Instruction Fuzzy Hash: 4321F37550A7819FD7228F21DC40A52FFB4EF06310F0884DAED848B263D235E548DB71

Uniqueness

Uniqueness Score: -1.00%

Function 06282B21, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06282B95

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c3ac14dfb1622a69a39b9cd24ec61cff66311f870f09e0304bcee5815a51222f
Instruction ID: 94ee718430d58f60bf80c56bd1cde04571ed726e098e1665429daf06f92faf98
Opcode Fuzzy Hash: c3ac14dfb1622a69a39b9cd24ec61cff66311f870f09e0304bcee5815a51222f
Instruction Fuzzy Hash: 24216A7140A3C0AFDB128F25DC44A92BFB4EF07310F0984DAEDC48B263D265A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EEA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EEA666

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: fd6235367c86b14c2bb00ccbe1e6d08455a7c0584228f7a4a42d09812ccc845b
Instruction ID: b2a4df8cd2885f284b3b8d6d7903660b001be030e614c92b8fb0b6ea2c72558a
Opcode Fuzzy Hash: fd6235367c86b14c2bb00ccbe1e6d08455a7c0584228f7a4a42d09812ccc845b
Instruction Fuzzy Hash: 8611B471409380AFDB228F51DC44A62FFF4EF4A310F0884DEEE858B162D275A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 06282876, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 062828CC

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: eeb6dba5e99d27dce7024ad5592b6f6306d0ec9c0cfd2227e86389a356bc4cb7
Instruction ID: 1efdda0fd043324d52fd93248a3e37b63a32aa7b73d2d8f213bce7819f29d3ad
Opcode Fuzzy Hash: eeb6dba5e99d27dce7024ad5592b6f6306d0ec9c0cfd2227e86389a356bc4cb7
Instruction Fuzzy Hash: 9F11E071501204EFEB109F29DC85BABBB98EF45320F14C4ABEE44DB281D6B4A904CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 062816FA, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 06281759

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 8ba22687d98e2be33d7b33a1b8ff438d42f90eaf5808466e5999ac4bc467c896
Instruction ID: 84e74cc495f2ee6853e743f9ec42bccdec9c2662f20ae54703a8777847dec1fb
Opcode Fuzzy Hash: 8ba22687d98e2be33d7b33a1b8ff438d42f90eaf5808466e5999ac4bc467c896
Instruction Fuzzy Hash: 2411BF71400200AFEB219F55DC84FA7FFA8EF44320F14886BEE499F291D674A419CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 062809E2, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 06280A4B

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e4022c0396a1daf68fc408dc0fbc8031b13860d91eaff9cac801f46f3ca34469
Instruction ID: 2dba43c01301d40acbabc7513e8a369cb307f62791cb84266f07aae37f16967f
Opcode Fuzzy Hash: e4022c0396a1daf68fc408dc0fbc8031b13860d91eaff9cac801f46f3ca34469
Instruction Fuzzy Hash: A5110471510604AFF720EB25DC81FB6FB98DF05720F14C49AEF485B281D2B5A508CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0628223C, Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON

Download Yara Rule

APIs

GetThreadContext.KERNELBASE(?,?), ref: 0628229B

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 350b3ddbc3d53b2b5c0edcf11c90579b703b739b08b6b96ae4f1dbdc08db9c35
Instruction ID: 36b406e43a57f9eadfb0bc34a932cec85d5f6d5ee6ff7163b4f0e928d3bdf903
Opcode Fuzzy Hash: 350b3ddbc3d53b2b5c0edcf11c90579b703b739b08b6b96ae4f1dbdc08db9c35
Instruction Fuzzy Hash: 5311BF75515385AFD7118B15CC84E52FFE8EF06220F0880AAED458B6A2D278E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0628156A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,1BC6EC67,00000000,00000000,00000000,00000000), ref: 062815BD

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: d2a8b7f78ab8b3c00a4932262fbee2717640d38960749424b03be41a9e298818
Instruction ID: b674cacaa0ff52e4fffb2d5e581f4b633c97b4284b33a0601023b2f0647b8103
Opcode Fuzzy Hash: d2a8b7f78ab8b3c00a4932262fbee2717640d38960749424b03be41a9e298818
Instruction Fuzzy Hash: DA01D271510705AEE710DB15DC85FA7FB98DF05720F14C097EE459B281D6B8A509CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00EEAF50

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: dc16bdcb06f98a1358fb18a2d34a27c874631a49e887fb47f074b9354136a0ab
Instruction ID: 4d9f3c24c0460e5e6192bef70282d025f7f1d85a8312c613da225834978b1670
Opcode Fuzzy Hash: dc16bdcb06f98a1358fb18a2d34a27c874631a49e887fb47f074b9354136a0ab
Instruction Fuzzy Hash: C8119171405784AFD7218F15DC44E62FFF4EF05320F08849EED854B262C375A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EEA42A, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00EEA480

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: df97bfb89fa7f972c9a82458deb209f62b17a62f34d59dea53540c2ba46ee60e
Instruction ID: 2eb444f8d8a17d2a417ad3422ada0f073762ffd46cc19e92f4dcd39165034063
Opcode Fuzzy Hash: df97bfb89fa7f972c9a82458deb209f62b17a62f34d59dea53540c2ba46ee60e
Instruction Fuzzy Hash: 1A113C754093C4AFD7128B15DC84B62BFA8DF46724F0880DAED859B292D265A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 062826BA, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,1BC6EC67,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 062826FA

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 70b695178e2bca0f9d1d95517948a1a67d5caa15258e9588f2343fb91eee51a6
Instruction ID: b61cc091fbf2292152640aa90b81cb97c919229739c7d35f44ef838632d50aa1
Opcode Fuzzy Hash: 70b695178e2bca0f9d1d95517948a1a67d5caa15258e9588f2343fb91eee51a6
Instruction Fuzzy Hash: CB11A175512201DFDB50DF66DC84BA6FBE4EF04320F08C4AADD498B651D670E508CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 062822F8, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06282348

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 1780b1dde6bb81aee2d532212b950c90f4e54594ce8af59c998d7058bd21d866
Instruction ID: aae65d4140444e67666651719199bdeeb7a6e105af206f07316884056e3646d7
Opcode Fuzzy Hash: 1780b1dde6bb81aee2d532212b950c90f4e54594ce8af59c998d7058bd21d866
Instruction Fuzzy Hash: D101AD72501604AFDB218F05DC84FA6FFE8EB09320F08C46EEE854A661D371A918DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06282E2C, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06282E79

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 68a140de4d9b6a66b95dcb3b3e90d790d3b083735e0cf32ce761301727386b54
Instruction ID: f763629f71e0f0edbfbddf9be7d7c163d7bc21bc8ef277679dced97b349186b4
Opcode Fuzzy Hash: 68a140de4d9b6a66b95dcb3b3e90d790d3b083735e0cf32ce761301727386b54
Instruction Fuzzy Hash: B201C072501344AFDB208F15DC84F66FFE8EB44320F08C45EEE854B651C271A918DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0628210E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE ref: 06282148

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d628b53598238822df023f75bdb729f629c83a5112f2bbc34cf21ba2dd5af59f
Instruction ID: bfcaad39b819338010581927a47e32f16f3b6f087d98add82c9e73b331f0f78e
Opcode Fuzzy Hash: d628b53598238822df023f75bdb729f629c83a5112f2bbc34cf21ba2dd5af59f
Instruction Fuzzy Hash: 5B019271912241DFDB50DF29DC85766FB98DF00320F18C4AADE09CB682D675D544CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06282952, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06282998

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3a569da11838637845bc96f68419933eed3db642b200c4aa3599f9d02d690827
Instruction ID: f26e25be24d2ae067f04d42caeb61d97d0a56ab1541d060a94df1ae250ead772
Opcode Fuzzy Hash: 3a569da11838637845bc96f68419933eed3db642b200c4aa3599f9d02d690827
Instruction Fuzzy Hash: F501AD35911600DFEB209F15DC84B66FBE4EF04320F18C4AADD898B691D271E518DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00EEB7FA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00EEB845

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 3c323ab8179f92434b65a450f908bd18f8b19b9ebe15fe30609b655f758718a9
Instruction ID: f0ae1b321f761f5f973830026b8835c5c8191e3d89a0e48ef2f72911f6fd0c71
Opcode Fuzzy Hash: 3c323ab8179f92434b65a450f908bd18f8b19b9ebe15fe30609b655f758718a9
Instruction Fuzzy Hash: 3E0180715006449FD720DF1AD885B63FBE8EF04714F18946ADD899B351D371E808DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EEA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EEA666

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dfab73e12e61d9d6d9cde7932895d9f01c932c978becb18ee19058adb9e0cfaf
Instruction ID: 78f1cd462d00964cd06bf4cdc492e4acc4f0804a26e1d539932639447e4b27d5
Opcode Fuzzy Hash: dfab73e12e61d9d6d9cde7932895d9f01c932c978becb18ee19058adb9e0cfaf
Instruction Fuzzy Hash: 6F01AD31400644EFDB218F55D884B66FFE0EF49320F18C9AEDE895B611D271A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 0628225E, Relevance: 1.5, APIs: 1, Instructions: 44threadCOMMON

Download Yara Rule

APIs

GetThreadContext.KERNELBASE(?,?), ref: 0628229B

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 1f437eba9f7de07d060e8a70eef6eda23c7468caf3da0b4665928937ed5a8498
Instruction ID: 41eb0ef9d2e724eaa35759ea8a95af166e44cbf60fbbdf8facfdbe9a67d8596f
Opcode Fuzzy Hash: 1f437eba9f7de07d060e8a70eef6eda23c7468caf3da0b4665928937ed5a8498
Instruction Fuzzy Hash: FB01B535521241DFE7509F15DC84B66FBD4EF04320F08C0AADD458BA95D278E504CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EEA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00EEA346

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b3d5f5419b035b8923ba15b3cf230d618f0b498bde73f3efb752b56b0de37ecb
Instruction ID: bc225f43ac7733e031c608b59f860eae994364921f3236b28f959da93abd5200
Opcode Fuzzy Hash: b3d5f5419b035b8923ba15b3cf230d618f0b498bde73f3efb752b56b0de37ecb
Instruction Fuzzy Hash: FB01AD72500600ABD210DF16DC82F36FBA8FB88B20F14815AED084B741E331F916CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0628230A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06282348

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 1c3ece89f13d323ad91390c266f24340af4ec8a02b3e420132dfd8e86ac4a6f8
Instruction ID: 9aecc4b577371819d03abf303b6f584e96ae50ad11631657cd105e9e8b84ccfd
Opcode Fuzzy Hash: 1c3ece89f13d323ad91390c266f24340af4ec8a02b3e420132dfd8e86ac4a6f8
Instruction Fuzzy Hash: 9B019E31511600DFDB209F15DC84BA6FFA4EF04320F08C4AEDE894A661D2B1E958DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 06280946, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 06280996

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ed5c62ad1acc98ef5d45728597a5f529da373d65e26d9d695c54ebcd897e0b34
Instruction ID: 5f64e431ee5bc2c848b0528091486eed4e0686426e61dcc5a3255643f847bc48
Opcode Fuzzy Hash: ed5c62ad1acc98ef5d45728597a5f529da373d65e26d9d695c54ebcd897e0b34
Instruction Fuzzy Hash: 6501AD72500600ABD210DF16DC82F36FBA8FB88B20F14811AED484B781E371F916CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 06282E3E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06282E79

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 10598c3d9e8defd148794e9a4d0695dc49435e01474d0302c3a4c2b0d0c7976f
Instruction ID: 1ad965c4df54527441966ad7d8ee409c194a7a064f7eb67fa24f9607f23c4489
Opcode Fuzzy Hash: 10598c3d9e8defd148794e9a4d0695dc49435e01474d0302c3a4c2b0d0c7976f
Instruction Fuzzy Hash: CE01D431521600DFDB609F25DC84B66FFA0EF04320F08C0AEDE864B651D2B1E518DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00EEAF50

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5f5d286c20ba7521aa8b183c12e37374f0d891c6e3b28307bdb0433dd557ee95
Instruction ID: e250eabbfdfd75d08987751d299c4e9af64bb04468bac7e8fe33ba66ca75a473
Opcode Fuzzy Hash: 5f5d286c20ba7521aa8b183c12e37374f0d891c6e3b28307bdb0433dd557ee95
Instruction Fuzzy Hash: 2C017171500644DFDB208F56D884B66FFA0EF08320F1894AEEE891A612D275A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 06282B5A, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06282B95

Memory Dump Source

Source File: 00000001.00000002.299958007.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e35c8d6e7298ee79042d8a02192e276b5844b8cbe5839ea31b831cbfb5c97869
Instruction ID: 51d6bc2ed22b9fe461932926927763f8ab66e9cd55777ecffaf5531cd1c3ffcd
Opcode Fuzzy Hash: e35c8d6e7298ee79042d8a02192e276b5844b8cbe5839ea31b831cbfb5c97869
Instruction Fuzzy Hash: 5401A235812640DFDB609F55DC84B66FFA0EF08320F18C49ADE890B252D2B5A518DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 00EEA44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00EEA480

Memory Dump Source

Source File: 00000001.00000002.294390115.0000000000EEA000.00000040.00000001.sdmp, Offset: 00EEA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 66913f458f5fcdce031e91b7c372bec05411b82bbfc5575d31e74084bac238d3
Instruction ID: 68f57ac14c82c86a5d2901116a37cbba3d76ce8c8e8ad6817153e3e23f2bed5b
Opcode Fuzzy Hash: 66913f458f5fcdce031e91b7c372bec05411b82bbfc5575d31e74084bac238d3
Instruction Fuzzy Hash: 8DF0A435404684DFD7108F16D888762FFD4DF04320F18D0AADD895B356E2B5B408DE62

Uniqueness

Uniqueness Score: -1.00%

Function 010100B8, Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

</kr, xrefs: 0101011C

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: </kr
API String ID: 0-2427075492
Opcode ID: 494a7a84af49dae7ca86ef7efe1443ce3edd890a5fe0f00588d73ae3082264af
Instruction ID: f4dd99b545d6d02713ab8d857211f6b81b21370bc19cd94b381ca553910ecf8a
Opcode Fuzzy Hash: 494a7a84af49dae7ca86ef7efe1443ce3edd890a5fe0f00588d73ae3082264af
Instruction Fuzzy Hash: 13112970E01249DFCB05DFA8C580AAEBBF1FF86300F2042AAD514A73A5DB715E44DB95

Uniqueness

Uniqueness Score: -1.00%

Function 010100C8, Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

</kr, xrefs: 0101011C

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: </kr
API String ID: 0-2427075492
Opcode ID: 39d99e10a1bf05397b8db360ea4042d0b02f320a09de422dc58a551f00beafad
Instruction ID: e5872723b3a7311fbca655f3383625d8cf42aaa1407fe5876315b0d115e7bf5a
Opcode Fuzzy Hash: 39d99e10a1bf05397b8db360ea4042d0b02f320a09de422dc58a551f00beafad
Instruction Fuzzy Hash: 1D11B374E01209DFCB04EFA8C585AAEBBF2FF85300F2041A9D904A7365DB306E44DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0101C1BF, Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

r@>@, xrefs: 0101C1FF

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: r@>@
API String ID: 0-2817613862
Opcode ID: 8edb93d7b35accebb8198044b04f5601cd4ef60558d691f3e4a49cbbefcfec85
Instruction ID: 1ec4a54f1eba7fd8a80e51f3329e7f0a3b46fff528cba6b105fee62f9dbabff0
Opcode Fuzzy Hash: 8edb93d7b35accebb8198044b04f5601cd4ef60558d691f3e4a49cbbefcfec85
Instruction Fuzzy Hash: D6119274A022298FCBA4DF25D99C799BBB5BB89300F1040EAD58DA7265DB305E85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0101BD10, Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

_>>, xrefs: 0101BD2E

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: _>>
API String ID: 0-2807168339
Opcode ID: 3bb2189bb0654bd2db3b62c77600c69336ec168b5bcca96267876d6f556060e5
Instruction ID: 06fbdc8776e92a6c5d73120ed6d300e0d4bb61758baa322122ff3a9131e52cad
Opcode Fuzzy Hash: 3bb2189bb0654bd2db3b62c77600c69336ec168b5bcca96267876d6f556060e5
Instruction Fuzzy Hash: 7D11F2749022298FCB64EFA4D9987ACBBB1FB89301F1041DAC88DB6355DB380E81CF10

Uniqueness

Uniqueness Score: -1.00%

Function 01012C1E, Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 01012C23

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: 6cefd0aaa4982430cd637ae4b822223faf872874351e8be240577782927b0794
Instruction ID: a9a44f05d040fee01828fd00c86a361ed8bef8027c683108e1a4328405a055e8
Opcode Fuzzy Hash: 6cefd0aaa4982430cd637ae4b822223faf872874351e8be240577782927b0794
Instruction Fuzzy Hash: 61F06D74E2225DCFEB64CF64E980B9EB7B2FB85310F2591A9D549AB244C7349E408F21

Uniqueness

Uniqueness Score: -1.00%

Function 0101BF63, Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

z, xrefs: 0101BFF0

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: z
API String ID: 0-1509636059
Opcode ID: cef0b2c8d0e4ffc1fe64f12a8b1bb3ec15ee53080e29e6696a3fc056dd7111cf
Instruction ID: b318dccf5cb2ee17a9633de74faf6732db4c260bc978e23b7929a387dba81948
Opcode Fuzzy Hash: cef0b2c8d0e4ffc1fe64f12a8b1bb3ec15ee53080e29e6696a3fc056dd7111cf
Instruction Fuzzy Hash: 2B01D274A012299FCB60DF20D9657EDBBB2AB89300F1080EA868EA3355DF305F81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 010154B2, Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

FOG, xrefs: 010154D6

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: FOG
API String ID: 0-1269656527
Opcode ID: ae3874835f4eb7737636a3289d3315d155529fe8526e213c48d3b591181d72de
Instruction ID: d2d77fc005a210eb0ab66ea1784ec796d7abb76bc026f86f1227083c7107d2a0
Opcode Fuzzy Hash: ae3874835f4eb7737636a3289d3315d155529fe8526e213c48d3b591181d72de
Instruction Fuzzy Hash: 9ED06774905258CFCB10CF64C6809EDBBB1EB49701F500294D80967324C7359E81CE50

Uniqueness

Uniqueness Score: -1.00%

Function 01012421, Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd56115952e87eead15df3e33c82d433df7eebb93f9e5c304baf0d1f5c3266a3
Instruction ID: 2395ac83121531264fc73cf428160a0ee3537da36a132eee27c077936dc9b649
Opcode Fuzzy Hash: bd56115952e87eead15df3e33c82d433df7eebb93f9e5c304baf0d1f5c3266a3
Instruction Fuzzy Hash: 9A913530D01329DFDB15CFA5C880BDDBBB2BF85304F2480A9D548AB2A1DB759A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01012900, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9ea18ebffde70f032dabbdb68ba2fedd6f47a06debbd3bab023474a1997e2d
Instruction ID: 1a43179cdefa0e3fee6031e3b33b7aa758edace04435ce1ef806072723c6e6d8
Opcode Fuzzy Hash: 5f9ea18ebffde70f032dabbdb68ba2fedd6f47a06debbd3bab023474a1997e2d
Instruction Fuzzy Hash: CF517A70E012599FDB14DFA9D894BAEBBF2BF89300F24806AE545BB394DB345D02CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0101842B, Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61c70563d1ccc8bc077247c8dd8cfc92e6cfa11e54e1d97c561b2bd4852ca828
Instruction ID: 35251ebb74ad7cd20e1561a15f1a8868553610e8ae3a2a876d4f82e121a395c3
Opcode Fuzzy Hash: 61c70563d1ccc8bc077247c8dd8cfc92e6cfa11e54e1d97c561b2bd4852ca828
Instruction Fuzzy Hash: F281AB70906344CFCB41DFA9D9846ACBFF1FB49324B1080AAE445EB269DB749E56CF01

Uniqueness

Uniqueness Score: -1.00%

Function 01018739, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d17a2a625e1dad759f4579f5893a64d37ce928c8a418ae482aeb82347878e313
Instruction ID: 4ed5dc2d58d70a99a77542a33fd4e5238e2624c12e3d8f027e8c3ebe0db2c1f8
Opcode Fuzzy Hash: d17a2a625e1dad759f4579f5893a64d37ce928c8a418ae482aeb82347878e313
Instruction Fuzzy Hash: 79717D70A06208DFCB04DFA9E984AACBFF1FB48310B50946AE445EB368DB749E51CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010186B0, Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1b9df0f2bc4c06890cf87b8eb6645617bd75385dce8b6cc233c6df2c7d51db
Instruction ID: e2d83ac6209ddef6d79ba55ea46f87b0fc60c2a538fd854efaca0069639f5f2a
Opcode Fuzzy Hash: 9b1b9df0f2bc4c06890cf87b8eb6645617bd75385dce8b6cc233c6df2c7d51db
Instruction Fuzzy Hash: A1617070A06249CFCB40DFA9E984A6CBFF1FB48310B10946AE405EB368DB749E55CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01018488, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25dcee459728eee06862cbb28ca1d5205f8c923e474c318441279577ec3cb161
Instruction ID: 3795c3ca9375c18aeed9b3951d23d36ca9c94a542c329271b95c7238c090f94f
Opcode Fuzzy Hash: 25dcee459728eee06862cbb28ca1d5205f8c923e474c318441279577ec3cb161
Instruction Fuzzy Hash: 49618E70A06248DFCB04DFA9E984A6DBFF1FB48310B10846AE405EB268DB709E55CF51

Uniqueness

Uniqueness Score: -1.00%

Function 010184F2, Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 576076605c00e6fc9c719c31f91a0f01ed6bb62d440fa7053b8258db793bbff8
Instruction ID: 29943957565c0db4c514a333dc753e7cd062dee5f7c25aa10289fb9966c798ae
Opcode Fuzzy Hash: 576076605c00e6fc9c719c31f91a0f01ed6bb62d440fa7053b8258db793bbff8
Instruction Fuzzy Hash: 7A616CB0A06244DFCB44DFA9E984A6DBFF1FB48310B10946AE445EF268DB709E55CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0101862E, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7ab995be7ebbfecbf926e7eba73c07b6f0056710cf8252756ccd27153a5d962
Instruction ID: 08161a2b6a5e003f6b607ab4b38a21ef6707009f22a330425985b540bdec0a1d
Opcode Fuzzy Hash: c7ab995be7ebbfecbf926e7eba73c07b6f0056710cf8252756ccd27153a5d962
Instruction Fuzzy Hash: A9515770A06248DFCB04DFA8E984A6DBFF1FB48314B5094AAE445EF268DB749E55CF10

Uniqueness

Uniqueness Score: -1.00%

Function 01018895, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 812a0303a24b811b42da7f897ac048b2b160efdeb4c0f64ebc7a52de26d23acd
Instruction ID: 442234c2a8b78a6a4475b4f49bd09460b3f888dc8cb5567cc6b56c15da62cd2b
Opcode Fuzzy Hash: 812a0303a24b811b42da7f897ac048b2b160efdeb4c0f64ebc7a52de26d23acd
Instruction Fuzzy Hash: BF517B71A06248DFCB00DFA9E984A6DBFF1FB48310F50946AE445EB268DB749E51CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101854F, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d455df8eb8e97a330b13c14687e0f0c4e88ad288830557e4a1b04def25fd8e
Instruction ID: 2064fcbb26edc77ce0b0aa6290e7f13f1d68ff37aa62a8904ef6eb6911600d06
Opcode Fuzzy Hash: f1d455df8eb8e97a330b13c14687e0f0c4e88ad288830557e4a1b04def25fd8e
Instruction Fuzzy Hash: AA517A70A06248DFCB44DFA9E984A6DBFF1FB48310B1094AAE405EF268DB749E55CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0101894C, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15fb3fddbc5356e638ffbf0b9c064c4f3e6ecdb501c0d9675c6930964bccc1c9
Instruction ID: faf7561afce6276b15ae12cbbbb2a19ff031aec779efca05b936ff90dc0e2a47
Opcode Fuzzy Hash: 15fb3fddbc5356e638ffbf0b9c064c4f3e6ecdb501c0d9675c6930964bccc1c9
Instruction Fuzzy Hash: 70519E70A02244DFCB04DFA9E984A6DBFF1FB48314B10846AE405EF268DB749E51CF10

Uniqueness

Uniqueness Score: -1.00%

Function 01016AB8, Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530a1dd5f361162706fe5a19d4831675fdb819851716b0caf5dad0614e69bfe3
Instruction ID: 587155aceb696c067e6e192a2b433cb7e329da1699d01f0dbfb0259ee1d3df6f
Opcode Fuzzy Hash: 530a1dd5f361162706fe5a19d4831675fdb819851716b0caf5dad0614e69bfe3
Instruction Fuzzy Hash: FF5103B4D01209EFCB04CFA8D991AAEBBF1FF49304F24859AD541AB214D7799A80CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01016AC8, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b60ada844d41e461905df05fcffacef52fea0bca219b507fdbfcc3f0a00bb358
Instruction ID: 915abaa96178a40bcafcb6f25f48495d41315b7730f606e0edf86098e1ba2f0d
Opcode Fuzzy Hash: b60ada844d41e461905df05fcffacef52fea0bca219b507fdbfcc3f0a00bb358
Instruction Fuzzy Hash: D641D4B4D01209EFCB04CFA8D991AAEBBF1FF48304F60855AD541A7214D77A9A81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 01011CC1, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2291e7be38d90797c14f5906f12f8a9ece0f63d3593f39439549e1d9deba0242
Instruction ID: c4b951141d44b3421aaf33a0348d4042e97b829588540fda2296664fa17612f8
Opcode Fuzzy Hash: 2291e7be38d90797c14f5906f12f8a9ece0f63d3593f39439549e1d9deba0242
Instruction Fuzzy Hash: F24190B4E01208DFCB44DFA9C494AADBBF2FF89300F2480AAD919A7360DB359945CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01011CD0, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72764fe1ff83f865ed1e6ba6274c73697296c2f6bf00bd0f7a51dc088f7ba663
Instruction ID: 2ea8cdb671d099a2a7db1ee8a45e7790fab29e084c31103eede420b5bc0639c2
Opcode Fuzzy Hash: 72764fe1ff83f865ed1e6ba6274c73697296c2f6bf00bd0f7a51dc088f7ba663
Instruction Fuzzy Hash: 874182B4E01208DFDB44DFA9C584AAEBBF2FF88300F24806AD919A7354DB359945CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0101EB90, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45473fde9581acabbc7da7fdf4448fb8eca7419797fc5d12ee4ec7177713e3c8
Instruction ID: c187f405bf0b865b2f1eaba0e2bdd475030c8695d11b750f7a5ba2fca7e9b950
Opcode Fuzzy Hash: 45473fde9581acabbc7da7fdf4448fb8eca7419797fc5d12ee4ec7177713e3c8
Instruction Fuzzy Hash: F9412670D0920AEFCB01DFA5D8806EEBBF1FB89314F1494AAC842E7258D7385A51CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30292, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693f9366d66c28f6aa19c9e7f5e075c28f9df284a9dcf6cbc95a52eac9903f9b
Instruction ID: d86ae8e5f14733fdbcf02f2a5b172bf8004dd20c03cbdee40659d2131831d58c
Opcode Fuzzy Hash: 693f9366d66c28f6aa19c9e7f5e075c28f9df284a9dcf6cbc95a52eac9903f9b
Instruction Fuzzy Hash: 25410875E052298FDB64CF64D984BEEB7F1AB88300F2084EAD659B7254EB705E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0101EBA0, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1950d6474d5ae4248bc8ca30d7854e1edd3736592ae4500aac140d2bf7f2771a
Instruction ID: d4eb3073afaef06a4ca18e762425bc68c5d526b51f9da754d8cfd526f37061e1
Opcode Fuzzy Hash: 1950d6474d5ae4248bc8ca30d7854e1edd3736592ae4500aac140d2bf7f2771a
Instruction Fuzzy Hash: 04310770D0520EDFCB04DFA5D9816AEBBB1FB88314F1094AAC852B7258D7389A51CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30239, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bab6fed5ae469926f54043dd70fbb24046b586926a41de17d84e75f8f43bda90
Instruction ID: 977919a9ac29ed1878a4d442694c6011b2830e3f5e68b8272379fce9b5eef63d
Opcode Fuzzy Hash: bab6fed5ae469926f54043dd70fbb24046b586926a41de17d84e75f8f43bda90
Instruction Fuzzy Hash: 8D412A74E052298FDB64CF64D840BEEB7F2AB88300F1084EAD659B7244EB705A84CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0CC3027A, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce870346496f121793ea81c8269c66b9ceb5cc55cc62659de4060c3dbe42323f
Instruction ID: e0cbd769cb9c75f58565b46853cbcae19b250aab5943ffd6d7c08b3e6e7d6b5f
Opcode Fuzzy Hash: ce870346496f121793ea81c8269c66b9ceb5cc55cc62659de4060c3dbe42323f
Instruction Fuzzy Hash: 4C311974E052198FDB64CF69D944BEEF7F1EB88300F2084EAD659A7254EB709A85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0CC3025F, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebe617a53af3b7714bbf4fc906edbfe14fbb3de199b7c44819b6d090562756f
Instruction ID: 545f4a23eeeebae399b020f074ef6ad05b21d94f8f5dda4596a96ae63f3ccce0
Opcode Fuzzy Hash: 1ebe617a53af3b7714bbf4fc906edbfe14fbb3de199b7c44819b6d090562756f
Instruction Fuzzy Hash: B2313974E0121A8FDB64CF64DD40BEEB7F2EB88300F2084EAD659A7244E7709A84CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01011AE3, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c90ba2db852511091d361717f3b9e072958db9676e75704408292b036513c9
Instruction ID: cb889dbcdb720c7ca24fc06046e0f559347800f0f21f5a44874c319afebe0104
Opcode Fuzzy Hash: 48c90ba2db852511091d361717f3b9e072958db9676e75704408292b036513c9
Instruction Fuzzy Hash: DF319574E01208DFDB48DFAAE8849AEBBF2BF88300F148169E905A7364DB355945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01019529, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 316a868775decd47233145ed3e81eb941be75c11531da6c46395f727d1a5c90e
Instruction ID: 8da9c8f69a29c83a69de2a2bfb1aa969cb04b8bf7e36e7dbe7c6ce7cfaeab4af
Opcode Fuzzy Hash: 316a868775decd47233145ed3e81eb941be75c11531da6c46395f727d1a5c90e
Instruction Fuzzy Hash: BE3154B0D0930ADFCB45CFE5C54059EBBB1FF8A314F2081AAC442AB268E7389A41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 010140B8, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90e4aa45fb357bbcce4999ecb59353577aa0908019fbe09e254651dcf0ca20a3
Instruction ID: 3608224f9435abf112a795c721536c69d64125cef51dfef5bb316d13b4ef4eb7
Opcode Fuzzy Hash: 90e4aa45fb357bbcce4999ecb59353577aa0908019fbe09e254651dcf0ca20a3
Instruction Fuzzy Hash: 3531F6B4E05209DFDB54CFAAC4809AEBBB1FF88300F1095AAD815EB364D7389A41CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0101B0D3, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e573d348cc7fdfcfe2e22c50f399fd9c6bdbd36b7a91f4a7e56617cb72b3809
Instruction ID: 3241e51fb7465483674cfedddb4925c14d5b5800f01f709fd1348cb6307e72eb
Opcode Fuzzy Hash: 4e573d348cc7fdfcfe2e22c50f399fd9c6bdbd36b7a91f4a7e56617cb72b3809
Instruction Fuzzy Hash: EA31C7B4E012188FDBA4DF26D849799BBB2AB88300F14C1EAD44DA7264EF344E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01019550, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd5f68720f519afac4b648eeaf4374114c4848610a31038740d7108337ced1a0
Instruction ID: b5c43f8a9074333aba3ac67fbdd04d870efac87a4e229e5350cf82b7bcf8c43f
Opcode Fuzzy Hash: fd5f68720f519afac4b648eeaf4374114c4848610a31038740d7108337ced1a0
Instruction Fuzzy Hash: 032105B4D05209DFDB04CFE5D6845AEBBF6FF88300F2095AAC446B7268E7389A41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01011C00, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef80ee0819aa6503d3d87f4c559a9fc51fd3d84a46d5e94f8cd54c0fa0404568
Instruction ID: 70c77d9324af351f74c1b65bf78bf1a2cd0e9037dbb1d1fc3c199d8a36b1c3aa
Opcode Fuzzy Hash: ef80ee0819aa6503d3d87f4c559a9fc51fd3d84a46d5e94f8cd54c0fa0404568
Instruction Fuzzy Hash: 0E2180B4D05209DFCB48DFA9C5806AEBBF2BB48300F2495AAD504B7354D774AA81CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0101D3EF, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc30ab2abd4d953a293d8203dc3d68a967e8efc5b88c0869d2cb80c801deb006
Instruction ID: a1ae5c4428aeabbcd1dd5348042b9525aa286daed4a77fd41b9c1c193ef9edd3
Opcode Fuzzy Hash: fc30ab2abd4d953a293d8203dc3d68a967e8efc5b88c0869d2cb80c801deb006
Instruction Fuzzy Hash: EA210A70D05744CFEB15CFA6D85539EBFB2AB89304F14C0AEC554AB266D7791909CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00FA0724, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294490405.0000000000FA0000.00000040.00000040.sdmp, Offset: 00FA0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d437f0c2dc7da6705cc53ce85b3c8ed0b2573e1da057273dd01fcda82fd1ae39
Instruction ID: fd1d1137588bd5dce649df6bce855d199ba8cabe779ef35e4d3fa9975ef8b98b
Opcode Fuzzy Hash: d437f0c2dc7da6705cc53ce85b3c8ed0b2573e1da057273dd01fcda82fd1ae39
Instruction Fuzzy Hash: 33214C355093C49FC7038B20D890B55BFB1AB57314F2985DED4898B6A3C73A9807DB52

Uniqueness

Uniqueness Score: -1.00%

Function 06C21C60, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.302311374.0000000006C20000.00000040.00000001.sdmp, Offset: 06C20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3a2fe54cf86693037c980d809a3b6cd00916cd6de0fc998697ae5b1c74485f
Instruction ID: 6323cb5694178e4be0fb089d95ef2b232696a6094b698cc578349029d76db6da
Opcode Fuzzy Hash: 7f3a2fe54cf86693037c980d809a3b6cd00916cd6de0fc998697ae5b1c74485f
Instruction Fuzzy Hash: 9211B8B5608301AFD340CF19D880A5BFBE4FB88664F14896EF99897311D271EA148FA6

Uniqueness

Uniqueness Score: -1.00%

Function 01015C40, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6164660c894ae3ac9d26c9b4c975505f7d943fad659dcce2685c1e263684489e
Instruction ID: 97abf40c2a86fa74e7885c11499b064f1f1b4c448e630868605fd405a56048d3
Opcode Fuzzy Hash: 6164660c894ae3ac9d26c9b4c975505f7d943fad659dcce2685c1e263684489e
Instruction Fuzzy Hash: 39214C70D0524EDFCB05CFA9C8409ADFBF0FF86240F1085AAD445AB229D3789A01CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00FA075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294490405.0000000000FA0000.00000040.00000040.sdmp, Offset: 00FA0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5abd297470a8b0a53a4d47459a3d578130d48b3bf0add420afb17f7e7050d3d0
Instruction ID: 7bb798d3fca71f78defae3a3083b7d9d1682d945d7107254a71f84a9e705cf13
Opcode Fuzzy Hash: 5abd297470a8b0a53a4d47459a3d578130d48b3bf0add420afb17f7e7050d3d0
Instruction Fuzzy Hash: 39110675604344EFD705CB20D980B26BBE1EB8A718F24C59CE9491B643CB7BE803EE51

Uniqueness

Uniqueness Score: -1.00%

Function 0CC31860, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e7184d60295afc3581b990af2bf248712c331f143ba4fa80268454bb5e8573
Instruction ID: 0743887d76e2e4f625fe970debf1398df98a5cc8e47ae3235f48022503b7f2b0
Opcode Fuzzy Hash: 74e7184d60295afc3581b990af2bf248712c331f143ba4fa80268454bb5e8573
Instruction Fuzzy Hash: 15217FB0D0A389EFCB04DFB5D9415EDBFB1EF8A300F2594AAD402E7291D6349A04CB56

Uniqueness

Uniqueness Score: -1.00%

Function 01015D20, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81cfbf27c9c498de3ac6c22d13223421c06fdc11c9d64e00f08749772bae76aa
Instruction ID: 5445a970dd304d9804b92d316f98b59b58fabae5e161d8435a85f21c13868690
Opcode Fuzzy Hash: 81cfbf27c9c498de3ac6c22d13223421c06fdc11c9d64e00f08749772bae76aa
Instruction Fuzzy Hash: 17112574E01108EFDB04DFA9C948A9DFBF2EF89300F14C499D519AB365EB38AA01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0CC31870, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc9636251d3a2d62720e7bb0c868c6426008cc79dd4c0019ce95140b55d5f734
Instruction ID: fb1d885dc96b93f86453809b4ec90b277aa3067dc0cb0bf4615428ec01a6aa17
Opcode Fuzzy Hash: cc9636251d3a2d62720e7bb0c868c6426008cc79dd4c0019ce95140b55d5f734
Instruction Fuzzy Hash: 39114CB0D05209EFCB04DFA9D6416AEFBF5EB89300F65A4AAD405B7240DB349A00CB96

Uniqueness

Uniqueness Score: -1.00%

Function 06C21B04, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.302311374.0000000006C20000.00000040.00000001.sdmp, Offset: 06C20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d214558f31c4f606818bb9f29a1f13dd2f2c6365dc5547093899dc2fb6dfee8
Instruction ID: c55e4996b2a60bada525ae2c99f3489e00b92c03e3a42cf54cf887f5109fbdfa
Opcode Fuzzy Hash: 2d214558f31c4f606818bb9f29a1f13dd2f2c6365dc5547093899dc2fb6dfee8
Instruction Fuzzy Hash: 7311E8B5608301AFD350CF09DC80E5BFBE8EB88660F14892EFD9897311D271E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 00EFADBC, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294404434.0000000000EF2000.00000040.00000001.sdmp, Offset: 00EF2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cf2938d8cbd1c4efcbe70bb71968dd672edcd2184835eef39907c9fb198763
Instruction ID: 61ebb3773098ddbb8a029df50f3903717465e7a1c84b22bba4812c4befe32c7e
Opcode Fuzzy Hash: 70cf2938d8cbd1c4efcbe70bb71968dd672edcd2184835eef39907c9fb198763
Instruction Fuzzy Hash: 8B11ACB5608305AFD350CF19DC81E5BFBE8EB88660F14891EFD9997311D271E9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 01015D28, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbda06763a366f45bd0c1e0490a4f3a2900849720d0ff7eb8b9161862c6fa2e0
Instruction ID: ff7867cd9ffb27ae0a948cd19915963870560e8b4fd232f2a9cd53b44834a35b
Opcode Fuzzy Hash: bbda06763a366f45bd0c1e0490a4f3a2900849720d0ff7eb8b9161862c6fa2e0
Instruction Fuzzy Hash: 5D113674E01108EFDB04DFA9C948AADFBF2EF89300F54C499D519AB269DB34AA01CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0101EAC8, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 748f88a7c23522c859459066fb9ba7232bae0ba4221d65461d524de8ba0737ce
Instruction ID: 9ce995924e2ec766e18277f8795a4012dcce4d096fc505ddd24566246adb9169
Opcode Fuzzy Hash: 748f88a7c23522c859459066fb9ba7232bae0ba4221d65461d524de8ba0737ce
Instruction Fuzzy Hash: 2A118CB0D05209DFDB00DFE9D5816AEBBB0FF88300F2084AAD856BB214D7389A11CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01011E18, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 420c0c5307cf26b43a262afeed69a685bf2813365b5fbc5c634dce628b1f5fb2
Instruction ID: d19bb419e5293e50851a6fc3db1bb64ef5408d449a494037707f5557936b7928
Opcode Fuzzy Hash: 420c0c5307cf26b43a262afeed69a685bf2813365b5fbc5c634dce628b1f5fb2
Instruction Fuzzy Hash: 1611D674E012089FDB08DFAAD840AAEFBF2AF88300F208169D514B7354DB355A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00FA05D1, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294490405.0000000000FA0000.00000040.00000040.sdmp, Offset: 00FA0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1f80e1971cd56263d08a5c6e98707160b907284d9f19a5d6d3f320fe8d23594
Instruction ID: d6fc352804892236900159fd500c1639238a389e97065ca85448fd3c79c71584
Opcode Fuzzy Hash: e1f80e1971cd56263d08a5c6e98707160b907284d9f19a5d6d3f320fe8d23594
Instruction Fuzzy Hash: A701D6765097806FD7028B06EC40863FFA8DB86620708C09FED898B652D265A808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0101B62E, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05190aa16bac71b4810e12b6d1619537da9fb1c7b63f5287b76170140fa38e9b
Instruction ID: 0ea3762364eef0446f48b78dd8c91f9fe1c2b5826853a2b30891d3fdb4b34d7c
Opcode Fuzzy Hash: 05190aa16bac71b4810e12b6d1619537da9fb1c7b63f5287b76170140fa38e9b
Instruction Fuzzy Hash: 9611B2749002698FCB65DF21DC587EDBBB1BB89305F1051EAD85AA2356CB340E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101BE81, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b44425bdd16b4ceb034452d3c51a9cd3856b080139826a47aca44e11bf7ad572
Instruction ID: a5f64596f3903d2f03c3a6665067c99b4899f4bde5a95519c7f11fd224d07061
Opcode Fuzzy Hash: b44425bdd16b4ceb034452d3c51a9cd3856b080139826a47aca44e11bf7ad572
Instruction Fuzzy Hash: 2011D874E052A88FDB60CF65C8987E9BBB2BF89301F0040E9949E67256CB340A85CF46

Uniqueness

Uniqueness Score: -1.00%

Function 0101BC10, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a209789ee8a754ed03f54da41adcb9c6c1d478ba6a99435d4f11310d4ee3e6
Instruction ID: 258027e29759e78b0e3c0334cb72bb18c02e296c64bc5d8fedb4ac2394762d15
Opcode Fuzzy Hash: 24a209789ee8a754ed03f54da41adcb9c6c1d478ba6a99435d4f11310d4ee3e6
Instruction Fuzzy Hash: A411B374A00668CFCB609F65DD193EDBBB2AB89302F1050E9D45DBA368DB340E84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0101AF59, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90fc8ce96f2c835869ae9552ab9e17b07aa41db98831f16c7e5fe205cffdd0e3
Instruction ID: fe7e8cf6b4273f5200e7af83dacc49b2eed89b4c5b0f78e4dd1e625a71464f10
Opcode Fuzzy Hash: 90fc8ce96f2c835869ae9552ab9e17b07aa41db98831f16c7e5fe205cffdd0e3
Instruction Fuzzy Hash: 82016470E16209DFCB40CFE9E5809DCBBF1FB89310B20946BE519EB248D73999158F10

Uniqueness

Uniqueness Score: -1.00%

Function 0101B560, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4528a841f7512797fdded4cd285808b399f50af39d0742fce5461b4b1d4b3c2
Instruction ID: 7e62732b379e12d535637000586158c331666be2afd72c6fcb15fe5f53492819
Opcode Fuzzy Hash: a4528a841f7512797fdded4cd285808b399f50af39d0742fce5461b4b1d4b3c2
Instruction Fuzzy Hash: 2511D674A022298FCB65DF24C9647EDBAB6BB99300F1044DAD84DB7345DB344E80CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101BB24, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67fcf6e9e468aeac42c39c80e862966cb32e69903de740ddb07c6c6f6adeb9dc
Instruction ID: 86294dc9a93c24a68e4b4bfeef19c775b7b59a9ad11cb225dae02cca5f265259
Opcode Fuzzy Hash: 67fcf6e9e468aeac42c39c80e862966cb32e69903de740ddb07c6c6f6adeb9dc
Instruction Fuzzy Hash: CC11D6749022688FCBA5DF24CD987ACBBB5BB88301F5040E9D489B6355DB340F85CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0101AB0E, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a458c8aeedf5099c2d5ba23244611b0eabae933303f3831db71b80499deee413
Instruction ID: cea4f3c1e647f69333e72cbaf9c358a0bde4e0c22b434ac6ea10a2839f9cf775
Opcode Fuzzy Hash: a458c8aeedf5099c2d5ba23244611b0eabae933303f3831db71b80499deee413
Instruction Fuzzy Hash: C2118D74A012288FCB60CF24D984BADBBB2BB8A304F1090E9E84DA7715DB305E81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00FA0818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294490405.0000000000FA0000.00000040.00000040.sdmp, Offset: 00FA0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 9580e5c6338973ba4fd83caf7e224708a682930173cb3481da2ddb41796a59a7
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: 09F01D35504644DFC305CF40D980B15FBA2EB89718F24C6ADE9490B752C737E813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 0101C02D, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8ea2474732211ab6df87f8cf2ed0a60b5618a5b03bb37e9dff74db06bc1ca07
Instruction ID: 5a2874b7d899b7e655b36a36d6d3bbd6d692185e66c55ed23bde2ad79cadc243
Opcode Fuzzy Hash: f8ea2474732211ab6df87f8cf2ed0a60b5618a5b03bb37e9dff74db06bc1ca07
Instruction Fuzzy Hash: 5401E2749012288FCB65DF25DC983BCBBB5BB88306F1450E9944EA6266CB301F85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0101BA00, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6205f05b5cd3b0cb8c09e9a3f76094d54fca53826bd1d08d89de5a5228132868
Instruction ID: bf0faec0abf1a5fb817836999a443b5dc0054b24e8410788cc0198ddcbab18f2
Opcode Fuzzy Hash: 6205f05b5cd3b0cb8c09e9a3f76094d54fca53826bd1d08d89de5a5228132868
Instruction Fuzzy Hash: 7301E7B4D04228DFDB64DF30DC497E9BBB1AB98301F8045EAD55DA2298CB345E81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101B435, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff2f17e61479c14ea1a153012bf10982c4be6bb28aeb3006af9a8cf2925e225
Instruction ID: 8bb4fbea2c1655b1aa8ff91a02515c4b5461b456a2263d29b2346d17d702d30f
Opcode Fuzzy Hash: aff2f17e61479c14ea1a153012bf10982c4be6bb28aeb3006af9a8cf2925e225
Instruction Fuzzy Hash: 6701FD7091522D8FCB24CF21C989BEDBBB5BB88301F1055EAC489A2290CB341B81CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01012E44, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 939f1a53ffffca176224bdab0b128a2d4c098dbc13c9100f341ab9f3abb1d08b
Instruction ID: 6ce691b03ddc6f1ca15e84b6343b14ebd58c6334bbc342036d91f686e9c16b89
Opcode Fuzzy Hash: 939f1a53ffffca176224bdab0b128a2d4c098dbc13c9100f341ab9f3abb1d08b
Instruction Fuzzy Hash: 6D019670A022299FDB64DF24DD90B6DBBB6FF89300F1095E9E509A7294DB305E84CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0101C108, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92742bee0c1345c2ebd8dc11f230c9a2b6d49439c9d284e79d5c5693d0769d87
Instruction ID: 02fdf34e5201bdde632d5cc8f4b23e10150a4883eecfad63e4c194992ebe2cd1
Opcode Fuzzy Hash: 92742bee0c1345c2ebd8dc11f230c9a2b6d49439c9d284e79d5c5693d0769d87
Instruction Fuzzy Hash: 69012874E4126E8FCB64DF61D949BBDBAB2AB89340F2080FA9459B3355CB300E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0101B79B, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20fee0718e364e0461acecd0378cd30ce9c9aa556811c9639ef5df78acb0007c
Instruction ID: 1cb46705c366ce7f1c34bf71d1c8a6de99af31e6608ee47cf2ee76b10801d545
Opcode Fuzzy Hash: 20fee0718e364e0461acecd0378cd30ce9c9aa556811c9639ef5df78acb0007c
Instruction Fuzzy Hash: 8001A9B49002298FCB60DF25D9587A9BBB1FB88301F1091E595A9A2356DB300D81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0101B2DE, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ee272eb9d09e750c750a6fcdb17a51003f6b9aded7b44cbc75f0983837ce3c
Instruction ID: 3756d45fd14c2681103943d3f66409b193df5596b3fc01194903a071fd301114
Opcode Fuzzy Hash: 17ee272eb9d09e750c750a6fcdb17a51003f6b9aded7b44cbc75f0983837ce3c
Instruction Fuzzy Hash: FB010074A012288FCB65CF21D8893ACBBB6AB88200F10A1EAD44EB7355CA301F81CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0101F121, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e0b74f6edf53f86cedcb00a32d71bb4d91aeb22f19f1dfee9a1c7c6f960ee8
Instruction ID: feb7eac028d160bd7aa072008f12f0a296f5dd1c119102ddd03762beae558434
Opcode Fuzzy Hash: 10e0b74f6edf53f86cedcb00a32d71bb4d91aeb22f19f1dfee9a1c7c6f960ee8
Instruction Fuzzy Hash: 8DF05870D093049FD300AFB0E8056687BB0EB42301F0041AAC844E72A2E3744E48CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0101E3A8, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e8bee9ff9702988425975368ff1217b62e713de97cda864aade13334a7591c
Instruction ID: 9eea601de6782f5fc7390620ba6892ec02efc5d553231314551ee3d62ccf6ae0
Opcode Fuzzy Hash: 69e8bee9ff9702988425975368ff1217b62e713de97cda864aade13334a7591c
Instruction Fuzzy Hash: 30F0A0B4D053499FCB50EFF4D40129CBFF0AF06310F1041E9C840A7241E67A5A56CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00FA05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294490405.0000000000FA0000.00000040.00000040.sdmp, Offset: 00FA0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 325e71db45f98f20836d295bbb9186c16220f22e52d08c8f266580b45592c9b0
Instruction ID: d50cfccc46ef9db41d8778123be2a560e935c060f96fdbe475bd13262f4c27db
Opcode Fuzzy Hash: 325e71db45f98f20836d295bbb9186c16220f22e52d08c8f266580b45592c9b0
Instruction Fuzzy Hash: AEE06D766006009B9650CF0AEC814A2F798EB88630B18C46FDC4D8B700E135B5048EA5

Uniqueness

Uniqueness Score: -1.00%

Function 0101E4E0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb5fd28494a6ea2e3f8735f10fb6a8b94789002a60cf3167355aa30ae804e661
Instruction ID: f9decc49f48bbef5f1a9276e827a65ad8066c3428ab2d4a7cace32f5f61c92af
Opcode Fuzzy Hash: cb5fd28494a6ea2e3f8735f10fb6a8b94789002a60cf3167355aa30ae804e661
Instruction Fuzzy Hash: B7F0397094A3889FCB46DBB4882169CBFF09B07204F1444EED884DB292E23A5959CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0101BA5F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cb2fc9c03b250243dde378185098b1ca57ff09fd065f6ceec19ec1550823c5
Instruction ID: 60d33aada849b856248f38a622acc2af14d11b1b07ce6c45bfceb96c9ca854e2
Opcode Fuzzy Hash: c9cb2fc9c03b250243dde378185098b1ca57ff09fd065f6ceec19ec1550823c5
Instruction Fuzzy Hash: 92F01474D08228CFDB54DF30D8487E8BBB1BB98300F4081EAD45DA32A5CB340A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06C21CCB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.302311374.0000000006C20000.00000040.00000001.sdmp, Offset: 06C20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5239371763ad3f1f461b8912ec3c76080b65c8f1d740446c79f8d6e81d0d9cf0
Instruction ID: d8dd4eb891c00356e677f7021a3eb92e7c629e25b5d2c16238297d827274f4d9
Opcode Fuzzy Hash: 5239371763ad3f1f461b8912ec3c76080b65c8f1d740446c79f8d6e81d0d9cf0
Instruction Fuzzy Hash: 19E0D8B255030067D2108E06AC85F63FB98EB44A70F14C567ED081B341E171B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 06C21B53, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.302311374.0000000006C20000.00000040.00000001.sdmp, Offset: 06C20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 141adf12adf829f09cbdc5388b250821cac71b8d8216163f98ef8e98552b8d58
Instruction ID: 98d2af355d801b9c0fa7efd463005df7550bd7df025f44514885aa3879e89bca
Opcode Fuzzy Hash: 141adf12adf829f09cbdc5388b250821cac71b8d8216163f98ef8e98552b8d58
Instruction Fuzzy Hash: C2E0D87250030467D2509E06EC85FA3FB98DB44A30F14C557EE0C1B302E172B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 06C21577, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.302311374.0000000006C20000.00000040.00000001.sdmp, Offset: 06C20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cddb59e59d4637e5b8f81b21177b1b88084616f817aa909799cf0afdd80e621
Instruction ID: 8726169a675571c3ccdcbaebc375fa3d5adec23b7edb5a15068711fb8360e05f
Opcode Fuzzy Hash: 2cddb59e59d4637e5b8f81b21177b1b88084616f817aa909799cf0afdd80e621
Instruction Fuzzy Hash: 87E0D87251020067D2109E06AC85F63FB98DB40A30F14C557EE081B301E172B514CEF5

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAE0B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294404434.0000000000EF2000.00000040.00000001.sdmp, Offset: 00EF2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b1382f68f465aaefdba6c6c3c0e503b4da96ef55a63ad9017505d9d990f858
Instruction ID: 986d5f132b2bcb384d08a6bd4fac4edf3c1d1ad70b4e4ad431a2064e8654b20f
Opcode Fuzzy Hash: f9b1382f68f465aaefdba6c6c3c0e503b4da96ef55a63ad9017505d9d990f858
Instruction Fuzzy Hash: D2E0D872A5020467D2108F06AC81F63FB58DB40A70F14C557EE0C1B301E171B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0CC31988, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b54507866e501725fd56a6f6eed4e901306384cd8b7dd5c90bc76b9a895eec4
Instruction ID: 4424693a4b935ff34f784e232b12eba96597f6b5cf6b5a716c3ff1abda280979
Opcode Fuzzy Hash: 0b54507866e501725fd56a6f6eed4e901306384cd8b7dd5c90bc76b9a895eec4
Instruction Fuzzy Hash: 80E06D7081F3C48FCB179B74981125C7F708B03205F2806DFC885DA1A2D1324A18CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0101E568, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c30c1792ab7b747635ff72f9a1c57804c0d1dd4d51e86aa04b7ce91059c32024
Instruction ID: c58b8f7fa464859e0a45c10bbe8f05863ec7a99313bc4e7f3b7fa7d93468c27b
Opcode Fuzzy Hash: c30c1792ab7b747635ff72f9a1c57804c0d1dd4d51e86aa04b7ce91059c32024
Instruction Fuzzy Hash: 95F01574916308DFCB51DFB8804529CBFF0EF06211F0044EAC8449B220E2795969CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0101E4A0, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0760b311d225dfe9207a3cf86979a9c9f3a91929740ff56ec0d0cd7ee3dcc5
Instruction ID: 77871bb3c5fea667a64e39bc28437f0a0a7e9186321cc031f2aeb33586896c1f
Opcode Fuzzy Hash: 4e0760b311d225dfe9207a3cf86979a9c9f3a91929740ff56ec0d0cd7ee3dcc5
Instruction Fuzzy Hash: E0F06D70D0E3885FDB47DBB888117CCBFB09B06244F1441EBCC44EB2A2E6390A4ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 0101DB78, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 696d97683d7b5371704532fdf5b6ad3dd65d51b88f5a262f58a41cd8f59855cb
Instruction ID: 51b71eabbab648ceaca9a9efe7af1aec2f53ae6470903ae02f66e08f938139a0
Opcode Fuzzy Hash: 696d97683d7b5371704532fdf5b6ad3dd65d51b88f5a262f58a41cd8f59855cb
Instruction Fuzzy Hash: 0AF08CB4C09288AFDB01EFB8D4416DCBFB1AB15310F1045AAC810A2301D2754641CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0CC31748, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f55bfeba454aa158c8a3905c9e90faf59a29be6801972e64642a351763eda8e4
Instruction ID: 5cb6aacd92f3f94fa89a85e9911c175877e5d899b707d2baf324c43b918c9739
Opcode Fuzzy Hash: f55bfeba454aa158c8a3905c9e90faf59a29be6801972e64642a351763eda8e4
Instruction Fuzzy Hash: 78E06D7580F3C48FCB139B7098142A87F708B23200F2811DBC8809A2A2E6360A49CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30FEC, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09fdee36d6a39e98164ae90e0435a1a9511fe742c4a9ccd16116fe11ebbd3170
Instruction ID: d8c6b9afc0ce77fa3ca0980afd99c04c811e43c88e243a856c1a6c68c0e22b5c
Opcode Fuzzy Hash: 09fdee36d6a39e98164ae90e0435a1a9511fe742c4a9ccd16116fe11ebbd3170
Instruction Fuzzy Hash: C1F0C4B0C462299FCB64DF61CD44BDDB7B0EB04300F6488D98119A7681DB345BC1EF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101E520, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08f685514206ac97d7eed60e650d747407c58308f933d317d5c1e8472c59e4d0
Instruction ID: 63966609e2a373f0bf137311c741f979941f0384eddf0a271bd5d78716e3df63
Opcode Fuzzy Hash: 08f685514206ac97d7eed60e650d747407c58308f933d317d5c1e8472c59e4d0
Instruction Fuzzy Hash: 9FF06D70D093849FCB56EBB8840129C7FF1AF46210F1445FEC880DB2A1E2794559CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01010070, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0df979fe686b6d81182c0ac6e090d86352d81424980a36115c2cd1bca67c0ea
Instruction ID: 001d95c01136ad87e926dc388d40baac94af0d0ac7436c1f43178db55742878d
Opcode Fuzzy Hash: d0df979fe686b6d81182c0ac6e090d86352d81424980a36115c2cd1bca67c0ea
Instruction Fuzzy Hash: EBE0867054320CD7C748FBB4851673FB3A4DB82200F2018AC930533240CE755E10D655

Uniqueness

Uniqueness Score: -1.00%

Function 0101B47B, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c33e1bccdde4f24a11fdb8291ad8bc134de04b5fac5b3470ef89d68e5f584e6
Instruction ID: c0684b2dec412134a36c27f9fd8df72c54b8d63ad86a3e41b1f2548f30b7efac
Opcode Fuzzy Hash: 3c33e1bccdde4f24a11fdb8291ad8bc134de04b5fac5b3470ef89d68e5f584e6
Instruction Fuzzy Hash: 65F0F475A0122C8FCB25DF20D9487EDBBB2BB88301F1050EAD449A2294CB305F81CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0101F0E0, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bcb3f591d85c427c2ab85ee537cb523317038d332ada9e4139551bece3798e4
Instruction ID: edca3b2481b90f26230c4faae7798786be207056a71c2fec7e6944f1382ed1af
Opcode Fuzzy Hash: 8bcb3f591d85c427c2ab85ee537cb523317038d332ada9e4139551bece3798e4
Instruction Fuzzy Hash: 52E02070C0A3444FD742D7B498012983FF09B03200F1106EEC844D3293E1760A4DCB51

Uniqueness

Uniqueness Score: -1.00%

Function 0101DB2C, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54869efa3f0bf8e3bcd8fcf07d01841f39d029ef4011ff50ba55120b8b1d8ce4
Instruction ID: efb2df0eaa6f90269bb8b461c309a9823fc5c5f6811b21fd446d42e334d19730
Opcode Fuzzy Hash: 54869efa3f0bf8e3bcd8fcf07d01841f39d029ef4011ff50ba55120b8b1d8ce4
Instruction Fuzzy Hash: 6BF039B4D05248EFCB44EFB8C8416ADBFF0EB59300F1085AAD854E3201D3758640CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101E630, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b62caf0c21b563f2760a104c2014e2db18dbecb0b9b3b4b24d9e7d48981458
Instruction ID: db60a2aabb407c5a1c48e6a5018fd2bbe68313bdd853006c53ac4b1abcdfc7b2
Opcode Fuzzy Hash: 40b62caf0c21b563f2760a104c2014e2db18dbecb0b9b3b4b24d9e7d48981458
Instruction Fuzzy Hash: C1E03970D0E3889FDB42DBB898102CCBFB09B06204F2405EBC884D7292D1390A09DB52

Uniqueness

Uniqueness Score: -1.00%

Function 0101EE78, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 070801a1e51ed8fee67cd071809118e58a56be8b86361a3c5c29cf63c08c112a
Instruction ID: 7a5cc209110e5e359bc332178ba27d96e023d860bf72cef5b9cb2cc3576a64ba
Opcode Fuzzy Hash: 070801a1e51ed8fee67cd071809118e58a56be8b86361a3c5c29cf63c08c112a
Instruction Fuzzy Hash: 68F01574D09348DFCB52DBB8C44569CBFF0AB4A210F1041EED8459B261E2799988CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0CC312D8, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf393624ca425c3f04a2b68e09f585701d339866a4efbd7ee6bd9c17ace2fa53
Instruction ID: 9570812c194e421741e58543401bd9dc5572d7b087eb35ac5145015d0838d942
Opcode Fuzzy Hash: bf393624ca425c3f04a2b68e09f585701d339866a4efbd7ee6bd9c17ace2fa53
Instruction Fuzzy Hash: 05F0B775D05129CFDB60DF65EC486ACB7B0FB88311F1091E6D109A3220EB311E85CF04

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30394, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044e877ecbc3a31b2c03ba8598ddbd18ab19a3233f71e681fb80f1d392a0b356
Instruction ID: e70eb654f4401224fc348ba6259b605bbd2f440f01593d0016c776671379080f
Opcode Fuzzy Hash: 044e877ecbc3a31b2c03ba8598ddbd18ab19a3233f71e681fb80f1d392a0b356
Instruction Fuzzy Hash: 55F0FF72C15228DFCB64CF61C980BEEB7B4AB49340F6092EA8148A7240D2355A85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0101C0DD, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 021433b1428a62e28082fbb274328e17dda1f7574aca2a226b62c6dfc111d927
Instruction ID: 5a5f76106724c2abba95056e63108fdcbb3b833cd833355fd9fa2176d5b1d4a9
Opcode Fuzzy Hash: 021433b1428a62e28082fbb274328e17dda1f7574aca2a226b62c6dfc111d927
Instruction Fuzzy Hash: 5AF01274905B688FCB65DF24CD493ADBBB5AB89706F1400E9A449A7265DB340F88CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0101F130, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35474c8724b04b296035119b63cdd1ad769090a42ef29bcaf0221ae4759cc812
Instruction ID: 71991daca379ca41c57023e19f62c74553a93bc77d32d7570e14518dbb22896e
Opcode Fuzzy Hash: 35474c8724b04b296035119b63cdd1ad769090a42ef29bcaf0221ae4759cc812
Instruction Fuzzy Hash: AFE04F70D05308EFD700EFB5E90976DBBB4EB85702F1045AAD844A3290D7756E58CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101EF40, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73560c64182cdc791b46155516850248acda543667ec3ad0bf24a4f82dbb887e
Instruction ID: 2db6cdd3c94dbf2898de3e9ab505e8e430a3fbdfbbd8a3cf27583979ded3600b
Opcode Fuzzy Hash: 73560c64182cdc791b46155516850248acda543667ec3ad0bf24a4f82dbb887e
Instruction Fuzzy Hash: 2DE09270D0E3888FCB86DB74D85029D7FB09B46200F0040EBCC44D7251D6390918CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01014CB9, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c6e7d9fabd0d26b6f8050886d7fb820a51047d73273737c6176bd54e49a7b29
Instruction ID: c4508c0a83afe97cd50cfaefd48676a4d73d967ce2a6342789a96a02534f71e6
Opcode Fuzzy Hash: 1c6e7d9fabd0d26b6f8050886d7fb820a51047d73273737c6176bd54e49a7b29
Instruction Fuzzy Hash: 3DF00C74912358CFCB65DF65CA84AEEBBB1FB49311F500199E849A7324DB31AE85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0101DB30, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6f087e51ff8bf3b617d030518351a00281e478fcd22dec070a499c91f7714f0
Instruction ID: 14d594ac79d85ac1e3fede7116569ca6b280f753c30f11af417429e0337abed4
Opcode Fuzzy Hash: d6f087e51ff8bf3b617d030518351a00281e478fcd22dec070a499c91f7714f0
Instruction Fuzzy Hash: 33E0E5B4D05218AFCB44EFA8C8456AEBBF4EB48300F1085AAD854A7240D7759A50DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101D7D4, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6550eaffbc3b28a13e5c6c27f281f5268d9133a9eea785dff750ca4632f2650f
Instruction ID: bcda3ce162d42e5a49ccc6d538fef3fd8e151ce7b9b472891fa38d67e97d59ec
Opcode Fuzzy Hash: 6550eaffbc3b28a13e5c6c27f281f5268d9133a9eea785dff750ca4632f2650f
Instruction Fuzzy Hash: 0BF04D78D00228CFDB60DF65C955BADBBB1BB89204F1081A9984DA7356DB305E85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 0101DB80, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2903139222ea1ad8a4a40d8863ed4aa22a6fb7c48747f3755f94baa778587afe
Instruction ID: 11745de76348c3145881aa3d9585b0113a48f43a5515dad11023ca280a60b9e3
Opcode Fuzzy Hash: 2903139222ea1ad8a4a40d8863ed4aa22a6fb7c48747f3755f94baa778587afe
Instruction Fuzzy Hash: CDE01AB4D05348EFCB44EFE8C8456ADBBB5FB48300F1085AAD814A3300D7759A51DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101EEB8, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f10a12bd81437a2d7e3c7c7ac74a6e4e1bd7f56e6709a0ee4630a9ee89474501
Instruction ID: 8fb7adc3318cb2a5c6d01e6ce504d4abead743295d8ba16fa99e6adacd0b3ed6
Opcode Fuzzy Hash: f10a12bd81437a2d7e3c7c7ac74a6e4e1bd7f56e6709a0ee4630a9ee89474501
Instruction Fuzzy Hash: 05E04F3080A3859FCB52EBB8D40529C7FF09B16210F1005EAC884D6656E2794599CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0101AABC, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 462484f069164ef8bcab8dea1f018668cbf5bd7b268d827aa6cb711a5c50d371
Instruction ID: a71837740ec858528d48f50cad9aea0913b3d4d0faa2e9b7862223cbeee2142d
Opcode Fuzzy Hash: 462484f069164ef8bcab8dea1f018668cbf5bd7b268d827aa6cb711a5c50d371
Instruction Fuzzy Hash: 6AE06D71905280CFC758EFB5C09D55CFBB5FB0A315B4092A9A05A9F5A8C7348840CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0101C469, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d93f6435a39ec672393f9815ec5404989b42dffd1760f8d5816d2159737b3a67
Instruction ID: c6d78e3f2d5d21aee87ab0f698e403fd26745979369fe429c1a52cb97a00a7ba
Opcode Fuzzy Hash: d93f6435a39ec672393f9815ec5404989b42dffd1760f8d5816d2159737b3a67
Instruction Fuzzy Hash: 51F0AC349C8268CBEBA4DB14C99DBAD7B70AB44311F1141E9C48E67265CF759EC1CF09

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30B76, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5fe2eba45323dee01a09028ecabf652d811cbec5d41c619102b3310673442e3
Instruction ID: 45d2048df424481a00ead52e96adf83b95050eb633d72aea7f539a70891c3488
Opcode Fuzzy Hash: b5fe2eba45323dee01a09028ecabf652d811cbec5d41c619102b3310673442e3
Instruction Fuzzy Hash: 9CF0DF758012298FCB64CF60C940BD9BBB1AB08304F1091E9D108A6251DB34AB80DF10

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30C04, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e589afa1b6d1b5aea27521542a000b4bd19114d3b2d6ce1392859b6c77605b3
Instruction ID: 953209a6b76e6c762d276747c25fab21d1ea8bbc38c0a78fe414cb10a6ea79e7
Opcode Fuzzy Hash: 6e589afa1b6d1b5aea27521542a000b4bd19114d3b2d6ce1392859b6c77605b3
Instruction Fuzzy Hash: AFF0A535905229CFDB60DF11CD99B99F7B1BB89300F1051D5AA09AB264DB359F80CF14

Uniqueness

Uniqueness Score: -1.00%

Function 0101F068, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3140733ecafecc3cbe03f2d5c58305b4c8a0969aaa8a150ca028e39e068e79a2
Instruction ID: 3e41c936508adc38454d2487282dd6c24bb97c223a7eb99ccc737d694281bbdc
Opcode Fuzzy Hash: 3140733ecafecc3cbe03f2d5c58305b4c8a0969aaa8a150ca028e39e068e79a2
Instruction Fuzzy Hash: 6BE046B0E146099FCF44EFA8D8002ACBFB0EB44600F0080EAE944D7240E7344A18CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0101E530, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d65d95fb7c6b8491d31b7a25dc03a308b9e4481bfc25a79203e06648f2d9b64
Instruction ID: 548c13ce894d6290fba3aa9bc9ab7c20e707619d1a33febf50a9f7bbfe53318e
Opcode Fuzzy Hash: 3d65d95fb7c6b8491d31b7a25dc03a308b9e4481bfc25a79203e06648f2d9b64
Instruction Fuzzy Hash: 07E01774D05308AFDB95EFB994063ACBBF4AB44601F1049E9D884AA280F7399A94CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101E578, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3a55368e5cdd3d9c54c4d7ddf5601a8b8eb05ca1ea8547a62119f2b0022ed7
Instruction ID: d4aa72eb2474b82c37660e49d1063a9dd3543abde1a8d381a9f8164b2963f4bf
Opcode Fuzzy Hash: 1a3a55368e5cdd3d9c54c4d7ddf5601a8b8eb05ca1ea8547a62119f2b0022ed7
Instruction Fuzzy Hash: 59E0E274D01308EFCB54EFB8D4453ACBBF4EB44605F1044E9D808AA240E639AA54CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0101A5D8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c500e92542c832ed9b5e9245c81b93486edd578cb5ba6f0088f79dc502cace62
Instruction ID: de1e7fb4e72d9783aca915d5ccc20927a941652992ed518f8b41d68ab1ce6222
Opcode Fuzzy Hash: c500e92542c832ed9b5e9245c81b93486edd578cb5ba6f0088f79dc502cace62
Instruction Fuzzy Hash: C2E08C70B2A084DFDB04CFA4E28006CBBB7FB89311F944816F186EB264D7386A08CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0101E4F0, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3493230f451b311943af34b7fbca10ca1c58177ec6cb3474970ef3d7b5d88ec
Instruction ID: dc0ec100654ac22fdb1a5183c5884a308976f4090800b72b24144ccc95c85de5
Opcode Fuzzy Hash: b3493230f451b311943af34b7fbca10ca1c58177ec6cb3474970ef3d7b5d88ec
Instruction Fuzzy Hash: 41E0E270D01308AFCB58EFB8D40529CBBB4AB44600F1044E9E808A6240E739AA95CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0101E798, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 998db7f63a4715e67b6d85f684eb279b4ce64418b39c66f94d0694ce134fdb0e
Instruction ID: bee90cde8359d95cd2d9901ee1a78cbcbd1256c73a0ea4f0832291feb15996ac
Opcode Fuzzy Hash: 998db7f63a4715e67b6d85f684eb279b4ce64418b39c66f94d0694ce134fdb0e
Instruction Fuzzy Hash: 7ED01770D09208AFDB44EFA8D8056ADBBB5AB84300F1081EACC08A3280D6345A54CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101A960, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ee9226f48f614c467ef2901a84e30a8465c24904a1d09d5a5bdc0259f19a03
Instruction ID: a0a0946f81b6148ea4cb8fdc3fb61a406ab8242c78ead31068ab809996fea9e5
Opcode Fuzzy Hash: b9ee9226f48f614c467ef2901a84e30a8465c24904a1d09d5a5bdc0259f19a03
Instruction Fuzzy Hash: 58D02E3080A186CA87248BA0E28006C7B34AB46000B30058990898B10ACA30625BA301

Uniqueness

Uniqueness Score: -1.00%

Function 0101E718, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf2e11d76766bef7a56785d6defcf03bb5e90c093b4f6a4f5e93f5cc990cbe5f
Instruction ID: f21a51d92ac15f610d28258edea868ffce94a5153e625a639297b1ac95e516eb
Opcode Fuzzy Hash: bf2e11d76766bef7a56785d6defcf03bb5e90c093b4f6a4f5e93f5cc990cbe5f
Instruction Fuzzy Hash: ABD01774D06308AFDB94EBB9A4053ACBFF4AB44600F1045EACC84A2280E6385A54DF92

Uniqueness

Uniqueness Score: -1.00%

Function 0101E758, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9518a7a5e22efefe6efb9f5454e1163ca44f1e1c8010e0fd950cd5da61a1103a
Instruction ID: c4f8c2042d08aebf5ae280397fb4344f07f98c4e235d41bfb16fa91190891008
Opcode Fuzzy Hash: 9518a7a5e22efefe6efb9f5454e1163ca44f1e1c8010e0fd950cd5da61a1103a
Instruction Fuzzy Hash: 7FD017B0D05208AFDB80EFA8D40539CBBF4AB44600F0041E9CC48A3240EA385A54CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0101E640, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9746488b1ca4c640ccc308cf43aef76c8b50788e465149357f4088a68718ec24
Instruction ID: 359ff7ac1e670474545980e6911409a06d988f922fd815cb54a73ad1e332825e
Opcode Fuzzy Hash: 9746488b1ca4c640ccc308cf43aef76c8b50788e465149357f4088a68718ec24
Instruction Fuzzy Hash: 79D01770E01208AFCB44EFA9D50539CBBF4AB44600F1045EACC48A3280E6385A54DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0CC31758, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324040becedc6af6524fc0773489b6b91a1ed30074e99de56640a9e2db60350d
Instruction ID: 245cdc3fc6e1378148957a74d7970d131660489e510579c9d080880bb473d9a1
Opcode Fuzzy Hash: 324040becedc6af6524fc0773489b6b91a1ed30074e99de56640a9e2db60350d
Instruction Fuzzy Hash: 6ED05E309023089FC714EBB495053ACB7B49B41601F2005A8C84466250E6369A54CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00EE23F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294381468.0000000000EE2000.00000040.00000001.sdmp, Offset: 00EE2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72289ea5c47ef69ecf1664e86b8495dfd9e441c093e4afcf6ca18a125d7de1f0
Instruction ID: 2f7a9c06a0320623c7168a7c5c1ab61782315e3a8bd6c3c66af5249a6a9018ba
Opcode Fuzzy Hash: 72289ea5c47ef69ecf1664e86b8495dfd9e441c093e4afcf6ca18a125d7de1f0
Instruction Fuzzy Hash: 04D05E79215AC18FD3268F1CC1A8B953BD8AB51B08F4644FDE8008B6A3C368D981E200

Uniqueness

Uniqueness Score: -1.00%

Function 00EE23BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294381468.0000000000EE2000.00000040.00000001.sdmp, Offset: 00EE2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a91e25de159a1e0332e9c8e28f1ed44deb9960f6cec5010ea72a0032038782
Instruction ID: 07e2388c9cd7854b2e4a32552c3e9f0cb5b3a2c5ae155ed03e3dc296b4ff1757
Opcode Fuzzy Hash: c0a91e25de159a1e0332e9c8e28f1ed44deb9960f6cec5010ea72a0032038782
Instruction Fuzzy Hash: 50D05E342002868BC715DF0DC594F5937D8AB41B04F1654ECAD008B662C3A8DC81CA00

Uniqueness

Uniqueness Score: -1.00%

Function 01012B48, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e0a2624f2ce7b2e835c7e942405075d656591fabcd026d393f8551e16b7eb3
Instruction ID: c62e78fa66bb23a4f15ec8c905b69d27b868809cc58c172b2ad6e32deb580875
Opcode Fuzzy Hash: 32e0a2624f2ce7b2e835c7e942405075d656591fabcd026d393f8551e16b7eb3
Instruction Fuzzy Hash: 2DD0C9704092489FD740AFBAAC09629BBA9A746602F1048E4E849A3121DA755958DAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30671, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a88ec3ba40f51ba8221c93165711a3a5fd165f351c396c37d7757cd3127ed0
Instruction ID: 321eda5371da22f598c1f2af10f1658d8734a0b1056d2edc621a0f7f0ad49c6f
Opcode Fuzzy Hash: b7a88ec3ba40f51ba8221c93165711a3a5fd165f351c396c37d7757cd3127ed0
Instruction Fuzzy Hash: 97E0EC70E0521D8FDBA8CF64CD91BDEBBB1BF54340F2090959658BB294DA716E808F84

Uniqueness

Uniqueness Score: -1.00%

Function 0101A81F, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 941bc6308cfcd00433f9befcedf61efe1cdcdc84588032be39bcf312410d10e0
Instruction ID: 64591f270e8e56247193da8b31eb348166b1ccf16101db2e64ec56b326a87a4a
Opcode Fuzzy Hash: 941bc6308cfcd00433f9befcedf61efe1cdcdc84588032be39bcf312410d10e0
Instruction Fuzzy Hash: 26E09234E09358DFCB60CF65E988B9EBBB1BB49201F1150999089A3224D7345A80CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0101AA33, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea881466972a8c0652ba98f8461b5380c8b6ace20b453deebb02174483c0952d
Instruction ID: fa762a2b4b576240ec66139b7082759e07e6b0fde0a72ed5ca564530a0fa482b
Opcode Fuzzy Hash: ea881466972a8c0652ba98f8461b5380c8b6ace20b453deebb02174483c0952d
Instruction Fuzzy Hash: 87E0E27590A228CFCB00CFA1E9842DCBBB0BB84351F10246AA192E7190CB381A40CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0CC307B7, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22231722b31b20268580819d6a6c15201063a7a424aebca2dc1810560508405c
Instruction ID: ade71c5423e7f36db6be6fc30aa59cd7299caf0ca7e418be82ec64b94e6238e3
Opcode Fuzzy Hash: 22231722b31b20268580819d6a6c15201063a7a424aebca2dc1810560508405c
Instruction Fuzzy Hash: 06E0E236D1522A8EDB68DF60D9807EEBBB0AB01344F6015EA8449B6184D7346BC4CF24

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30C81, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a558239a02b4e84bf626020cd12bb61e0805dc53bfe28b476839f5d7b47d9e9
Instruction ID: 612fb02c097346778b7116b27b38fc5624053a19b42c963813eafeb061587284
Opcode Fuzzy Hash: 6a558239a02b4e84bf626020cd12bb61e0805dc53bfe28b476839f5d7b47d9e9
Instruction Fuzzy Hash: 6DD06C75C092ACCFCB28DF20CA457EDBAB0AB10740F1050EA8249B2240C7741BC5CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0101CAF9, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fbe62ec8eae4b020344c6030d470ce27ca67ad77ff8bb60aa83862c5785edaf
Instruction ID: 3f7c0c8c455f8a1c55a391c59fdc919af7f030e00e672f7f5686d98e626f4448
Opcode Fuzzy Hash: 7fbe62ec8eae4b020344c6030d470ce27ca67ad77ff8bb60aa83862c5785edaf
Instruction Fuzzy Hash: 52D01738C0622A8FCBA0DF20CA8C78CF7B0BB44600F0040E6C94DA2210CB304A849F00

Uniqueness

Uniqueness Score: -1.00%

Function 0CC302E0, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00b1516b2a582b5bdcf35cb80b0612c6e0f9443ce10cf57025ad2420c4e3b7ac
Instruction ID: 0bbc2da86d8f4b62ee93e299ef2ffbe02b4481313a9a064948e8bfada599d2f4
Opcode Fuzzy Hash: 00b1516b2a582b5bdcf35cb80b0612c6e0f9443ce10cf57025ad2420c4e3b7ac
Instruction Fuzzy Hash: 24D0C934C4621A8FCBA8CF60D9C47E9B6B1ABA4610F1151D5C45AA3260DE345AC18F95

Uniqueness

Uniqueness Score: -1.00%

Function 0CC309E0, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41575144b1142004ef028b175bcfa9570c856ed0804a1e6c920c54f66f6d048d
Instruction ID: 356348102d61d3ffab4b41de1dacfc0a9996a301bd86b0c4f542174047555d53
Opcode Fuzzy Hash: 41575144b1142004ef028b175bcfa9570c856ed0804a1e6c920c54f66f6d048d
Instruction Fuzzy Hash: 3BD09275C1426C8ACF28DF20C9112ECBA70AB54320F1026DA91A9B6591D7B00BC1CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0101A9C5, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a9454f8ce3725f1bff6030df9a311eaf80307f2f187b17270d6a70527c152d1
Instruction ID: 10f469e6d8dad47775f4748d8d7088d4400221a3634fc0cc3c5e27df1f859469
Opcode Fuzzy Hash: 9a9454f8ce3725f1bff6030df9a311eaf80307f2f187b17270d6a70527c152d1
Instruction Fuzzy Hash: 3CC08C7298B20ADBCB10CF60DA8008DB734FF803347396A5691B5AB2CCDB3862008E90

Uniqueness

Uniqueness Score: -1.00%

Function 0101A878, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0410a03ad05436e89ce3961a47dbd8122c4e22a1a326949a2afeff8daef04a72
Instruction ID: 199b46bd964eb9bf7eb458667911308bff96518bfbb7f3f858a58d68a32f35f4
Opcode Fuzzy Hash: 0410a03ad05436e89ce3961a47dbd8122c4e22a1a326949a2afeff8daef04a72
Instruction Fuzzy Hash: 25D01275C1A249DFDF24CFE6D1805ECFFF4AB08210B105416A451F6254E73C4640CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0101C648, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d77049bc9e1d0e75808f97f06b66d8a39898fe9bada555e8bc02b31becb48c7
Instruction ID: 4fcc65879e44083b18e962f87299db3175002e4220b91343fb49e3a4a619c6d1
Opcode Fuzzy Hash: 5d77049bc9e1d0e75808f97f06b66d8a39898fe9bada555e8bc02b31becb48c7
Instruction Fuzzy Hash: BDD0C978C062698FDB60CF20CA487ECBBB0BB44200F0080D6C68EB2241D6384B85DF05

Uniqueness

Uniqueness Score: -1.00%

Function 0101ABFD, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffa70f7c53b9788b081612059b3a15c0286d7834fb3fabd7e2a9fb4d0e3ed29c
Instruction ID: 1aa2e0ee0e07f32be0385077fdee88d9931b4492be02cc83bff9448e25dae7c1
Opcode Fuzzy Hash: ffa70f7c53b9788b081612059b3a15c0286d7834fb3fabd7e2a9fb4d0e3ed29c
Instruction Fuzzy Hash: BDC09234609645DFCB00DF51EA84BAEBBB1FB8E202F144084A68AE3218DB341C59CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0CC30933, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.303643642.000000000CC30000.00000040.00000001.sdmp, Offset: 0CC30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f88b3344f7692a0357a4826a6450d199882d0bd55155aa773919190c65d3089d
Instruction ID: 7599ca22851d35616aa34b9bb23372865e36ba200d6901e9c5ff02f67ee0c362
Opcode Fuzzy Hash: f88b3344f7692a0357a4826a6450d199882d0bd55155aa773919190c65d3089d
Instruction Fuzzy Hash: A6C02B3182E612CEC3248F10C48029BB6B0E341301F00149080C7E4010CE3441C0CF10

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0101DD10, Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

[?`, xrefs: 0101E007

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: [?`
API String ID: 0-1591380803
Opcode ID: f076640c2e8af7706ebad8b7b0c4c048e798ae87e00f90fdcfe182ef59dcb6d7
Instruction ID: 972c77b5840285d79feffc516faa2e74a28247d027cb7435e6966c1053237058
Opcode Fuzzy Hash: f076640c2e8af7706ebad8b7b0c4c048e798ae87e00f90fdcfe182ef59dcb6d7
Instruction Fuzzy Hash: 31812874D04219CFDB14DFA9C584AADFBF2BF89304F20816AD855AB359D7389A41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0101DD00, Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

[?`, xrefs: 0101E007

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: [?`
API String ID: 0-1591380803
Opcode ID: 7c095ce0144fa57c16d9cfe23c85ccabc71a50295696bcb4908eb11a7265dcc0
Instruction ID: fb3999758bbe57058e2254344fd53eb715f6f49de4291eda8e2aec48d96ef514
Opcode Fuzzy Hash: 7c095ce0144fa57c16d9cfe23c85ccabc71a50295696bcb4908eb11a7265dcc0
Instruction Fuzzy Hash: F1815974D04259CFDB14DFA9C584AADFBF2FF89304F2081AAD445AB25AC7389A41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01017788, Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

`U], xrefs: 0101782A

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: `U]
API String ID: 0-76665830
Opcode ID: 0228cd784f0f0d7da65a3c15d051058b2921718d32d6bd5e9c38f71e7b25047a
Instruction ID: 5431570eba9080604b120107db4e3cc50a976681d30ffb8f1ed2bd3f0e4c35ff
Opcode Fuzzy Hash: 0228cd784f0f0d7da65a3c15d051058b2921718d32d6bd5e9c38f71e7b25047a
Instruction Fuzzy Hash: 72411674D0520ADFDB05CFE6C5804AEFBB2FF89300F2484AAC551AB259D7389A41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01017798, Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

`U], xrefs: 0101782A

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID: `U]
API String ID: 0-76665830
Opcode ID: 94ecb3fa51b6bf3e3e2d7de8247906a005584450045a50631b01a326c872648d
Instruction ID: 3e42432e6aae5a33fcf36449c0b408d8892ed5556872337f574b745ff513cdf6
Opcode Fuzzy Hash: 94ecb3fa51b6bf3e3e2d7de8247906a005584450045a50631b01a326c872648d
Instruction Fuzzy Hash: 9D41C4B4D0520ADFDB04CFD6C5815AEFBB2FF88300F24946AD555AB258D738AA41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0101F170, Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18f6c6a0513e336925917a9bad69e3ee27188de95f51b296f951cc38f1af8b4c
Instruction ID: 46e99fe7f05157d8e58e5c6b166b34368a3f0e9abe287a19472282704abad5bf
Opcode Fuzzy Hash: 18f6c6a0513e336925917a9bad69e3ee27188de95f51b296f951cc38f1af8b4c
Instruction Fuzzy Hash: CF713575D0A20BCFCB44CFA5D5405AEBBB1FB8A310F60982AD855B7308D7389A06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0101CEC8, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6445e0129fb0877af6427388c23789cdc4e28304dce988ac811c9312a3412bec
Instruction ID: 48c957e010160e82af8c0dc9d5fd8241ec5d85887bed6945a474de64c8141cd1
Opcode Fuzzy Hash: 6445e0129fb0877af6427388c23789cdc4e28304dce988ac811c9312a3412bec
Instruction Fuzzy Hash: F8711674E04218DFDB14CFAAC584AADFBB2FF89304F24C1AAD415AB259D7359A42DF40

Uniqueness

Uniqueness Score: -1.00%

Function 010163F9, Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3c294f348d9abf1f4a962f3e8e95249b9bc74044e424972215b021ebdcd4d0
Instruction ID: e379596c8f9cf88a6a1d2be4dd35f82d9e07ff0553a4f4b88c2f4865c1d23099
Opcode Fuzzy Hash: 8a3c294f348d9abf1f4a962f3e8e95249b9bc74044e424972215b021ebdcd4d0
Instruction Fuzzy Hash: 57710E74E15209EFCB44CFA9D880A9DBBF1FF49310F1485AAE449AB314D739AA40CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01016408, Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd828069c0ed1689711d8c894916f2f16e8362cdf44325ceb0e79f016d3a84b6
Instruction ID: 3c9a2b4ef8910e1d4faa2acb480c424c9bf8bffeea864708523fa78d5d9a8c50
Opcode Fuzzy Hash: bd828069c0ed1689711d8c894916f2f16e8362cdf44325ceb0e79f016d3a84b6
Instruction Fuzzy Hash: 4E71FC74E15209EFCB44CFA9D880A9DFBF1FB49200F14C5AAE459AB214CB39AA40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0101CEC4, Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bc9165d62cfe0c403ac55c3e7fbf13a282c330d59bdf9ab5e62f6d8ec02d0d1
Instruction ID: 4bc5dff7494263d81e3908758eba8ac34d26d6187d4cab197311f54d608fb21d
Opcode Fuzzy Hash: 9bc9165d62cfe0c403ac55c3e7fbf13a282c330d59bdf9ab5e62f6d8ec02d0d1
Instruction Fuzzy Hash: 37713770D04259DFDB14CFAAC580AADFBB2FF89304F24C1AAD415AB259D7399A42DF40

Uniqueness

Uniqueness Score: -1.00%

Function 010142F0, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ab930e1059f43619e1c2388fed33a6db3fa5181f8e5f3a776053fb053c0b0e
Instruction ID: 8058ced89fd4e7616b14cf08d1c43ee7038a964ada684045223c75743a7fea5b
Opcode Fuzzy Hash: e1ab930e1059f43619e1c2388fed33a6db3fa5181f8e5f3a776053fb053c0b0e
Instruction Fuzzy Hash: CD61E2B4D0520ADFCB04CFA8C5849AEBBF1FB48314F24955AC455BB269D738AA41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01017580, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d77e90588eec4172d33fae8846dd41a938571f816289c29d2a3f433559547606
Instruction ID: a741fbc25054cafbfd7deaa86cd95f360d2da89a5bf6c84af9a9f6e8e3324061
Opcode Fuzzy Hash: d77e90588eec4172d33fae8846dd41a938571f816289c29d2a3f433559547606
Instruction Fuzzy Hash: 6B51D074D0524ADFCF04CFAAC4809AEBBF2BF89200F54856AD459BB214D7789A01CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01017590, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68d17044f34f004d692047cc6d5f7b913f3d982be74663c2409182e6140e4e06
Instruction ID: b4e1838156ca340750a77807626faf0b2d33258148ed4991ab4fa85ccc2aa7ff
Opcode Fuzzy Hash: 68d17044f34f004d692047cc6d5f7b913f3d982be74663c2409182e6140e4e06
Instruction Fuzzy Hash: A551EF74E05259DFCF04CFAAC4809AEFBF2BF89200F14856AD859BB214D738AA018F54

Uniqueness

Uniqueness Score: -1.00%

Function 010170C1, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3c73952bb9f57f416fea616bd3561af8138acc0f0ea1ad739b142ac33ac4293
Instruction ID: 9caa7e34d2875dc97d4dda49768adedfedbfa02a71016c51a6f35970fae42b46
Opcode Fuzzy Hash: d3c73952bb9f57f416fea616bd3561af8138acc0f0ea1ad739b142ac33ac4293
Instruction Fuzzy Hash: 735105B0D0620ADFDB05CFA8C9805EEBFF2AF59300F14959AE455B7215D3389A81CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01018F50, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbb8eae279c2e0cba8bf36970c715e1adc92b073cab95aaf79af3c584a546a3
Instruction ID: 3d1261016f541a7d8ee9a15027ca09311d31f7c4d7d80556b8144084069b2b37
Opcode Fuzzy Hash: 1fbb8eae279c2e0cba8bf36970c715e1adc92b073cab95aaf79af3c584a546a3
Instruction Fuzzy Hash: 5D514D70D04219DFDB14DFAAC5805ADFBF2BF89308F24C26AD454AB259D7359A02DF90

Uniqueness

Uniqueness Score: -1.00%

Function 01012B70, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50edab904a3bacebe51b604f48030bd7f3ad3181253a98b887650fc848082b25
Instruction ID: a3a8e6e994d8c43b050ffbd6f4c8276f790a786e09e517d7b54ed9070402c1eb
Opcode Fuzzy Hash: 50edab904a3bacebe51b604f48030bd7f3ad3181253a98b887650fc848082b25
Instruction Fuzzy Hash: 5B211F75E057589FEB19CF6BD8406DEFBF3AFCA200F18C1BAC448AA255D73405468B51

Uniqueness

Uniqueness Score: -1.00%

Function 01018960, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73cc5065eac28ef9c3d898a2901d08a71d41edc747ebad71a49d8b65137c5dc6
Instruction ID: e26d551b1318eb91311a6b30f7acff4676683b9f3cf551510b0c73e37c18e40b
Opcode Fuzzy Hash: 73cc5065eac28ef9c3d898a2901d08a71d41edc747ebad71a49d8b65137c5dc6
Instruction Fuzzy Hash: BF111CB0D057458FDB19CFAA880019EBFF3AFC9604F18C5AEC454AB256D67906058F41

Uniqueness

Uniqueness Score: -1.00%

Function 01019F50, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37d2e0548203c980d2ac1a1764ed95fd854884df4b195501569e5b0ed9d73ca9
Instruction ID: 9187a8fae7bb9576be403f4f6d71d53fcb3f16952bb6b9433b4ba021987aea1d
Opcode Fuzzy Hash: 37d2e0548203c980d2ac1a1764ed95fd854884df4b195501569e5b0ed9d73ca9
Instruction Fuzzy Hash: AC11E8B0E05608DFDB58CFABC5401AEFBF7AFC8200F24C16AC418AB214DB345A058F40

Uniqueness

Uniqueness Score: -1.00%

Function 01019F40, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 910aa0327fdc294347c04c74772b3b7310cbe24ab388a0a9c35c22be2fa305bc
Instruction ID: c99b70285952908ee34f37ed1398fd662296067e7d3150af5b61220b38529edc
Opcode Fuzzy Hash: 910aa0327fdc294347c04c74772b3b7310cbe24ab388a0a9c35c22be2fa305bc
Instruction Fuzzy Hash: AA11D6B1E056499FDB59CFAB854029EFBF3AFC9200F14C16EC454AB259DB3846468F41

Uniqueness

Uniqueness Score: -1.00%

Function 01018980, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.294532643.0000000001010000.00000040.00000001.sdmp, Offset: 01010000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e209ff04ae79f74aaeaabcc5119e05d62febd8d3a409348237389d3ea66be5
Instruction ID: d87f7d86f3afa3c51645f352f863680e03f780e28bb6c82d685506c80ccf9d85
Opcode Fuzzy Hash: 12e209ff04ae79f74aaeaabcc5119e05d62febd8d3a409348237389d3ea66be5
Instruction Fuzzy Hash: 1111DBB1E056188BEB1CCFAB894019EFBF7BFC9300F14C57A8918AB215D73956058F81

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Request for Price Quotation.pdf.exe PID: 6748 Parent PID: 6496 Request for Price Quotation.pdf.exeCOMMON

Executed Functions

Function 013FAF07, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 013FAF87

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: d8b3b09ab26887cfc09c4fc350d3ba51934bf0c193ee64e612a67577cd2ab8b3
Instruction ID: b0c632b2882a578213460b62c1634bfc384cab052af56c21c0587c1a96fa520e
Opcode Fuzzy Hash: d8b3b09ab26887cfc09c4fc350d3ba51934bf0c193ee64e612a67577cd2ab8b3
Instruction Fuzzy Hash: 92219175509784AFDB138F25DC40B52BFB4EF06214F08859AEA858F563D2719908DB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FB089, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 013FB0F5

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: eb62b4c10e28045851e02a6a342c6939b16bcf282d5e164aba6575214abfc3b7
Instruction ID: 68c9698c650c56b82bc2bdd0f5389300e70fa78bdbe8d1d3beb3165d47fab93b
Opcode Fuzzy Hash: eb62b4c10e28045851e02a6a342c6939b16bcf282d5e164aba6575214abfc3b7
Instruction Fuzzy Hash: 93118171409384AFD7128F14DC45A52FFB4EF06314F0980DAEA848B163D275A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 013FAF3E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 013FAF87

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: ef617330afc14711994a39316ada486bfc16efb88b23a361d0d4b7ccfbc54665
Instruction ID: 4ef9ff9cd93904469e97a6aeae663a111f8a9c837c8411a20229c67777217013
Opcode Fuzzy Hash: ef617330afc14711994a39316ada486bfc16efb88b23a361d0d4b7ccfbc54665
Instruction Fuzzy Hash: DA115A755007049FDB21CF69DC84B66FFE8EF04224F08C5AEEE498B652D671E818DB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FB0BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 013FB0F5

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 57dcf0623a1ceec0b56e54a2e512bead3a8d8dfc5bd7eac776013c84599443e8
Instruction ID: 379adc6264d921185cba09ac714be02a74b35e21c0f14dd288031f53ecfce5de
Opcode Fuzzy Hash: 57dcf0623a1ceec0b56e54a2e512bead3a8d8dfc5bd7eac776013c84599443e8
Instruction Fuzzy Hash: 4D018B71400644DFDB21CF59D884B22FFA4EF08324F08C09EDE894B616C3B5A418CB62

Uniqueness

Uniqueness Score: -1.00%

Function 054E0006, Relevance: 4.0, Strings: 3, Instructions: 213COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 054E01F0
KDBM, xrefs: 054E0231
:@Dr, xrefs: 054E02E0

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID: :@Dr$:@Dr$KDBM
API String ID: 0-1736680475
Opcode ID: 69b264ee1d7c6ef3c41b397c4770bca99ce960936fe7a98e92e431c3fef7f4d4
Instruction ID: 42546417f4dc42420487dc003f289bd4882964316a16f3ef474df27e140e6753
Opcode Fuzzy Hash: 69b264ee1d7c6ef3c41b397c4770bca99ce960936fe7a98e92e431c3fef7f4d4
Instruction Fuzzy Hash: C991AE30605382CFC316EF7AE958A597FB5FF85304F00856DD1898A2A9DFB85846CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013FA8D9, Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 013FA989

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 2ec4c9098c4e04844722507cede374e089c8a72800b9bcfb8c0c0f00e9d93c9b
Instruction ID: 00b5510d5e1881f4e06de85aab6d985c283f1f7fd90f56ba160e039ef04d148f
Opcode Fuzzy Hash: 2ec4c9098c4e04844722507cede374e089c8a72800b9bcfb8c0c0f00e9d93c9b
Instruction Fuzzy Hash: 7D318472404744AFE7228B25DC84F67FFBCEF06710F08859BEA859B252D264A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013FA9D1, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FAA8C

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 96990ff469b704ea3fbb8bb11adf6b0cb0caaf943532aa95ae248dbc9d899c74
Instruction ID: 2a0d24354e45feefe7a7c668b2a22f5f9248258dd34e01c0b1fe96da9935cb50
Opcode Fuzzy Hash: 96990ff469b704ea3fbb8bb11adf6b0cb0caaf943532aa95ae248dbc9d899c74
Instruction Fuzzy Hash: CF319371105784AFEB22CB25CC44F52BFF8EF06314F18849AEA859B253D264E94DCB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FB21C, Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FB2B0

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 328c6d404b0c5051368a359963fcd248bc040b8b1a0909edb84430febac4b1c7
Instruction ID: 84313ba75fe7a1a0639edbd24aae4b50670b94c510562ea25e1ca27c228e3dce
Opcode Fuzzy Hash: 328c6d404b0c5051368a359963fcd248bc040b8b1a0909edb84430febac4b1c7
Instruction Fuzzy Hash: AD21B4B6509380AFE7128B25DC45F96BFB8EF47324F0884DBEA44DF193D2649909C761

Uniqueness

Uniqueness Score: -1.00%

Function 013FB309, Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 013FB3B6

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 6e8f17b069d785a1b9d49ad2a0b82d5511de3f23075aa1632857893d2ec98bd1
Instruction ID: 31a09e1afdea5b2b152d93d3db003951f1aff4a771acd8fd0b7c569d6c23d3ff
Opcode Fuzzy Hash: 6e8f17b069d785a1b9d49ad2a0b82d5511de3f23075aa1632857893d2ec98bd1
Instruction Fuzzy Hash: BD31937154D3C06FD7038B218C51B66BFB4EF87610F0980CBD984CF2A3D6246909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 013FB711, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FB7A2

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 741cb396e0c53fb0959799acce843bb6a445015cc967eb409dd8aa32a47025a8
Instruction ID: 6bf745cb0b4813e73756cae2b20a31102e1e136c2ca5810f2581d5521c9f22f8
Opcode Fuzzy Hash: 741cb396e0c53fb0959799acce843bb6a445015cc967eb409dd8aa32a47025a8
Instruction Fuzzy Hash: 2D2191B1505384AFE7128B25CC45F66FFA8EF46314F0884ABEA45DB252D264E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013FB808, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 013FB8AE

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: bb8d896a1f8f156cd4a47341528e9ca9db1d5c285628eb44a03a62c09f37ddcb
Instruction ID: 8c9d1864bd7bd025b19afb0d6c113cc92e0f3eecd1b404c5632cbca395d8d701
Opcode Fuzzy Hash: bb8d896a1f8f156cd4a47341528e9ca9db1d5c285628eb44a03a62c09f37ddcb
Instruction Fuzzy Hash: 0F21A0714093C06FD312CB65CC55F66BFB4EF87610F0984DBE9848B2A3D624A909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0F94, Relevance: 1.6, APIs: 1, Instructions: 81registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 05DC1034

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: ed187f93a005edaadaf8a2064dcc5426fbac70d716c4f3bb1d05b86000ce8248
Instruction ID: a65a9712adfef01374bcaa3e40e1d402f02980d0da03fa869468b6537b3dc6bd
Opcode Fuzzy Hash: ed187f93a005edaadaf8a2064dcc5426fbac70d716c4f3bb1d05b86000ce8248
Instruction Fuzzy Hash: 82219172109380AFD7228B65CC41FA3BFB8EF46710F0884DBEA859B252C265E449CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013FB570, Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 013FB60A

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c12ac282bcb9913a5e9494b26f91cdbd67f0d751e4eb182e60fa20a5daf66b76
Instruction ID: 37dd1d8ec4b40b44b0fa61012b9c7ab3ca087948a31560cc33fb8ce1bdaef683
Opcode Fuzzy Hash: c12ac282bcb9913a5e9494b26f91cdbd67f0d751e4eb182e60fa20a5daf66b76
Instruction Fuzzy Hash: C121F8754093C06FD3138B25CC51F62BFB4EF87A10F0981CBE9848B653D2256919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 05DC069C, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05DC0737

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: da9a0b25bffe9d859768e1e0fc9324d92d7975a22f34ef5cf228f3702aa77cab
Instruction ID: bfa3d6831ff8dd16a2da13ae9ab9e13f792ed4b25127a21a8adfed0b271c68e0
Opcode Fuzzy Hash: da9a0b25bffe9d859768e1e0fc9324d92d7975a22f34ef5cf228f3702aa77cab
Instruction Fuzzy Hash: E121B671045380AFE7228B25CC45FA6BFA8EF46720F1484DAE9855B192C2646949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0EB5, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 05DC0F4C

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b46d18de73b4c23fc7f7b5872e2e38a2fb38decb6f82ef90f4405c9b27cc9f72
Instruction ID: 21f7c7b86b0d0be47c688d514ad2fb3b85d5be3f4d9fcadafbe724eb4f070caf
Opcode Fuzzy Hash: b46d18de73b4c23fc7f7b5872e2e38a2fb38decb6f82ef90f4405c9b27cc9f72
Instruction Fuzzy Hash: B0219DB2508740AFE7218B15CC85F67BFB8EF06310F08859BEA859B252D364E949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013FA90A, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 013FA989

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: a1aeae8ddf31d735cf3177a985003595cad48f2c10a21fd234ff26d59f4e0df6
Instruction ID: cdd30e774d31c866785c17a286adddbf95500eead02042d76fae3bec97636d5d
Opcode Fuzzy Hash: a1aeae8ddf31d735cf3177a985003595cad48f2c10a21fd234ff26d59f4e0df6
Instruction Fuzzy Hash: 5721A172500608AFE7219B59DC44F6BFBECEF04710F14856BEE459B641D660E4098B71

Uniqueness

Uniqueness Score: -1.00%

Function 013FB636, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FB6B2

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 6b26b7e3d5c572310463f2159c38bc995109a24643fe9da6f97c92b825ed8fa6
Instruction ID: 0ec637798e44c0fd7843808ef9bc4acb67c255e0bf8203453fcfe87f71b74a7b
Opcode Fuzzy Hash: 6b26b7e3d5c572310463f2159c38bc995109a24643fe9da6f97c92b825ed8fa6
Instruction Fuzzy Hash: C621B072104380AFE7128F65DC44F57FFA8EF46320F0884ABEA449B252D264A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FACEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 013FAD6A

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 7098ec639f4541be5745f09ceab8fdd374a4c84094be7e4c102cbbc4b35693bc
Instruction ID: 5f060fc115f82cdc8f7c17eb996ccd12aa78851baa0c97b8568ceb9c505868c7
Opcode Fuzzy Hash: 7098ec639f4541be5745f09ceab8fdd374a4c84094be7e4c102cbbc4b35693bc
Instruction Fuzzy Hash: 182183755093805FD7128B69DC55B92BFF8EF46214F0984DAE985CF2A3D274D808C761

Uniqueness

Uniqueness Score: -1.00%

Function 013FAA12, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FAA8C

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 358cf7d72e81bb6d9cef929139ae02e42812990b8479fe4cced860531ae51f3f
Instruction ID: 57adc37d75dbe4a7dbab7c33ec2878dbb1d1e765b0cb79e19a91bfc0c28a9027
Opcode Fuzzy Hash: 358cf7d72e81bb6d9cef929139ae02e42812990b8479fe4cced860531ae51f3f
Instruction Fuzzy Hash: 36215C71600604AFFB21CF19CD84F67BBECEF04714F18846AEA499B751D664E90DCA71

Uniqueness

Uniqueness Score: -1.00%

Function 013FAFD4, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 013FB040

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: e5de0b51810490cd203d15a6e9858951da500b3659a20006805d9638bf7eaed9
Instruction ID: c15748fad5158cd29d6b55d1460008b2ee391942394fa023a6445914e1fc103c
Opcode Fuzzy Hash: e5de0b51810490cd203d15a6e9858951da500b3659a20006805d9638bf7eaed9
Instruction Fuzzy Hash: E521A1B25093C05FDB038B25DC54A92BFB4AF47224F0980DAED858F663D2659908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FB73E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FB7A2

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: e34225fc09b5a02eadfe1bcf0c33d31efcf196a61f7d5026c71d948d0086e1c0
Instruction ID: 35094e2c0df311c668ddf83811b1849d4ec2698109c05ac6a1dc853e782fe182
Opcode Fuzzy Hash: e34225fc09b5a02eadfe1bcf0c33d31efcf196a61f7d5026c71d948d0086e1c0
Instruction Fuzzy Hash: 4D11ACB1500204AFEB20CF29DC85F6BFBACEF45324F18846AEE05DB655D664E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013FAAFB, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E2C,?,?), ref: 013FAB7E

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: bbd4094677c92ab2c924a3301262c21c84b4442091c69d0fffdc625390970155
Instruction ID: 5ee48cc49fdabfbc7d499b2d201ca265106e3dd4e886091b63465b703d37e7e0
Opcode Fuzzy Hash: bbd4094677c92ab2c924a3301262c21c84b4442091c69d0fffdc625390970155
Instruction Fuzzy Hash: 9521A5715093806FD312CB25CC41F72BFB8EF86620F1981DAED848B653D225A915CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 05DC107C, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 05DC10E8

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 19a7199251c6874515d2f91a4e9d8a978b4f14885ea78f0e24f5ee09d1a581dc
Instruction ID: 3a76caf35b96ef0c2a5bb4031a7a4ce4c26223551e43d5cc6895c205e8737a3e
Opcode Fuzzy Hash: 19a7199251c6874515d2f91a4e9d8a978b4f14885ea78f0e24f5ee09d1a581dc
Instruction Fuzzy Hash: 6C218E715093C09FDB12CB25DC54B52BFA89F47224F0C84EBED858F253D275A948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013FAC3B, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 013FACA8

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 7a3d66008e51b483940a497746de1d178f43359bf754eedfc2592b8dd4fbeac8
Instruction ID: b58a93f215019ac54e25561655b8240b691e8d7d7298522be084b499feeed839
Opcode Fuzzy Hash: 7a3d66008e51b483940a497746de1d178f43359bf754eedfc2592b8dd4fbeac8
Instruction Fuzzy Hash: 31219D714093C09FDB128B25D891B92BFB4EF07220F0984EBDD858F163C264A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0DEC, Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 05DC0E5A

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 71343f8d8e3418e4bb7c6039c3d7877c1a0a0e2cc0cdc5a137e1d3e4d3ca5019
Instruction ID: e4881adc5552f82f6f01f144ea8259a884b81527ef2419125c309bc6563eb6c0
Opcode Fuzzy Hash: 71343f8d8e3418e4bb7c6039c3d7877c1a0a0e2cc0cdc5a137e1d3e4d3ca5019
Instruction Fuzzy Hash: 0E218E72509381AFD721CF65DC85B96BFE8EF46220F0884ABE945DB252D264E848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0EDA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 05DC0F4C

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d00113091daac117e73552737a8a77c3dca504c7741f4d52f093e564f6b9373f
Instruction ID: 800fba0c65145b5454b2e7f5174d88d534a7d30e6ba47dee348deae0f9c109aa
Opcode Fuzzy Hash: d00113091daac117e73552737a8a77c3dca504c7741f4d52f093e564f6b9373f
Instruction Fuzzy Hash: 3311AC72500600EEEB208E15CC85F6BBFA8EF05720F04859BEE459B241D660E5498B71

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0FC2, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 05DC1034

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 5572d18914b7673dbde5bc322b1c842d024ca05f0c90d03729a935cb7fbe439e
Instruction ID: cf70359ba4057e7ff9e53b329458a2f580bf0bb86bffa99dc95f1c403762f85a
Opcode Fuzzy Hash: 5572d18914b7673dbde5bc322b1c842d024ca05f0c90d03729a935cb7fbe439e
Instruction Fuzzy Hash: A211AC71500640AEEB20CF55CC81FA7FFA8EF04710F1484ABEE459B252D6A4E448DAB1

Uniqueness

Uniqueness Score: -1.00%

Function 013FB656, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FB6B2

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: b77fdc6fabf6f4137d00ca32f4393318555b99aacfb731c4b89134b609bb6e6d
Instruction ID: 7928a64f5d7ebf7778b71519b7dfd2fa626bb4d894525db364a7d311283acde5
Opcode Fuzzy Hash: b77fdc6fabf6f4137d00ca32f4393318555b99aacfb731c4b89134b609bb6e6d
Instruction Fuzzy Hash: F911BFB1500204AFEB21CF69DC85F6BFFA8EF45324F14846BEE459B651D6B4A808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0D30, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 05DC0D97

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: e6d46ebdda5c7a1bd99e3475c7a02a7d22794f5c81edb10954b3b30f160539a7
Instruction ID: b01cc49c99871826a1a7812350be7518679c8e6e651742bed51345a951d3e70b
Opcode Fuzzy Hash: e6d46ebdda5c7a1bd99e3475c7a02a7d22794f5c81edb10954b3b30f160539a7
Instruction Fuzzy Hash: 25117F755083859FD711CF29DC88B56BFE8EF46220F0884EEED45DB652D274E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FA78B, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FA7F6

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ba51ddceff80fe22447e6c093387166c98e4c0b18727b2d2662a76c10db37782
Instruction ID: d76e4177c7fca681165533ec4add97ecf21a6c200e7fc54cb8c0f6e4f1093978
Opcode Fuzzy Hash: ba51ddceff80fe22447e6c093387166c98e4c0b18727b2d2662a76c10db37782
Instruction Fuzzy Hash: 0411B471409380AFDB228F54DC44A62FFF4EF4A210F0884DEEE898B163D275A819DB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FB25A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,DA94CEF4,00000000,00000000,00000000,00000000), ref: 013FB2B0

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2fe7941c8f943b68429eb87c864ed1831d2d26cd1fdc47fd13464f6de3089424
Instruction ID: f76400f65c1ff037d8856b4d7fac9d9f813c7aa0458f80ecd1e7c5df76a61723
Opcode Fuzzy Hash: 2fe7941c8f943b68429eb87c864ed1831d2d26cd1fdc47fd13464f6de3089424
Instruction Fuzzy Hash: FB11A3B5500204BFEB11CF29DC85B6BFBACEF45324F14846BEE05DB645D6B4A8058BB1

Uniqueness

Uniqueness Score: -1.00%

Function 013FA836, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 013FA8A8

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 720de8eac6761a076afd2382286716077c851f25ab60d5a5e3443e802bd367c6
Instruction ID: 4e3cfe21501f161aa8d4453f8b4ccf5b6b6728bece26eafdd99c9b3d751a9c91
Opcode Fuzzy Hash: 720de8eac6761a076afd2382286716077c851f25ab60d5a5e3443e802bd367c6
Instruction Fuzzy Hash: 511189714093C4AFD7138B25CC94A62BFB4DF03224F0980DAED849B263D2A55909DB72

Uniqueness

Uniqueness Score: -1.00%

Function 05DC06CE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05DC0737

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3b27562a0253e4a6181a1bd7473a8d391f7585863acdd96b1f59595ff24ceb73
Instruction ID: c245737320095460bb0246638b2110f0d7eb884317d461cd5686b029c6d45f45
Opcode Fuzzy Hash: 3b27562a0253e4a6181a1bd7473a8d391f7585863acdd96b1f59595ff24ceb73
Instruction Fuzzy Hash: FF110271100200EFE720DB14CC89F6AFF98DF05720F24809BEE455B281C6B4A508CE61

Uniqueness

Uniqueness Score: -1.00%

Function 013FAD22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 013FAD6A

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 63312a8ac40eee10788fa6dcf6c8e1ff2dfe34b87ada4df323b2c1bb3cc9a06e
Instruction ID: 1d5a6e07e07a7a70fdf43c47de27d9ab6a0a38876f2cd52fc4c19adf57164200
Opcode Fuzzy Hash: 63312a8ac40eee10788fa6dcf6c8e1ff2dfe34b87ada4df323b2c1bb3cc9a06e
Instruction Fuzzy Hash: 7C1182716002049FE760DF29D844756FFE8EF44225F08C46EEE49CB652D674D404CA61

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0E12, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 05DC0E5A

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: a028ce3ef59fe2be26083a12b788751e6bbd801c32f3f8c7b226cbf02de7fa19
Instruction ID: a7419cc45b0a09557a4f3d3170ed01f2b78c2f50b54ee5f70b72a77eba2ad894
Opcode Fuzzy Hash: a028ce3ef59fe2be26083a12b788751e6bbd801c32f3f8c7b226cbf02de7fa19
Instruction Fuzzy Hash: AB113C71644201DFDB20DF69D889B6AFFE8EB45620F0884ABDD49DB641D674E808CA61

Uniqueness

Uniqueness Score: -1.00%

Function 05DC0D52, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 05DC0D97

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 03053afe330039933ec20d51c6634b6358c648b1ef1a574bc9580e599de57e87
Instruction ID: 18ca1394964a644e742fab5025041c3cdee742737a2f466625dd356987814733
Opcode Fuzzy Hash: 03053afe330039933ec20d51c6634b6358c648b1ef1a574bc9580e599de57e87
Instruction Fuzzy Hash: 72113C75604245DFDB10CF29D888B6ABFD8EB44620F1884ABDD49DB752D674E804CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 013FB366, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 013FB3B6

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: acc4a5ad5bce4b1f53d9ddcedb667076f6b2cbbae00428bb26aed7085f195768
Instruction ID: 6903c031ea8a4bd8c55e5262d6c7ca94253babd06f437bcb4226eec66dfc5b5e
Opcode Fuzzy Hash: acc4a5ad5bce4b1f53d9ddcedb667076f6b2cbbae00428bb26aed7085f195768
Instruction Fuzzy Hash: 1E015E72500600ABD610DF16DC85B26FBA8EB88A20F14856AED089B741E771B915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 013FB85E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 013FB8AE

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 1721a951a79b268d5848871e09ffde7ebb2f635916a77f96dc1e9c093cd1c3db
Instruction ID: ee03bd28423b308f4f0973f3712c78ef46a89a44b276d1a228f9e31ab939bf39
Opcode Fuzzy Hash: 1721a951a79b268d5848871e09ffde7ebb2f635916a77f96dc1e9c093cd1c3db
Instruction Fuzzy Hash: 30017172500600AFD710DF16DC85F36FBA8EBC8B20F14856AED089B741E771B915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 05DC10AE, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 05DC10E8

Memory Dump Source

Source File: 00000012.00000002.476430652.0000000005DC0000.00000040.00000001.sdmp, Offset: 05DC0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 0c81ac528a408957711dccd6f2e67b0e658d5efd7b86aa8369d34bd51ea47e5f
Instruction ID: 20eda915424d6f8c6be1fe0a8ec8517148df4ca2800dc6caccb8e292e8834125
Opcode Fuzzy Hash: 0c81ac528a408957711dccd6f2e67b0e658d5efd7b86aa8369d34bd51ea47e5f
Instruction Fuzzy Hash: 76019E71A002419FDB10CF6AD885766FFD8EF40220F18C4AFDD49CB642D6B8E848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013FA7B2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FA7F6

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a5a998bdbf51f98780734b97745a84c95810769ae5999cce84e98fc3027d7d3d
Instruction ID: 23e8e4ead6bdd6b3f3cf1405a0b139e87821a81f319409015956d2f2aa3fc9ff
Opcode Fuzzy Hash: a5a998bdbf51f98780734b97745a84c95810769ae5999cce84e98fc3027d7d3d
Instruction Fuzzy Hash: C8016D31400604EFDB218F55D844B66FFE4EF48324F08C9AEDE494B612D3B5A419DF61

Uniqueness

Uniqueness Score: -1.00%

Function 013FB5BA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 013FB60A

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6b05a3b57db87c53ecf787982d7acb356d254be342a7ad658345dccd12d696d2
Instruction ID: 59a7cd1eddf975e2a0a39bee0aad1d3f64d8aad37023e9f8a3a79391962a334d
Opcode Fuzzy Hash: 6b05a3b57db87c53ecf787982d7acb356d254be342a7ad658345dccd12d696d2
Instruction Fuzzy Hash: A8014B76500604ABD210DF16DC86F26FBA8EB88B20F14815AED085BB41E771B916CAA6

Uniqueness

Uniqueness Score: -1.00%

Function 013FAB2E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E2C,?,?), ref: 013FAB7E

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: db006c3ca88f3d0f156f342d1ea1a5ebd5da177a943bfc9396c7eaee9b541f9c
Instruction ID: 49c026a0b3e64091025e692f71717e95f89f9a4c1e66cbb40163445f4e04e76b
Opcode Fuzzy Hash: db006c3ca88f3d0f156f342d1ea1a5ebd5da177a943bfc9396c7eaee9b541f9c
Instruction Fuzzy Hash: 39014B76500600ABD250DF16DC86F26FBA8FB88B20F14815AED085BB41E771B916CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 013FB00E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 013FB040

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a44e44e5988bc9a45a11372148a756eb457b129d6def554b219cf3faeb95a80b
Instruction ID: 024221d10bc53a7b8b4da7a190406a4af40396d7ed9da4134dac16787cd6d51a
Opcode Fuzzy Hash: a44e44e5988bc9a45a11372148a756eb457b129d6def554b219cf3faeb95a80b
Instruction Fuzzy Hash: 9C01DFB1500605DFDB10CF29D884756FFA4EF40224F18C0ABDE498BA16C7B5E808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 013FAC76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 013FACA8

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c7155df3d1c8cdcf592c4dc9010ac97257421c8ce79c1caf79a9ec2efe7d3161
Instruction ID: e12d4d44d230292b89667771d907dce13ff7c8423ae3bd9c4dabdddfcaa7d168
Opcode Fuzzy Hash: c7155df3d1c8cdcf592c4dc9010ac97257421c8ce79c1caf79a9ec2efe7d3161
Instruction Fuzzy Hash: CB018B719002449FDB10CF29D884766FFA8EF44724F18C4AFDE09CB652D6B9A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013FA876, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 013FA8A8

Memory Dump Source

Source File: 00000012.00000002.470981647.00000000013FA000.00000040.00000001.sdmp, Offset: 013FA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3899c6eca026c3aaf4a491172ad9603cde5d224036ba83499254a20cbf3bba67
Instruction ID: 094616d6be9ac27238e7ef50379b6f87e960b483ecb839cf9826cad1bdd830ff
Opcode Fuzzy Hash: 3899c6eca026c3aaf4a491172ad9603cde5d224036ba83499254a20cbf3bba67
Instruction Fuzzy Hash: 0BF08C35800644DFDB208F19D884762FFA4EF04224F18C09ADE495B712D3B5A809DA62

Uniqueness

Uniqueness Score: -1.00%

Function 054E0A98, Relevance: .9, Instructions: 912COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01978a05b595a66336f70f992166702739e49e11ed230b60bbfc7a6cbea798ba
Instruction ID: a5da391593a7f324c682227fc0dcae2450072121ab5a1ea469a82421ca51eb20
Opcode Fuzzy Hash: 01978a05b595a66336f70f992166702739e49e11ed230b60bbfc7a6cbea798ba
Instruction Fuzzy Hash: 53620530B053818FD71A9BB9D8186BE3BA2EF82301F1584ABD405DB7A6DB79CC46C751

Uniqueness

Uniqueness Score: -1.00%

Function 054E1EA0, Relevance: .5, Instructions: 507COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea669f1fcb2872749a0759cbcaafa9b597d36423fa15de02e6f5cd6729f6eed5
Instruction ID: 7fd4bdac40e8c2d214a2e35f9b347d9f1e3746e5b88fda876523947ad890476c
Opcode Fuzzy Hash: ea669f1fcb2872749a0759cbcaafa9b597d36423fa15de02e6f5cd6729f6eed5
Instruction Fuzzy Hash: 2602D130B083458FD7159B799854ABA7BE6EF82301F2580EBD109DB3A2DBB9CC42C751

Uniqueness

Uniqueness Score: -1.00%

Function 054E112A, Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac9571a08594a3fa2085c3491e06ea224ed8e35466dcd184bd0fc83d6b1303a
Instruction ID: 93dbf35422be894189d6555d0574f60794ef3c7c00136558ea984550b98f31ab
Opcode Fuzzy Hash: 3ac9571a08594a3fa2085c3491e06ea224ed8e35466dcd184bd0fc83d6b1303a
Instruction Fuzzy Hash: A391D334B042408FDB2DABB9E46436E7AA3BBC5201F14496ED047AB7E4DF798C41C795

Uniqueness

Uniqueness Score: -1.00%

Function 054E1169, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733bb3f07aa9537452dda3ce1a94a537bf3799d3a21ecf549d0100f739802287
Instruction ID: 088fb2c43ab5766d89f694f0d1e8e88b58994af65e94a33700cd465a5451a5f5
Opcode Fuzzy Hash: 733bb3f07aa9537452dda3ce1a94a537bf3799d3a21ecf549d0100f739802287
Instruction Fuzzy Hash: CA81C130B042408FDB2DABB9D46436E7AA3BBC1201F14496ED047AB7A4DF798C45C796

Uniqueness

Uniqueness Score: -1.00%

Function 054E18D1, Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df4580bb36c420f6aa41175ba755b58ea2f16eedbefae77613b713c1f40efeff
Instruction ID: 932e739561bd10a99c4a04cc2a60120e04c994a900ea2f68a3f3994b9a359d2c
Opcode Fuzzy Hash: df4580bb36c420f6aa41175ba755b58ea2f16eedbefae77613b713c1f40efeff
Instruction Fuzzy Hash: F861B030B443858FD7169B78D4196BA3BF2AF86321F1540EBD405DB3A2EBB98C46C751

Uniqueness

Uniqueness Score: -1.00%

Function 054E0558, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b049d4381e25ad919097463b13edb20c77aa72ace4730da4655c491948d6b2a1
Instruction ID: be0ae2c3f2015623967f9b21d8a5198bb02c008694d90a6ecd0caccf860e1b01
Opcode Fuzzy Hash: b049d4381e25ad919097463b13edb20c77aa72ace4730da4655c491948d6b2a1
Instruction Fuzzy Hash: 0151D530B497868FC356C7399858ABA7BF2AF9331171580EBD049CB2A2D7A9CC46C711

Uniqueness

Uniqueness Score: -1.00%

Function 054E15D8, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4c11359f76c4aadaa909cd2c498712cab0e5e8d17fdd4817f04ec4f1bbb00f
Instruction ID: 678a4247325395e5e8ea685e5f21085128b3660e92e96b1548e094069b9cfad4
Opcode Fuzzy Hash: 4d4c11359f76c4aadaa909cd2c498712cab0e5e8d17fdd4817f04ec4f1bbb00f
Instruction Fuzzy Hash: EC41B632B442058FCB219FB9D9586EEBBF6EB85321F14047BD509D7350D6358C41C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 054E1750, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06e83eb539534f2928c86b7f1e704a8ef06c32381916cd4e0acc96e7cbff2804
Instruction ID: 62fc443e814c9ec356a0ce22d1598daf51a0db3052203d81d92d6210dc92dc65
Opcode Fuzzy Hash: 06e83eb539534f2928c86b7f1e704a8ef06c32381916cd4e0acc96e7cbff2804
Instruction Fuzzy Hash: 9E315070F402089BDB54EFB5D858BAE7AF6BFC8700F108829E506EB294EE349841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 054E1760, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a50ac5cedac101a4476643aedf88b5aa969458199482059f1df0e5fcbaf3a6c2
Instruction ID: deb82f6cc9111c60663e13986352088ca4ff249dc9fa19e746e2e783813c084a
Opcode Fuzzy Hash: a50ac5cedac101a4476643aedf88b5aa969458199482059f1df0e5fcbaf3a6c2
Instruction Fuzzy Hash: 08314474F002089BDB54EBB5D958BAF7AF6BFC8600F104829E506EB394EE349C00CB50

Uniqueness

Uniqueness Score: -1.00%

Function 054E1A20, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f78d7d0e4b6a361f2ca55bade9667af33c624f576f142421a075befd4a114e54
Instruction ID: e7a5b3bf8e413b6dafe29e8ae5151514fadf3e4097ee241b8bd4a1c4ad78c7cb
Opcode Fuzzy Hash: f78d7d0e4b6a361f2ca55bade9667af33c624f576f142421a075befd4a114e54
Instruction Fuzzy Hash: 3F213170A10215CFCB24EB78C0296BE7AF6AF4C212F15147AE402EB350EF759C42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01490724, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.471498209.0000000001490000.00000040.00000040.sdmp, Offset: 01490000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac868af5485d5769ca35c02ebecd8652f093b2c034162207c657e7b4e14b5093
Instruction ID: 93a4bdd525083cf2a98c7b1566822fe244ae0f691b8225cf05b1846860c43892
Opcode Fuzzy Hash: ac868af5485d5769ca35c02ebecd8652f093b2c034162207c657e7b4e14b5093
Instruction Fuzzy Hash: 29215C3560D3C49FD703CB20D850755BFB1AB46714F1985EFD8849B6A3C73A980ADB52

Uniqueness

Uniqueness Score: -1.00%

Function 05DD300E, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.476452647.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7ff8b166f173637b28522d75640e9cd14f2c43594d806714734e3dda5cb7ea
Instruction ID: a473ec476c5ca17010e91610d4bad2f540d50db905adfa09452d952ce1023635
Opcode Fuzzy Hash: ab7ff8b166f173637b28522d75640e9cd14f2c43594d806714734e3dda5cb7ea
Instruction Fuzzy Hash: 5821B4B5608341AFD340CF19D880A5BFBE4EB89664F14896EF99897311D375E9088BA2

Uniqueness

Uniqueness Score: -1.00%

Function 05DD3A80, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.476452647.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a0799847481df7b1bc3a1529db3dc1e44ec78c81e4400d50235e69f8c452a95
Instruction ID: 69b7d5c209f78a1abddf60435a2dc7029674854de815a69de9adec35081f030a
Opcode Fuzzy Hash: 6a0799847481df7b1bc3a1529db3dc1e44ec78c81e4400d50235e69f8c452a95
Instruction Fuzzy Hash: 1011BAB5608301AFD340CF19D880A5BFBE4FB88664F14896EF998D7311D371EA148FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0149075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.471498209.0000000001490000.00000040.00000040.sdmp, Offset: 01490000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c6fccba74f3e9bab8f1f109e69271b8453c43963d02dab13ac7fd72b7d18a1
Instruction ID: 191106c08595cdf9da7645fcb9b0d93597d3eef050ee251b23ac3be350e6393c
Opcode Fuzzy Hash: d7c6fccba74f3e9bab8f1f109e69271b8453c43963d02dab13ac7fd72b7d18a1
Instruction Fuzzy Hash: 6311A235204244EFDB15CB24C984B2ABFA9AB88718F24C59EF9491B763C777D843CE51

Uniqueness

Uniqueness Score: -1.00%

Function 054E1525, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.474360653.00000000054E0000.00000040.00000001.sdmp, Offset: 054E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c7e8f87276fa146bd2124885695f3b1c974ad34ab837485618a3c8aee16923
Instruction ID: 993fcf84f7c815683a0ca90d5387206b4dbb7a679e9a029ab5f6b154b8f8fd53
Opcode Fuzzy Hash: 80c7e8f87276fa146bd2124885695f3b1c974ad34ab837485618a3c8aee16923
Instruction Fuzzy Hash: 82118F71E40255CFCF24EFB488441EDB7F1EB85212B2444BAC94AFB211D6399942CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 014905D3, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.471498209.0000000001490000.00000040.00000040.sdmp, Offset: 01490000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 014101d6cb187f39b7a94ea66bf6800705dba9a7b1e2efa1012a62c586d16956
Instruction ID: 8b837c489195877c9c0e28b974f1d8e4d2d0478347616be0ed7375fa5a9fe17b
Opcode Fuzzy Hash: 014101d6cb187f39b7a94ea66bf6800705dba9a7b1e2efa1012a62c586d16956
Instruction Fuzzy Hash: 7101A9B65097806FD7128F16EC41863FFF8EF86620749C09FED498B612D265A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 01490818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.471498209.0000000001490000.00000040.00000040.sdmp, Offset: 01490000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 83cdb9ccef4f5040b39560ff7711b01d59c037714bd2c7fa95da92995c16f999
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: C0F01D35204644DFC706CF44D940B16FBA6EB89718F24C6ADE9490B762C337D813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 014905F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.471498209.0000000001490000.00000040.00000040.sdmp, Offset: 01490000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4bea29d20c3395bf9b51c3d0c764cb942b3ce8adc6f4c5560946bdbe94a163
Instruction ID: a074735b948f0eea0f8126398694351d410bec96f9da140bde5916816745a814
Opcode Fuzzy Hash: 0a4bea29d20c3395bf9b51c3d0c764cb942b3ce8adc6f4c5560946bdbe94a163
Instruction Fuzzy Hash: 4CE092766006009FD650CF0BEC41452F7E8EB88630B18C07FDD0D8B700E675B909CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 05DD3AEB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.476452647.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8384ae1f82c0d2fbf44df2276f7a483563ce82eb388a57cb31c5bebcce1664a2
Instruction ID: b25f25b594a4c16201d3639c8ce87d072e7bca1df3e8187fc868c901fec21c8f
Opcode Fuzzy Hash: 8384ae1f82c0d2fbf44df2276f7a483563ce82eb388a57cb31c5bebcce1664a2
Instruction Fuzzy Hash: CBE0D8B25403006BD2108E06DC45B53FB98EB84A30F14C567EE082B701D1B1B9188AE5

Uniqueness

Uniqueness Score: -1.00%

Function 05DD3083, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.476452647.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a057040239996824dff59578b8ae5582655ff0165fc91e7fff48894c9b815869
Instruction ID: 946b1c2dd2cc118b3370388535f1f64623a6046283123d09cd8890bf5d2064c2
Opcode Fuzzy Hash: a057040239996824dff59578b8ae5582655ff0165fc91e7fff48894c9b815869
Instruction Fuzzy Hash: AAE0D8725003006BD2108F06DC45B53FB98DB80A30F14C557EE082F702D1B1B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 013F23F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.470942883.00000000013F2000.00000040.00000001.sdmp, Offset: 013F2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbb527852a041cd3801330e6e83cb004b3eef087d668688869d384bf68475de
Instruction ID: 2dbfa26dde6c5158c9dcce4ce12aba27579794716ceae4634289a70ea6b9b51b
Opcode Fuzzy Hash: 6cbb527852a041cd3801330e6e83cb004b3eef087d668688869d384bf68475de
Instruction Fuzzy Hash: 13D05E79215A818FE3278A1CC1A8B963FA4AB51B08F4644FEE9008B663C3A8D981D210

Uniqueness

Uniqueness Score: -1.00%

Function 013F23BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.470942883.00000000013F2000.00000040.00000001.sdmp, Offset: 013F2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ed32cae8ce899c7c9505e41ae04fcb01835bc96909dffb32d6ff5752d761f7
Instruction ID: 0f25d491dcf0822a3857ef97055b95e357a73f6d526103f4aacab7e49cc24822
Opcode Fuzzy Hash: 14ed32cae8ce899c7c9505e41ae04fcb01835bc96909dffb32d6ff5752d761f7
Instruction Fuzzy Hash: 1AD05E742006818BD715DB0CC594F5A3BD4EB41B04F0644EDAE008B662C3A8D881C600

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: pGKuRU.exe PID: 6744 Parent PID: 3388 pGKuRU.exeCOMMON

Executed Functions

Function 033220A9, Relevance: 6.5, Strings: 5, Instructions: 204COMMON

Download Yara Rule

Strings

8}ir, xrefs: 033220FB
Invoke, xrefs: 03322305
EntryPoint, xrefs: 03322232
Load, xrefs: 033221A6
X1kr, xrefs: 03322281

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
API String ID: 0-2582972406
Opcode ID: 258528002ad60e80fd168201b084d869c8a497310a38df262b7d53599e683335
Instruction ID: 1ab8d1e7140911b3a8c19b832de6c2629a6592f108d772b63295b403be65a515
Opcode Fuzzy Hash: 258528002ad60e80fd168201b084d869c8a497310a38df262b7d53599e683335
Instruction Fuzzy Hash: ED91A374E002189FDB54DFA9C884A9EFBF2BF88310F24C16AD509AB355DB71A945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033220B8, Relevance: 6.4, Strings: 5, Instructions: 199COMMON

Download Yara Rule

Strings

8}ir, xrefs: 033220FB
Invoke, xrefs: 03322305
EntryPoint, xrefs: 03322232
Load, xrefs: 033221A6
X1kr, xrefs: 03322281

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
API String ID: 0-2582972406
Opcode ID: 9e4d873911b0dae435a0d6f0f84c6add4c787c37aeff0e9874ce01eb29a587fd
Instruction ID: e5e43b3d6321f8b329047eaa152b2e823d94d581eca7bdd1ac97bf9194716dbe
Opcode Fuzzy Hash: 9e4d873911b0dae435a0d6f0f84c6add4c787c37aeff0e9874ce01eb29a587fd
Instruction Fuzzy Hash: CB919374E002189FDB54DFA9C884A9EFBF2BF88310F24C16AD509AB355DB71A945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03320170, Relevance: 2.7, Strings: 1, Instructions: 1455COMMON

Download Yara Rule

Strings

"Uq, xrefs: 03321142

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: "Uq
API String ID: 0-3550767893
Opcode ID: aab8863317b7ded18d913b71f567b4a12a2c4bc56b30e872804c634a710cae59
Instruction ID: a84487a5fba9e182c232cb8bc3eed0af7b5d3391f45b0e5862f689d4fee008e7
Opcode Fuzzy Hash: aab8863317b7ded18d913b71f567b4a12a2c4bc56b30e872804c634a710cae59
Instruction Fuzzy Hash: 63E2C234A01219CFDB64DB28C894BE9B7B2FF8A311F5141E9D549AB361CB31AE95CF40

Uniqueness

Uniqueness Score: -1.00%

Function 03320180, Relevance: 2.7, Strings: 1, Instructions: 1451COMMON

Download Yara Rule

Strings

"Uq, xrefs: 03321142

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: "Uq
API String ID: 0-3550767893
Opcode ID: d567944afee30b968d499ce0756782cae2d00990c544a47b42a0879d99ea02be
Instruction ID: 103bffd2e90e2f729cf5658b7fddfccf61fa9b6e14faf682d5290e7d951eb4e7
Opcode Fuzzy Hash: d567944afee30b968d499ce0756782cae2d00990c544a47b42a0879d99ea02be
Instruction Fuzzy Hash: 62E2C234A01219CFDB64DB28C894BE9B7B2FF8A311F5141E9D549AB361CB31AE95CF40

Uniqueness

Uniqueness Score: -1.00%

Function 03322733, Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

X1kr, xrefs: 033227D7
X1kr, xrefs: 033227CC

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: X1kr$X1kr
API String ID: 0-2397868964
Opcode ID: 4aa44fe14c848d7c9a48497c2cd7ffabb946c670262884f80a9f3143549127d5
Instruction ID: ef5bd0c6f7ef1c953d6d1e14c5f9bfe719795d0fab8845628fc254d8659c092c
Opcode Fuzzy Hash: 4aa44fe14c848d7c9a48497c2cd7ffabb946c670262884f80a9f3143549127d5
Instruction Fuzzy Hash: A951D574E05259DFDB44CFA9C980AAEFBF2BF88300F24C566D814AB255D734AA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072524F3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 07252573

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 13ef344d2e126326aa328a95ae3161945cc5f9d9457413c15b0d2d5a33303e56
Instruction ID: 226a8bacf7dcc65ea3ba0ec9d3c7cde96eb9595de1686b7ded600741139c43e8
Opcode Fuzzy Hash: 13ef344d2e126326aa328a95ae3161945cc5f9d9457413c15b0d2d5a33303e56
Instruction Fuzzy Hash: A22191B6509785AFDB128F25DC40B52BFF4AF46310F0885DAED858B163D2719908DB61

Uniqueness

Uniqueness Score: -1.00%

Function 072527BC, Relevance: 1.6, APIs: 1, Instructions: 60nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0725282D

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 9806a834e506d0faf103fccc65bc41f88026764bfcf7a4a1c941ed5fc3e7d29a
Instruction ID: 0dcc387677021640e7ceed3d26c733d3c33fdc019e40b69c8cfb8cb6edd992d0
Opcode Fuzzy Hash: 9806a834e506d0faf103fccc65bc41f88026764bfcf7a4a1c941ed5fc3e7d29a
Instruction Fuzzy Hash: 77119A72409380AFDB228F25DC44A52FFB4EF06214F0984DEED844F263D275A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0725252A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 07252573

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 77b14c147cd751257e6df1a0dba15603e51a47f041608b6c74224ac81d586dc3
Instruction ID: 5614ede3acf3f781ff043afeace66de2d9ad39ea28e8bbdbd12b1709a8904b65
Opcode Fuzzy Hash: 77b14c147cd751257e6df1a0dba15603e51a47f041608b6c74224ac81d586dc3
Instruction Fuzzy Hash: 7E115EB2910605DFDB25CF55D844B66FFE4FF48320F0884AAED468B652D271E418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 072527F2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0725282D

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 9c294be699eac82e13e89962180b6c5ba28d38a2db345a669b39e8fbd242c90b
Instruction ID: fc0efe34fac687003a6e11a92d08d19571163d5a3a0918c3a1905d1b8eea5db3
Opcode Fuzzy Hash: 9c294be699eac82e13e89962180b6c5ba28d38a2db345a669b39e8fbd242c90b
Instruction Fuzzy Hash: 73018FB1910604DFDB208F55D888B22FFE4FF04320F18C09ADE494B252C2B5A418DF72

Uniqueness

Uniqueness Score: -1.00%

Function 07D519CD, Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

]_>, xrefs: 07D51983

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID: ]_>
API String ID: 0-3749938491
Opcode ID: ddc2a0bf0ff2d3e5a3f7d20db2ebc1ad4e8974988305734295bd4dd4a58e7499
Instruction ID: 7c6b10a842a01eb4a8f5622a8662d8301c2232afb8807302fd5eb962d04908e4
Opcode Fuzzy Hash: ddc2a0bf0ff2d3e5a3f7d20db2ebc1ad4e8974988305734295bd4dd4a58e7499
Instruction Fuzzy Hash: AB9104B4D6921DCFCF14CFA0C580AADFBB2FB4A350F10A51AD456AB204E7369946CF15

Uniqueness

Uniqueness Score: -1.00%

Function 0332E748, Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 0332E82C

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: 0b222e012244f3ee4f91394b82d32254e434806b02b462ada26795356aff3a3b
Instruction ID: c2689c985288520db9d977a911d667ed76f418902cc7fe8931ced0bc5e36812e
Opcode Fuzzy Hash: 0b222e012244f3ee4f91394b82d32254e434806b02b462ada26795356aff3a3b
Instruction Fuzzy Hash: 0B81F3B4D05219EFCB08DFA8D9855ADFFB2FF89311F20906AD405AB358DB345A41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0332B0E0, Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

r@>@, xrefs: 0332C1FF

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: r@>@
API String ID: 0-2817613862
Opcode ID: b2e470f5c38fd3b19333615862d2d98a8e200a9d24d55b5a1baa87e66d036cbb
Instruction ID: 3619d5405b5046ff43448ee63ad1337eb9190b6018108e00229d2bdef8bfa9b7
Opcode Fuzzy Hash: b2e470f5c38fd3b19333615862d2d98a8e200a9d24d55b5a1baa87e66d036cbb
Instruction Fuzzy Hash: 84811474E452298FCBA4DF25D88879DBBB5BB89301F1094EAD10EA7254DB309E85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0332E758, Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 0332E82C

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: 0146c4b4423301c8f82ae289f284c090fc203d8a147ff7e91ca81324ce746679
Instruction ID: 1539820795b223a09bbde929e1487361c475c42da9ab0fe596de7e3fb4b96f23
Opcode Fuzzy Hash: 0146c4b4423301c8f82ae289f284c090fc203d8a147ff7e91ca81324ce746679
Instruction Fuzzy Hash: D381E2B4D05219EFCB08DFA8D9859ADFFB2FF89311F20906AD406AB358DB345A41DB50

Uniqueness

Uniqueness Score: -1.00%

Function 03325667, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60315536882d2def137c136a958d49d9e7f1885d4a9d782167bce3e6fbb49ac
Instruction ID: 3cec3d10c250f14089b7b7d5fdc708f02c9ebfdc6d43752e62424636839e0b9b
Opcode Fuzzy Hash: e60315536882d2def137c136a958d49d9e7f1885d4a9d782167bce3e6fbb49ac
Instruction Fuzzy Hash: 27D12774D0525ADFDB04CFA8C5848AEFFB1FF4A311B24A599D802AB255D730AB41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 033256B0, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49370a8cbd926cc7cffceb73933f5def9b23078c46d685ce44feb0a42922f9f9
Instruction ID: 806a9837b9ad7731becf4a10af95803f67f0d5c80ec6b1b72aedd87b12ec289e
Opcode Fuzzy Hash: 49370a8cbd926cc7cffceb73933f5def9b23078c46d685ce44feb0a42922f9f9
Instruction Fuzzy Hash: 33C12774D0521ADFDB08CFA8C5848AEFBB5FF4A311B24A559D402AB214D734EB81CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 033235D8, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a814666cede5e0cccd39ac40dbfc14036402afc41e3ad39102b1667e4f33c77
Instruction ID: 63b0154690968e4c4d5f3fe40901c325653ba556d203530f350fe0c79066f2f3
Opcode Fuzzy Hash: 9a814666cede5e0cccd39ac40dbfc14036402afc41e3ad39102b1667e4f33c77
Instruction Fuzzy Hash: 14A14575D04259DFCF05CFA9C8946AEBFB2FF8A300F2890AAD441AB254D738A901DF51

Uniqueness

Uniqueness Score: -1.00%

Function 03322421, Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1876788d91725af108f8769e9e1347310cdda5f9699a3577ff40d457530a3b
Instruction ID: 63fa72fb15d1b151fa5a0ca7ab030241c45616e47670fd4028d02935c6293054
Opcode Fuzzy Hash: 6e1876788d91725af108f8769e9e1347310cdda5f9699a3577ff40d457530a3b
Instruction Fuzzy Hash: 72911431D01229DFDB65CFA5C880BEEFBB2BF85304F5484A9D408AB261DB719A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 033283DC, Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ba91eae1c6855c8a7fd7dd7d5fccea8b32321c791b53d0675e5cc8cc286e4e
Instruction ID: ca329006de8da1e27029e2f68497c522f2fdce711c9371ed644e59b3dcac4a84
Opcode Fuzzy Hash: a5ba91eae1c6855c8a7fd7dd7d5fccea8b32321c791b53d0675e5cc8cc286e4e
Instruction Fuzzy Hash: DA91DAB1906294DFCB19CFB8D88465CBFB6FF0A311F1890A9D4058F25AE730AA81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 03323678, Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c398cf579ada226356f6199314625ef10d63e44cfe91458f11da699f77a25fd
Instruction ID: dc72b190224f4663bf58040c7b408d01deb7520cbc0a9c8c4ea22773b76f180f
Opcode Fuzzy Hash: 1c398cf579ada226356f6199314625ef10d63e44cfe91458f11da699f77a25fd
Instruction Fuzzy Hash: 7871C374E05219DFCB48CFA9C585AADFBB6FF89310F20806AD406BB354DB389A458F54

Uniqueness

Uniqueness Score: -1.00%

Function 07D50006, Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61a2f714f43bbbfb310aa954b0199f4345afa1fced8eb190d59026b43cbd73fd
Instruction ID: e3d7b20509f40da31e8d5a74de56882056f929b5efcf7dddccb25061541ffe46
Opcode Fuzzy Hash: 61a2f714f43bbbfb310aa954b0199f4345afa1fced8eb190d59026b43cbd73fd
Instruction Fuzzy Hash: D551ACB0D093598FDB65CF25CC507DABBF2AF8A310F0580EAC548EB292E6745A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03328426, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7693246e108de592bf8058bea08323131c7f29dc25a5f3a9894b12877675a0f
Instruction ID: f207f22cac049fa0ee1847a4bd31b0dcf497c1dda22702c5b10f4a713190e35d
Opcode Fuzzy Hash: b7693246e108de592bf8058bea08323131c7f29dc25a5f3a9894b12877675a0f
Instruction Fuzzy Hash: 0871AEB0906294DFCB18CFA8E98465CBFF5FF49321F1490AAD4059F259D734AA41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03323E78, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9969d1439865e145a360ff56137966d6aaf92161adf17c792c446a9319bc6a19
Instruction ID: e97d94852971a9acfc40953276f32c12dddf7ce7229a57f447428b30f272192f
Opcode Fuzzy Hash: 9969d1439865e145a360ff56137966d6aaf92161adf17c792c446a9319bc6a19
Instruction Fuzzy Hash: 0D5138B5D0521ADFCB08CFA6C5805AEFFB2EF89320F14D46AD415A7264C7389A45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07D50070, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bab0d74375482ebb1fcfa5e787b4f3af80742365f158fec84d2dba946ae90757
Instruction ID: d2232fa1e347ec2922637b7d7de53ecea4d13132bceaf16eb0bae1d15620b870
Opcode Fuzzy Hash: bab0d74375482ebb1fcfa5e787b4f3af80742365f158fec84d2dba946ae90757
Instruction Fuzzy Hash: CC511AB5E052298FDB68CF69D844BDEF7F6AB88310F1080FAD518A7254EB705A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033241D3, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0868bba539c20bb75eacccf3503c221d4ca80018ca6a0ee4e3b73b824493200c
Instruction ID: 86bc3386db6b3d34fae55c0736a908b8b88d3652387592db1cc0378a717f4b4e
Opcode Fuzzy Hash: 0868bba539c20bb75eacccf3503c221d4ca80018ca6a0ee4e3b73b824493200c
Instruction Fuzzy Hash: 85510874E0521A9FCB04CFAAC8809AEFBF5FF89310F1185AAD415AB755D734AA41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0332AE99, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6260de0c988c92ec9be2463a4fec2824bd055d351bc92a2efd685593229989a2
Instruction ID: 7aae41af6746f22e3af335af357c467f50d9a220b815d5f48ac2bdbd1f9da7e6
Opcode Fuzzy Hash: 6260de0c988c92ec9be2463a4fec2824bd055d351bc92a2efd685593229989a2
Instruction Fuzzy Hash: B14167B0D15219DFCB48CFA8D984ADDBBF5EF8A310F2094AAD405E7214DB349A41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 03327958, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbd93a9a2aa516b37347753d361d7b7b5a8f614f550e99125e3fffed4e0da6f3
Instruction ID: ff551a54ab3d14c2b3ac7ff853536334febf9a41631c1aa8dab4f7caafa9cfb1
Opcode Fuzzy Hash: cbd93a9a2aa516b37347753d361d7b7b5a8f614f550e99125e3fffed4e0da6f3
Instruction Fuzzy Hash: 7B412B74E112299FEB18CFABD880A9EFBB7BFC5210F04D1AAD408AA215D7345A45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0332AEA8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6232a4496584f0c814e7de8742549f0ee82f10d9413eedce04511072701e8f
Instruction ID: be45cac304f77c53802577eeb94a7f42a5d0a0831c807befecb9437d1cef89d6
Opcode Fuzzy Hash: ba6232a4496584f0c814e7de8742549f0ee82f10d9413eedce04511072701e8f
Instruction Fuzzy Hash: E6315AB0D15219DFCB48CFA9D9849DDFBF9EF4E310F10A42AD015F6214DB3499018B68

Uniqueness

Uniqueness Score: -1.00%

Function 03324823, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ebf29d3bcee87af3cfeb22cdc6a2c079181d8162f0e2a84377d88ee3d294d2
Instruction ID: e03d9a574ccbfda29728eefe4a0bc1433797bbf287f40f471ff848596fac92f1
Opcode Fuzzy Hash: 42ebf29d3bcee87af3cfeb22cdc6a2c079181d8162f0e2a84377d88ee3d294d2
Instruction Fuzzy Hash: EF310B71E012588FDB18CF6AD88469EBBB7AFC9311F14C0AAE409AB254DB355A45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 07D5036E, Relevance: 2.5, Strings: 2, Instructions: 31COMMON

Download Yara Rule

Strings

R^, xrefs: 07D503EF
R^, xrefs: 07D503E5

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID: R^$R^
API String ID: 0-3555706379
Opcode ID: 974b85b1097fc95c20aa95f2babbf1ccd9dc74f7884caf05bb33797864f7ef4b
Instruction ID: e57519693840154eef96e440613470869fd2ef6b35a9e182e5175b1516db7f7b
Opcode Fuzzy Hash: 974b85b1097fc95c20aa95f2babbf1ccd9dc74f7884caf05bb33797864f7ef4b
Instruction Fuzzy Hash: B00104B4C15329DFCF25CF30CA897EAFBB0AB49305F1095EA988966600E7354AC6DF00

Uniqueness

Uniqueness Score: -1.00%

Function 07D5055A, Relevance: 2.5, Strings: 2, Instructions: 23COMMON

Download Yara Rule

Strings

YL6z, xrefs: 07D505AE
YL6z, xrefs: 07D505B8

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID: YL6z$YL6z
API String ID: 0-3855105777
Opcode ID: 21f773e52e1bddc97dc0774a8793740f8f82aa950880ea4b0458437de4f3ac82
Instruction ID: bafa09e1f685b85c9336ac940783e077e4288f37503bc7e28ac939203c3e9539
Opcode Fuzzy Hash: 21f773e52e1bddc97dc0774a8793740f8f82aa950880ea4b0458437de4f3ac82
Instruction Fuzzy Hash: 7CF09DB4C05229DFDF258F60CA66BDCBAB1BB08300F2044D9966DA6245D7355BD5DF10

Uniqueness

Uniqueness Score: -1.00%

Function 07251A6E, Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 07251B7D

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: cb4745b77cf2362afe17cb7f2ec1705076befcceeba172ee3af9d7466adb5270
Instruction ID: 5b9797b274fddd635cf02c3acbb86b36d06f7948652ea03181631f94491ba84a
Opcode Fuzzy Hash: cb4745b77cf2362afe17cb7f2ec1705076befcceeba172ee3af9d7466adb5270
Instruction Fuzzy Hash: BF5149B140E3C55FE7138B658C64A92BFB8AF47214F0A44DBE8849F1A3D264A819D772

Uniqueness

Uniqueness Score: -1.00%

Function 07251EE3, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 07251F93

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 50d79feb77336f57acd3d161ed3ff5fe37aafd88bd251596a4ff4b8c6f19c552
Instruction ID: ce512a6b39e625aad43a67e4e066ef29d317e6c3dd0201f63f1313abf572b706
Opcode Fuzzy Hash: 50d79feb77336f57acd3d161ed3ff5fe37aafd88bd251596a4ff4b8c6f19c552
Instruction Fuzzy Hash: 7231C3B2404384AFEB128B65CC44F67BFACEF46310F04859BE985CB152D324A909DB71

Uniqueness

Uniqueness Score: -1.00%

Function 07251516, Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 072515C0

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 3029f85a7bb09e7f971d92bffff24450e333cd8203d7944df5de1ffd5a04c90d
Instruction ID: 532c474ec3323afe0c08ed78dfb3688c508eda3de20d4e9fdec8186477f4dacb
Opcode Fuzzy Hash: 3029f85a7bb09e7f971d92bffff24450e333cd8203d7944df5de1ffd5a04c90d
Instruction Fuzzy Hash: F631C471409385AFEB228F65DC55F97BFB8EF06310F0884DBE9849B152D234A908C761

Uniqueness

Uniqueness Score: -1.00%

Function 0172AC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0172ACD1

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 62fb823e4a005d8eac6697a242330cb82d571c678fc2cb395e700d0938afde89
Instruction ID: 0a0769f315a2d435d55be114ae1d41d3ab51171cae59b65158507bb5d482a79a
Opcode Fuzzy Hash: 62fb823e4a005d8eac6697a242330cb82d571c678fc2cb395e700d0938afde89
Instruction Fuzzy Hash: 7131A272504384AFE7228B25CC45F67FFACEF06710F0884ABED819B152D265A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0172AD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 0172ADD4

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 138816cfc6b5e177209e2b50ac3b7f460171f520cfb6ea95aec21e226955081c
Instruction ID: c6c13f835b58abd39c491e8a91f1d8aa479b6b31c88ee3d88505c9c28bb99721
Opcode Fuzzy Hash: 138816cfc6b5e177209e2b50ac3b7f460171f520cfb6ea95aec21e226955081c
Instruction Fuzzy Hash: FE319372509384AFE722CB65CC45F92FFF8EF06310F18849AE9859B253D264E549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 072507E2, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 07250889

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: f65e1f43caa4506325d273eb1be9109b3e96fe6982c6936dfdaf9f5b537ccc55
Instruction ID: e46c40564559d04a2d4476a5fbf0f99ab353061c6b281d16f03a6bf18d2978b5
Opcode Fuzzy Hash: f65e1f43caa4506325d273eb1be9109b3e96fe6982c6936dfdaf9f5b537ccc55
Instruction Fuzzy Hash: 033181B1509780AFE722CB65CC44F56FFE8EF06310F18849AE9859B292D375E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 072508E0, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 07250996

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c7fe3243b631b02d5b44848894c201b9b90e72ec273740b48a221e21a01dfe2e
Instruction ID: a5f39d9975ea48387cc09e0556c007423a6ebc5f6b818de50a74583afd88ac58
Opcode Fuzzy Hash: c7fe3243b631b02d5b44848894c201b9b90e72ec273740b48a221e21a01dfe2e
Instruction Fuzzy Hash: 1431D9B54097C05FD31387259C51B62BF78EF47710F0A81DBD8848B563D2256916C771

Uniqueness

Uniqueness Score: -1.00%

Function 07251847, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 072518E3

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 42f20683d3b3d09278b260bc64b2d9971f88a52ea0d99b9b754f9fa5df30c492
Instruction ID: 87f6045f4136f253d36a88aad965c4345009fa2a361a8f9863eff770dd662cae
Opcode Fuzzy Hash: 42f20683d3b3d09278b260bc64b2d9971f88a52ea0d99b9b754f9fa5df30c492
Instruction Fuzzy Hash: 7F21A2B2504344AFEB21CF65DC44F66FFB8EF45310F08849AED849B252D335A918CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0172B511, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 0172B5B6

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: 979fb84f43f960a307edb097443baa6bb596675045b9d367e536d7292a6a5af6
Instruction ID: 32763add509ea6fcecbe6d4f95ce42407416974565db7bbe6bba4a41f653356f
Opcode Fuzzy Hash: 979fb84f43f960a307edb097443baa6bb596675045b9d367e536d7292a6a5af6
Instruction Fuzzy Hash: B321947140D3C06FD3138B259C51B62BFB4EF87610F1985DBE9848B5A3D264A919CB72

Uniqueness

Uniqueness Score: -1.00%

Function 07251F16, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 07251F93

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d8c1e1fc78b755111d97fd58859778114fee9c3583cd63db85224591a7a7eefe
Instruction ID: 1f1fcd601df0658e36e9fb704b9a14cdf2647da69eb4c86c68db6cbc4826a2d2
Opcode Fuzzy Hash: d8c1e1fc78b755111d97fd58859778114fee9c3583cd63db85224591a7a7eefe
Instruction Fuzzy Hash: 8621CFB2500309AFEB219F65DC44F6BFBACEF04320F14896AEE459B251D774A4188B71

Uniqueness

Uniqueness Score: -1.00%

Function 07251BD4, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 07251C69

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: f824a0e451e0ab1e1d95ea185638ed020358acc07e03b94cef596392dcf9a82a
Instruction ID: 8ab81025811240b93a0a9e42db65957e46cb47636fbf60f402b2eb5de5388344
Opcode Fuzzy Hash: f824a0e451e0ab1e1d95ea185638ed020358acc07e03b94cef596392dcf9a82a
Instruction Fuzzy Hash: 8221F8B64093846FE7128B25DC41FA2BFA8DF47720F1884D7ED849B293D2646909C771

Uniqueness

Uniqueness Score: -1.00%

Function 0172A2AC, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0172A346

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 7af4bcdbfcd5fcc09c78e9818125b6e29fa7bafca4484677f4ae53c2125b7084
Instruction ID: a67da613ceb9aa1bf287bb92a2d65055258c7b394a2529e088f9207072c8740b
Opcode Fuzzy Hash: 7af4bcdbfcd5fcc09c78e9818125b6e29fa7bafca4484677f4ae53c2125b7084
Instruction Fuzzy Hash: 5321A47544D7C06FD3138B259C51B22BFB8EF87614F0981DBE884CB653D225A91AC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 07251AFE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 07251B7D

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dd11ae7addf0a2bb2acfe9a2934e5b4a8862da1adbc4f0519d01ffd5298fc0af
Instruction ID: f13b11625ff32b8d433f5954f43bc9fe70224a0a1695d4a2567d1e5708ab3d8a
Opcode Fuzzy Hash: dd11ae7addf0a2bb2acfe9a2934e5b4a8862da1adbc4f0519d01ffd5298fc0af
Instruction Fuzzy Hash: F6219CB5500204AFE721DF65C884F66FBE8EF08310F04886AED858B251E371E414CB71

Uniqueness

Uniqueness Score: -1.00%

Function 07251CA4, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 07251D35

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 1de9d7aff84619c8b42a27ecc9f384fdf65125b019a5f8ab49022915b0b2966f
Instruction ID: 4f47f333f6cd07e3baa04001cf284fc81d177dc17e3314003e1065e778844a2b
Opcode Fuzzy Hash: 1de9d7aff84619c8b42a27ecc9f384fdf65125b019a5f8ab49022915b0b2966f
Instruction Fuzzy Hash: C121B272409384AFD7228B65DC44F56BFB8EF46314F08849BE9449B153C235A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 07251FF1, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 07252078

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: e62e3827acb0d4ea6174ddd79aae44f38bb9defaa6d8b4c2720dba21da7a2e6f
Instruction ID: e16903ac783a61cd2491311fd59695b736f57454752ebb34426cf1a251fa4689
Opcode Fuzzy Hash: e62e3827acb0d4ea6174ddd79aae44f38bb9defaa6d8b4c2720dba21da7a2e6f
Instruction Fuzzy Hash: E82190B25093C19FDB128B25DC51A92BFB4EF56210F0984DADC858F2A3D635A948CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0172AC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0172ACD1

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9afc6de2e867b20b725b292d72bdb0da3108361d2ef6782003b61ff906967aa8
Instruction ID: 3171367976d8be9f3d7f2dbdcd33cb6df63879dd41553144678dc840094188b4
Opcode Fuzzy Hash: 9afc6de2e867b20b725b292d72bdb0da3108361d2ef6782003b61ff906967aa8
Instruction Fuzzy Hash: C521DE72500704AFE7219B69CC84F6BFBECEF04720F14846BEE419B641D660E8498BB1

Uniqueness

Uniqueness Score: -1.00%

Function 07252370, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 072523F2

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 598fd5bc5c5a7e13ac53873e57ba68f864a3207bdfe713336c87865fec2bb684
Instruction ID: b278e15a58fd13380ff8e0186f4f85c577f210c025e8d13c9dd03a44a787bc08
Opcode Fuzzy Hash: 598fd5bc5c5a7e13ac53873e57ba68f864a3207bdfe713336c87865fec2bb684
Instruction Fuzzy Hash: 0221B6B25093819FD712CB25DC45B92BFE4EF06210F0984EAED84CF153D234E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07250816, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 07250889

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c8e335a3576e33334c5baeb14475ee64dd49eba5c0db5d51e4eaae69403d8cf6
Instruction ID: 2a9b634ed4c90a0f4706d69d469eadcbd1249fe47d51bbeee95d659e22e35c12
Opcode Fuzzy Hash: c8e335a3576e33334c5baeb14475ee64dd49eba5c0db5d51e4eaae69403d8cf6
Instruction Fuzzy Hash: 88219FB1504205AFE720DF65CC89F66FBE8EF04720F1484AAED859B242D771E905CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 07251872, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 072518E3

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: d86f9633e71c7e039b5f2a5cc86c6111267d183fa27010a12afc9f92a8876c46
Instruction ID: be4e4627f3a04dd4d60e399a9f5b6b4d9e1afac91fbc84ecb3376ac1b861208d
Opcode Fuzzy Hash: d86f9633e71c7e039b5f2a5cc86c6111267d183fa27010a12afc9f92a8876c46
Instruction Fuzzy Hash: 2021AEB2500308AFFB20DF69DC44F6AFBACEF44710F14846AEE449B241D674A5198B76

Uniqueness

Uniqueness Score: -1.00%

Function 0172AD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 0172ADD4

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 35b5bd3ca845476b2c0ef0719eaa3764e40550df0e0a79c66f6c5b4bec5008ce
Instruction ID: f71fbc0b8dc8298e7fff69a8b1e69f224a8f21b49766663cbfa2aa22805c87f4
Opcode Fuzzy Hash: 35b5bd3ca845476b2c0ef0719eaa3764e40550df0e0a79c66f6c5b4bec5008ce
Instruction Fuzzy Hash: EE218E71500604AFE721CF29CC81FA7FBECEF04711F0884AAEE459B656D660E549CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 07251556, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 072515C0

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: a52baae67930b8fa7cea1e5413dba9869e84c9c54a9d0a6df244798883d98e2b
Instruction ID: af4355033e3ae3977ad78c60eae86c224ce6cbb3698d80daed32686fe0e9795e
Opcode Fuzzy Hash: a52baae67930b8fa7cea1e5413dba9869e84c9c54a9d0a6df244798883d98e2b
Instruction Fuzzy Hash: CB11C0B1500204AFEB21CF65DC44FABFBACEF45310F04856BEE459B251D674A5148B71

Uniqueness

Uniqueness Score: -1.00%

Function 072501E1, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 07250250

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 15217efe8a9ad0362dee9055eafc5f62f898711f929081007cf3adad1649c123
Instruction ID: 4e35c57da3700abf3af4ab67c51adb1fa7ed966ddb4a0571639f02fddf5584a3
Opcode Fuzzy Hash: 15217efe8a9ad0362dee9055eafc5f62f898711f929081007cf3adad1649c123
Instruction Fuzzy Hash: C421C2B14093859FD7128B25DC45B52BFA8EF42220F0981DBDD458F6A3D2789848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 072522B4, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07252334

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ba703a3182fc9ed39dd87e137ba6a90c96daae743d075a5757c6d94ac08c82a9
Instruction ID: 482cb7af875625c3b9d0a5bd8b7b82e009af4b605bd4e14b28f8326d4d26972f
Opcode Fuzzy Hash: ba703a3182fc9ed39dd87e137ba6a90c96daae743d075a5757c6d94ac08c82a9
Instruction Fuzzy Hash: EB21AFB6509781AFDB128B25DC85A96FFF4EF07210F0980DEDD858B163D235A948DB21

Uniqueness

Uniqueness Score: -1.00%

Function 072509BF, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 07250A4B

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: c6af3b2530781ebb6df86650dc32321825d92c876b7b988d6529ad04637a480c
Instruction ID: 5dd4fd00f47139078a25b99037bc97719033ab9bd88466bb8bb5b0cd564ce127
Opcode Fuzzy Hash: c6af3b2530781ebb6df86650dc32321825d92c876b7b988d6529ad04637a480c
Instruction Fuzzy Hash: 9021E771504384AFE721CB25CC85F66FFA8DF46720F18809AFE445B292C274A948C772

Uniqueness

Uniqueness Score: -1.00%

Function 0172B7C9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0172B845

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 885534da147a31ff9bbcfce2cd0c8f862fb27bebe0d8d9adcd8d597f5478883d
Instruction ID: 9bb35da373228863ec1acb0be2009cfc5abd29c286decfc4b0b8c541cb7c4d52
Opcode Fuzzy Hash: 885534da147a31ff9bbcfce2cd0c8f862fb27bebe0d8d9adcd8d597f5478883d
Instruction Fuzzy Hash: 5F21C075409380AFE7228B25DC40B62FFE8EF06214F08808AED848B253D275E909DB71

Uniqueness

Uniqueness Score: -1.00%

Function 07252711, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07252785

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: a3361106d1bbc761d187d1986bacfae830368b5b2eea0535501135414a1bfc7b
Instruction ID: 3d34d13f5db6039d05a5bbe6494cd3b6b92670106dbd5c168b4224c943660e20
Opcode Fuzzy Hash: a3361106d1bbc761d187d1986bacfae830368b5b2eea0535501135414a1bfc7b
Instruction Fuzzy Hash: DD218C724093C0AFDB138B25CC44A52FFB4EF07220F0984DAED848F163D275A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0172A5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0172A666

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 18d1e32f1218bca039146dcb93f8c70e9d3f639a180ae233a91189970b3eb828
Instruction ID: 3cfc32cdb74f35fdd073bfe599838c73bca252137ee138018b464730ebd2b77b
Opcode Fuzzy Hash: 18d1e32f1218bca039146dcb93f8c70e9d3f639a180ae233a91189970b3eb828
Instruction Fuzzy Hash: 0D119D72409380AFDB228F55DC44A62FFF4EF8A210F0884DAEE858B562D275A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 07251CD6, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 07251D35

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d87e5458c2c01728f3c2c6371496a9fea97f1aa1eb0c2745a2ae75ad00f071ce
Instruction ID: b1f8c41e20c95b93f4adfdb54f80cfc88bd1d391fb4a672ef69292a1cf343b21
Opcode Fuzzy Hash: d87e5458c2c01728f3c2c6371496a9fea97f1aa1eb0c2745a2ae75ad00f071ce
Instruction Fuzzy Hash: 4211BF72400608AFEB21CF65DC40F66FFA8EF45320F14856BEE459B251C275A418CB71

Uniqueness

Uniqueness Score: -1.00%

Function 07252213, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07252278

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4d0311af5213b724fe185b4729dcb489d31d38b80c4551ac5319900fe68580a0
Instruction ID: 59b0353663902cedd4d507b4e57202e42b642bdf8691b300f8d8115d525c2582
Opcode Fuzzy Hash: 4d0311af5213b724fe185b4729dcb489d31d38b80c4551ac5319900fe68580a0
Instruction Fuzzy Hash: 4511D076409781AFDB228F21DC40A52FFF4EF46220F0880DEED858A663C275A558DB61

Uniqueness

Uniqueness Score: -1.00%

Function 07252AA7, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07252B11

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 90c1183a33159c13089055b0e329dab985a54027a2fa3888a5c9ea479a83c9e5
Instruction ID: ee626b91ee8dbe6ae26d562b22ccb822e3ff6f22baefb2604156b3a0e19a6454
Opcode Fuzzy Hash: 90c1183a33159c13089055b0e329dab985a54027a2fa3888a5c9ea479a83c9e5
Instruction Fuzzy Hash: FA11B272409384AFDB228F15DC45B52FFB4EF06324F0884DEED854B2A3C275A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 072509E2, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 07250A4B

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3f083fd9b4939421d9a0b9523c608468f977124eff7bcfaeb1c40087597eba74
Instruction ID: 71ca424c677a636479d40c3d24a083fe61d01703862a638ee1d97459a521a143
Opcode Fuzzy Hash: 3f083fd9b4939421d9a0b9523c608468f977124eff7bcfaeb1c40087597eba74
Instruction Fuzzy Hash: 1911E1B1510204AFEB20DB25DC82FA6FB98DF45720F14C09AEE495A281D2B5A9098B71

Uniqueness

Uniqueness Score: -1.00%

Function 0725216C, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 072521CB

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 5de324eb78358951c4563a3e6eca283fd5006ca100f8dfc967fa76c73353210f
Instruction ID: e64bea068d7f57b4b6d519724430b786e3abacc5220aa75c67bac99cec254025
Opcode Fuzzy Hash: 5de324eb78358951c4563a3e6eca283fd5006ca100f8dfc967fa76c73353210f
Instruction Fuzzy Hash: E711BFB65043859FD711CB15CC84A52FFE8EF06220F0880AAED458B262D274A908DB71

Uniqueness

Uniqueness Score: -1.00%

Function 072523AA, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 072523F2

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 922417bef731ed543e3f5cfb78ed30af904f2c8da0ec6f6b9457cd16dda08061
Instruction ID: ac26992c4b2110358da34f2a3bf3d2b9b264c69a8611b503190f99c4f35e2d4b
Opcode Fuzzy Hash: 922417bef731ed543e3f5cfb78ed30af904f2c8da0ec6f6b9457cd16dda08061
Instruction Fuzzy Hash: 64113CF2610601DFDB10CF2AD885B56FBD8FF44220F0884AADD49DB692D675E448CA61

Uniqueness

Uniqueness Score: -1.00%

Function 07251C16, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,ABF37A40,00000000,00000000,00000000,00000000), ref: 07251C69

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: bee82e29f92b650214fbb30a25ac1fb83ffff080a9d74c8a6e2663d9384e71ea
Instruction ID: 4bfbb6505bc034e294b5860c674df66fe38cc79dab116e6bb4c56b35dfb65271
Opcode Fuzzy Hash: bee82e29f92b650214fbb30a25ac1fb83ffff080a9d74c8a6e2663d9384e71ea
Instruction Fuzzy Hash: 6701D2B1510608AEE710CB19DC85F67FF98DF45721F14809BEE099B241D6B5A508CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0172AEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0172AF50

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8db59be4ad7c4b08d0bbd5f0f25b5a29d4face6923516bc1b0936d034ef278c0
Instruction ID: 1a2933babebf5ce7e3dff5521f3a423ce9d2c3eb78f188d32f10a7fdef15f273
Opcode Fuzzy Hash: 8db59be4ad7c4b08d0bbd5f0f25b5a29d4face6923516bc1b0936d034ef278c0
Instruction Fuzzy Hash: A9118C72405784AFDB228F55DC44E52FFF4EF4A220F08849AEE854B662C379A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0172A42A, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0172A480

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 17e7f87e298d5738edfc056ea05ae47943b4ed21ed450102bbc3a09e55b2b420
Instruction ID: 107d4e4d26ef90dd61a9ae09472e51c0f53030ed06c31a8fa6c6385952e35397
Opcode Fuzzy Hash: 17e7f87e298d5738edfc056ea05ae47943b4ed21ed450102bbc3a09e55b2b420
Instruction Fuzzy Hash: A511A1714093C4AFDB128B19DC44B62FFB8DF46224F0880DBED858B263D275A908DB72

Uniqueness

Uniqueness Score: -1.00%

Function 0172AAEC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0172AB46

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 6bf95c3bac098f69edffeb23612ebac49b860e9345eac4bed95d322347c738aa
Instruction ID: 0cb8799da4a5866c77ed768ed2de504652dd2d287ebdeda04b6fed21b8728dcc
Opcode Fuzzy Hash: 6bf95c3bac098f69edffeb23612ebac49b860e9345eac4bed95d322347c738aa
Instruction Fuzzy Hash: 66117C32409784AFD722CF55DC85B52FFF4EF46620F0884DAEE854B263C275A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0172B566, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 0172B5B6

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: a88d40468a92be6d1095e9b8bb90b189b4b147957031e5cdab1ad4a6486a4de2
Instruction ID: 9e7ec43302eff1c57730eaf83f7a4792b56f6c6488253e3c8a17438fb3cbb2cc
Opcode Fuzzy Hash: a88d40468a92be6d1095e9b8bb90b189b4b147957031e5cdab1ad4a6486a4de2
Instruction Fuzzy Hash: 30017176900600ABD710DF16DC85F26FBA8FBC8B20F14856AED089B741E331F915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0725203E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 07252078

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 5da436b9eb64e44505c4a7299465bcbc214c8572abb93a48420ac0b2c7c7e1b6
Instruction ID: 624163065dd0a247aef1816355f05f6c706525842b5da04cd11ba02cd6347db9
Opcode Fuzzy Hash: 5da436b9eb64e44505c4a7299465bcbc214c8572abb93a48420ac0b2c7c7e1b6
Instruction Fuzzy Hash: 5501B1B1911241DFDB10CF2AD884766FFD8EF50220F18C0AADD09CB392D6B5E448CB62

Uniqueness

Uniqueness Score: -1.00%

Function 072522EE, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07252334

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 39c3ac6315c42165b8680adf8a3a750282baad2fb42cc9483caf15bee23c5208
Instruction ID: 83fbb166bfbb0b244f29628c00ff5e6c1356b49256adc34a3981e221f2ffe1df
Opcode Fuzzy Hash: 39c3ac6315c42165b8680adf8a3a750282baad2fb42cc9483caf15bee23c5208
Instruction Fuzzy Hash: C1016DB5510605EFDB20CF19D884B66FBE4FF05720F08C0AADD458B662D275E458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0172B7FA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0172B845

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 600aabf2751feeb3e798178cc7fbc1fea94c1f5599e7d99f396f387633390e55
Instruction ID: 4d354407f55488c471cbbff4dded5abc1c13835779834214b73fb53207d2f8e1
Opcode Fuzzy Hash: 600aabf2751feeb3e798178cc7fbc1fea94c1f5599e7d99f396f387633390e55
Instruction Fuzzy Hash: 110192755006409FDB20DF1AD885B22FFE4EF04610F0CC09ADE498B312D2B1E449DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 0172A622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0172A666

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 71325146bebfa17223063dc4bf80c34a50e432da75a202caaebb00d38a8f0742
Instruction ID: 6a83c336bb821ce85f0e493422f53bfeca61a375ce703f00a12f63d82e6c34e9
Opcode Fuzzy Hash: 71325146bebfa17223063dc4bf80c34a50e432da75a202caaebb00d38a8f0742
Instruction Fuzzy Hash: D1016D32800604EFDB228F55D844B56FFE4EF48720F08C9AADE494B612D376A519DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0725218E, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 072521CB

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 471098c9e8daddffb70e2106e09b8c3985409471e45f7924c86f73492ed998ae
Instruction ID: 76af311d866e0bb9dc3b7ee6d2df5a607bb67e07c106e4bb06ab264df75e4a84
Opcode Fuzzy Hash: 471098c9e8daddffb70e2106e09b8c3985409471e45f7924c86f73492ed998ae
Instruction Fuzzy Hash: FF01BCB5610645DFDB10CF19DC84B67FBE8EF04220F08D0AADE098B692D2B5E848DB71

Uniqueness

Uniqueness Score: -1.00%

Function 0172A2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0172A346

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: df1c5c89a884e4b6023c13e96315206cd8348d942986c8b2c5072ea9379371b2
Instruction ID: 6bd88aa044ef5053775785f04a1a4652454391d753092d5a62eaf2be27362e5f
Opcode Fuzzy Hash: df1c5c89a884e4b6023c13e96315206cd8348d942986c8b2c5072ea9379371b2
Instruction Fuzzy Hash: 24014B76900604ABD610DF16DC86F26FBA8EB88A20F14815AED085B741E375F916CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0725223A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07252278

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 8561f09b5f92e5885956e68387cb0e232d7c38803359e3479bc19a019140be4d
Instruction ID: be218b426e19c055e4c993b12ec69dc4da840aa4c5b2178b7363cc4da017f9d8
Opcode Fuzzy Hash: 8561f09b5f92e5885956e68387cb0e232d7c38803359e3479bc19a019140be4d
Instruction Fuzzy Hash: 23018CB6510601DFDB208F56D884B66FFE4EF09320F08C09ADE468A662D2B1E418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0725021E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 07250250

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 1286964c16080d76782ed84379462343d1b9a360df093ba8919de39b30509964
Instruction ID: ce9de9ac16d43dc339ea2b4dd5180adb7f519deb978a3e6f5ffae425d4ab7158
Opcode Fuzzy Hash: 1286964c16080d76782ed84379462343d1b9a360df093ba8919de39b30509964
Instruction Fuzzy Hash: 8701DFB19102049FDB20CF6ADC85766FF94DF45320F18C4ABDD09CB612D6B5A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 07250946, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 07250996

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8a358e6f2f9fb0e4b46bdb90f80e5796a17c300842570bfb5a30a79bef3e2f30
Instruction ID: 7db0bad3e7d673f9a79e398aa18cb43664ae9878e9f4c77b754ed803b999bca3
Opcode Fuzzy Hash: 8a358e6f2f9fb0e4b46bdb90f80e5796a17c300842570bfb5a30a79bef3e2f30
Instruction Fuzzy Hash: EC014B76900604ABD610DF16DC86F26FBA8EB88B20F14815AED095B741E371F916CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 07252AD6, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07252B11

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 5eb7b4538fd8d70184e0a1490d3380414a343c346c56766bb462c3b9767cad27
Instruction ID: 91d802a8406dd9f8b9e476f64a2c73f57923e61ead28b61962a4042e23f9ba2e
Opcode Fuzzy Hash: 5eb7b4538fd8d70184e0a1490d3380414a343c346c56766bb462c3b9767cad27
Instruction Fuzzy Hash: 2301B1B1510600DFDB218F15D884B66FFE0FF08320F08C09ADD464B662C2B1E418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0172AF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0172AF50

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6f591078e615e2636337d1eb5c21edcddfc9fbe213a9985b4acf1159c1754a6a
Instruction ID: 9fcdb3745481933a4c755854f14a439112dafba913ee79adc03e82d3a76294ac
Opcode Fuzzy Hash: 6f591078e615e2636337d1eb5c21edcddfc9fbe213a9985b4acf1159c1754a6a
Instruction Fuzzy Hash: 33017C71400604DFDB218F55D844B66FFA0EF08320F08849AEE490B662D2B6E419DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0725274A, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07252785

Memory Dump Source

Source File: 00000018.00000002.435783308.0000000007250000.00000040.00000001.sdmp, Offset: 07250000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7f8b4b786934a4bb572d3e8f2b4e8860fed85337e06345b2e4ca74b58c65c94c
Instruction ID: 42227ebe06190db6fcb114e0f96bd2d5dba8b093bb8de97c668d883930f710cc
Opcode Fuzzy Hash: 7f8b4b786934a4bb572d3e8f2b4e8860fed85337e06345b2e4ca74b58c65c94c
Instruction Fuzzy Hash: 83018FB5410644DFDB20CF55D844B26FFE0FF08320F18C09ADE490B256D2B6A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0172AB0E, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0172AB46

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 52db93282e6006ea00a2eec1adc860584b28586f631345d1ef92b426d2f5a430
Instruction ID: 58de1567125843e61357e753c79501f570e069f7421ae2ba59356b8569ce5113
Opcode Fuzzy Hash: 52db93282e6006ea00a2eec1adc860584b28586f631345d1ef92b426d2f5a430
Instruction Fuzzy Hash: 55018135804644DFDB21CF59D885B52FFE0EF04720F18C59ADE4A4B652C2B5A419DF72

Uniqueness

Uniqueness Score: -1.00%

Function 0172A44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0172A480

Memory Dump Source

Source File: 00000018.00000002.430171128.000000000172A000.00000040.00000001.sdmp, Offset: 0172A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b0d32912d4f09e19eaaa332c4879f5d67849930c4fd1b0b28fe98b428c62d96a
Instruction ID: 27fb23fb3936c7265a8c1ec10b3aa4fe4cb2e4396441a278bfbdcb33f6e44b3d
Opcode Fuzzy Hash: b0d32912d4f09e19eaaa332c4879f5d67849930c4fd1b0b28fe98b428c62d96a
Instruction Fuzzy Hash: 5CF08C358046449FDB108F1AD888762FFA4EF44320F18C0EBDE494B616D2B9E409CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 03325D1B, Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

U, xrefs: 03325D25

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 46f5f77afe13fe8307120c7179950ee5387c5c075d25cb87f18a6eaa809cfb83
Instruction ID: f53e0cfae0534a599db03a6acdd3098c21052823ec2643c5190813c7b2f839c3
Opcode Fuzzy Hash: 46f5f77afe13fe8307120c7179950ee5387c5c075d25cb87f18a6eaa809cfb83
Instruction Fuzzy Hash: 7511F674A01218DFDB05DFA8C588A9DFBF2EF89300F15C499D519AB265DB34AA01DB41

Uniqueness

Uniqueness Score: -1.00%

Function 033200B8, Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

</kr, xrefs: 0332011C

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: </kr
API String ID: 0-2427075492
Opcode ID: ebf8cb40f9f971dda7e2a5bf7f438996f586a27ba49edc4497b1a873b26fac55
Instruction ID: 545f6adcad4ac7f75456b3182ac1edd3572a1b2d1a5eded12646198442f0864f
Opcode Fuzzy Hash: ebf8cb40f9f971dda7e2a5bf7f438996f586a27ba49edc4497b1a873b26fac55
Instruction Fuzzy Hash: 26111F74E01249DFCB04DFA8C584AAEFBB1FF45300F2441A6C414673A1DB345E44DB95

Uniqueness

Uniqueness Score: -1.00%

Function 033200C8, Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

</kr, xrefs: 0332011C

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: </kr
API String ID: 0-2427075492
Opcode ID: 88a6fe01d1075620d9bb70e3d2f57524baa1a51ce3a0189774ae0926bcaa9392
Instruction ID: 941db3cc8668f840f11084ff3ef2d925299be417f2b3033689c893ddf65d8ef2
Opcode Fuzzy Hash: 88a6fe01d1075620d9bb70e3d2f57524baa1a51ce3a0189774ae0926bcaa9392
Instruction Fuzzy Hash: C111DA74E01209DFCB04DFA8C584AAEFBB2FF85300F2441A9C50467355DB306E41DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0332C1BF, Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

r@>@, xrefs: 0332C1FF

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: r@>@
API String ID: 0-2817613862
Opcode ID: d0bbe2e20922bd3cce6a21a0e5d87e924f8a5db01d3bbcbd61f5089b98d33e19
Instruction ID: e65dfca74e4301398e95798339b3a74468d060613403aec7868e794a75ebba20
Opcode Fuzzy Hash: d0bbe2e20922bd3cce6a21a0e5d87e924f8a5db01d3bbcbd61f5089b98d33e19
Instruction Fuzzy Hash: A4119F74E012288FCBA0EF24D998799BBB9BF49315F1081EAD54DA7315DB705E81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0332BD10, Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

_>>, xrefs: 0332BD2E

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: _>>
API String ID: 0-2807168339
Opcode ID: 8832c2cf8c7ae9878c360fbaf64d1ed7bc3d6315054e0285078f8a46b7905006
Instruction ID: 8737c00b064f5c5610051d929662c29c67dd386b1bb25d6115708692380c3d18
Opcode Fuzzy Hash: 8832c2cf8c7ae9878c360fbaf64d1ed7bc3d6315054e0285078f8a46b7905006
Instruction Fuzzy Hash: 7A11C2749022298FCB60EF64D99879DFBB1FB49302F1081DAD94DAA754DB741E81CF10

Uniqueness

Uniqueness Score: -1.00%

Function 03322C1E, Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 03322C23

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: 60e1d82a56399b3dc64482cf1b241ea2698ce7aae4a0f0ff12fe2a7af56de236
Instruction ID: bcfcd3ec082543ac501108a30a66ff12b278376137b970121ca9e66bf828de16
Opcode Fuzzy Hash: 60e1d82a56399b3dc64482cf1b241ea2698ce7aae4a0f0ff12fe2a7af56de236
Instruction Fuzzy Hash: D3F04F34E11229DFEB64CF64D980A5EB7B2BB45310F6595A9D409AB240C7349E418F11

Uniqueness

Uniqueness Score: -1.00%

Function 0332BF63, Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

z, xrefs: 0332BFF0

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: z
API String ID: 0-1509636059
Opcode ID: 132e14a18c7e4b0c55d41b4aa0ceef4e4f2e5fc108af472225b02f52d7c34e25
Instruction ID: e0531bd0daa362b98ad14531305e046a77a95a6c4063979a7f37932fdd34f853
Opcode Fuzzy Hash: 132e14a18c7e4b0c55d41b4aa0ceef4e4f2e5fc108af472225b02f52d7c34e25
Instruction Fuzzy Hash: A601E474E012299FCBA0DF20D9A56D9BBB2BB89315F1081E9960EA7744DF305F81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 033254B2, Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

FOG, xrefs: 033254D6

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID: FOG
API String ID: 0-1269656527
Opcode ID: 763455a1e46d020cabd2ec4008d111961d08b35b4d33bddce8b89ffdbe5c737c
Instruction ID: 4306bea18af67436968e282ecfc7b26e39ddb37b91ff80d87f295828512f3414
Opcode Fuzzy Hash: 763455a1e46d020cabd2ec4008d111961d08b35b4d33bddce8b89ffdbe5c737c
Instruction Fuzzy Hash: 93D06C78905268CFCB24CFA4C6809EDBBF2EB09712F604298E80967324C735AE81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 03322900, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a94483c56c6b2c2cc407de67a507d49c96f7d702347aebc5e949e668cd37e5f8
Instruction ID: 1fee406340d87adec5cdc3362cd008ff7c63ed9412b2d9938e2d3ef9bbb9dfab
Opcode Fuzzy Hash: a94483c56c6b2c2cc407de67a507d49c96f7d702347aebc5e949e668cd37e5f8
Instruction Fuzzy Hash: FF513A70E002299FDB54DFA9D894BAEBBF2BF89700F24846AE505BB354DB705D02CB54

Uniqueness

Uniqueness Score: -1.00%

Function 03328488, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f6d3c3c013c2c1a8ae45acb7e238a7cb64f8c8166cdf0556be002cf2d55c047
Instruction ID: 25fab5d6a390443877da0d7a80221fb81bae3951146079111c76bbb818dbbc36
Opcode Fuzzy Hash: 9f6d3c3c013c2c1a8ae45acb7e238a7cb64f8c8166cdf0556be002cf2d55c047
Instruction Fuzzy Hash: A4615AB0E02248DFCB18CFA8E584A5CBFB6FB48322F149169E8059F658DB749A41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 033284F2, Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf1a757881cd6021c1e65ab7c2e91423e6b2d3f98bcfa24cb4cfbe160b62e19
Instruction ID: a370f616617e327fa1bcbe73d6c95dd6eb39b6a560605c542f363b3242f85f9b
Opcode Fuzzy Hash: bdf1a757881cd6021c1e65ab7c2e91423e6b2d3f98bcfa24cb4cfbe160b62e19
Instruction Fuzzy Hash: 306158B0D02298DFCB18CFA8E584A5CBFF6FB48326F14946AE4059F658D7349A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03328953, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69aff8273e3b3dba1c2a6b1ce3c64efe094e1bb2b1f92a880c654193ed30c245
Instruction ID: 1f95ce3f51d60cf9003725bcd5e1a8dfdf187ba3ef3b25773ffa4f4b0c8770fa
Opcode Fuzzy Hash: 69aff8273e3b3dba1c2a6b1ce3c64efe094e1bb2b1f92a880c654193ed30c245
Instruction Fuzzy Hash: C2518DB0A02298DFCB18CFA8E584A5CBFB6FB48321F149569E8059F658D7709A42CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0332854F, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a85b66ed93559ac6f9c5a6ef6b414d1ac9a727fcb8083d957321acd6520cba6
Instruction ID: f378202f158b4f010484a52b9c0afac2fd5a7811f687bdd53da0c44eeb62afe3
Opcode Fuzzy Hash: 8a85b66ed93559ac6f9c5a6ef6b414d1ac9a727fcb8083d957321acd6520cba6
Instruction Fuzzy Hash: 25514AB0902288DFCB18CFA8E584A5CBFF6FB48325F14956AE4059F658D7749E41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0332874F, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71031ce63a9872c283cf9729930339805690faf9e5611cfeb323ecedb0c2f7f4
Instruction ID: f692cf0dffb5e3a85d49f67ecb20bf0d07b19322cf62f7025bd34bce6e6b47fb
Opcode Fuzzy Hash: 71031ce63a9872c283cf9729930339805690faf9e5611cfeb323ecedb0c2f7f4
Instruction Fuzzy Hash: CB517AB1E02248DFCB18CFA8E584A5CBFF6FB48321F14916AE4069F658D7749A41CF10

Uniqueness

Uniqueness Score: -1.00%

Function 03328893, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b32aa085dc6c6e35af6c9e6eb2d907deb4831e98e2353bdd1dfb387d17e5f2b
Instruction ID: 8ab580d29a8d9467e304eca039b55b82103df93276a4fb61741fd716968745c0
Opcode Fuzzy Hash: 1b32aa085dc6c6e35af6c9e6eb2d907deb4831e98e2353bdd1dfb387d17e5f2b
Instruction Fuzzy Hash: 07517BB1E02298DFCB18CFA8E584A5CBFB6FB48322F14956AE405DF258D7749A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03326ABB, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d7e3748a8ba66d4408f1e1ecae261c5220d1215c0e757899a38cb81ec7db07
Instruction ID: f4eb642dcc61f5c29997d0764e07f63ea00a5501ee42cc833154ad99e2e01e1b
Opcode Fuzzy Hash: a5d7e3748a8ba66d4408f1e1ecae261c5220d1215c0e757899a38cb81ec7db07
Instruction Fuzzy Hash: F85103B4D05219EFCB04CFA8C5C2AAEFFB1FF48310F24859AE401AB615D7759A81CB95

Uniqueness

Uniqueness Score: -1.00%

Function 03326AC8, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e8546e6facc2e45afe995347582e2260bcf27574d9a6f0c34c5e58770f8d46
Instruction ID: f7e6fec2f26e9efa95003d10703dd8de4d2f500c368bf3a5816ad622521759aa
Opcode Fuzzy Hash: 17e8546e6facc2e45afe995347582e2260bcf27574d9a6f0c34c5e58770f8d46
Instruction Fuzzy Hash: BA41D4B4D01219EFCB04DFA9D5C2AAEFBB1FF48304F20855AE401AB614D7759A81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 03321CC1, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b74b055da7ff31ef9f125262f41e0a9bdff458271b536fc4ef879a1740452e94
Instruction ID: 9112eaac6064c397a182ad9f5db6b626dcd6d7e1d19ef0cde84a1a038b11823d
Opcode Fuzzy Hash: b74b055da7ff31ef9f125262f41e0a9bdff458271b536fc4ef879a1740452e94
Instruction Fuzzy Hash: 394172B4E01208DFCB44DFA9C594AADBBF2FF89300F2480AAD815A7364DB35A945CF55

Uniqueness

Uniqueness Score: -1.00%

Function 03326AE5, Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb86985de56d31d9f6a9e6bcacc524cecff34cf24393fc2463ed93cf7abb3aa
Instruction ID: 51eb3a1e1f5ad27a063649c327323f6660dc8ec6b2dc223c81e53447ab4f9b85
Opcode Fuzzy Hash: dbb86985de56d31d9f6a9e6bcacc524cecff34cf24393fc2463ed93cf7abb3aa
Instruction Fuzzy Hash: 2141E6B4D01219EFCB04CF98D5C2AAEFBB1FF48304F208559E401A7604D7749A80CF95

Uniqueness

Uniqueness Score: -1.00%

Function 03321CD0, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c41d6c07efb6129ced8297e73274c4de24e6e18a0bfd54aa628a7f112c2679be
Instruction ID: 8ed6380ca3412a8412395ecd996b6dd7d18bf269c9662937c765ab64bc220ac8
Opcode Fuzzy Hash: c41d6c07efb6129ced8297e73274c4de24e6e18a0bfd54aa628a7f112c2679be
Instruction Fuzzy Hash: 9F4160B4E01208DFDB44DFA9C594AAEBBF2FF88300F24806AD819A7354DB35A941CF55

Uniqueness

Uniqueness Score: -1.00%

Function 07D50292, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4bc5005532f4b99683ba60e2d46a7e2b0def59d2a2b7f6907d39642b4f4ac47
Instruction ID: 4ad48fc2f035a0b10fa16dbd3872bd3643c5c01c479598f416ce4bb8e9588c0c
Opcode Fuzzy Hash: e4bc5005532f4b99683ba60e2d46a7e2b0def59d2a2b7f6907d39642b4f4ac47
Instruction Fuzzy Hash: 3641F9B4E452298FDB64CF64C984BDEF7F1AB88310F1084EAD619A7254EB705E85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0332EB20, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcd54bd88790be04e5fdf3713c520449fcbdea29ac66941b3288c935dc971c70
Instruction ID: 272df55b2d66f59fda07e17400be9abae16619bb623659af8a22a48df00a245f
Opcode Fuzzy Hash: dcd54bd88790be04e5fdf3713c520449fcbdea29ac66941b3288c935dc971c70
Instruction Fuzzy Hash: EC313770D0A219EFCF14CFA5D1816AEBFB5FB88300F1094AAD416A7254D7789A40CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0332EB13, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ffa920f759c2ec969ad171b6c6c51f38788c9c6745c7099b081326b2fbf346
Instruction ID: c8a7ca7b317842502eac50e064493fcdc5bceb397d0a6aee7a43c36382a546fe
Opcode Fuzzy Hash: 99ffa920f759c2ec969ad171b6c6c51f38788c9c6745c7099b081326b2fbf346
Instruction Fuzzy Hash: A3413470D0A20AEFCF14CFA5D5816AEBFB1FF89300F1494AAD416AB254D7789A40CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07D50239, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a986fc457195f3c7f7e480a7a6547abaebc78eecfbd195b88caa55cdabb83932
Instruction ID: 14e272e606285eeac124e7f693d566434e826b9f0de6263cef23361af08680df
Opcode Fuzzy Hash: a986fc457195f3c7f7e480a7a6547abaebc78eecfbd195b88caa55cdabb83932
Instruction Fuzzy Hash: F24107B4E452298FDB64CF64C884BDEF7F2AB48310F1084EAD659A7244E7709A84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 07D5027A, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dd83951d2c7725c57df64e074db3f647a832d4262848a38e391ee0eaea268c8
Instruction ID: 1777ad33409ec8075f2882563a9750ab1c90d6c5cfda9e970d3f588957293d7a
Opcode Fuzzy Hash: 5dd83951d2c7725c57df64e074db3f647a832d4262848a38e391ee0eaea268c8
Instruction Fuzzy Hash: 6A31F8B4E452198FDB64CF68C884BDAF7F1BB88310F1084EAD659A7254E7709A85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 07D5025F, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a547dbfe92a30464d47026292e8f7f810aedc57c177c779600c320013861706
Instruction ID: d62c23ee8efd5067876fee930b5c0423e61352b8cf8cb878800f1ee85e21abe3
Opcode Fuzzy Hash: 3a547dbfe92a30464d47026292e8f7f810aedc57c177c779600c320013861706
Instruction Fuzzy Hash: D3310AB4E452299FDB64CF64C944BDEF7F1AB98310F1184E6D619A7284E7709A84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 03321ADB, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e390e55c952172bd4878cedfe24b79a18ca84e4c232bb2f5274506ef315a40
Instruction ID: d4c647dcff6a8bcdfed0d01ed84face22e3d1929c1bff2dbb689cb102a33ff06
Opcode Fuzzy Hash: 80e390e55c952172bd4878cedfe24b79a18ca84e4c232bb2f5274506ef315a40
Instruction Fuzzy Hash: 3231C474E01208DFCB48DFA9D8949AEBBF2FF89310F24916AD805A7364EB355941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 07D51718, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9f0d92754bd7e95353689755d2fdda62f8c4980bc20d6c4920e1683c8f7eab3
Instruction ID: c12f72b248a6f4b8efaadc761c6bba8aef1092bcdb30f18399709cffac9accd3
Opcode Fuzzy Hash: f9f0d92754bd7e95353689755d2fdda62f8c4980bc20d6c4920e1683c8f7eab3
Instruction Fuzzy Hash: 8C3169B0D06349EFCF15DFB8C5456ADBFF1EF8A210F1088AAC805EB251E6359A04DB52

Uniqueness

Uniqueness Score: -1.00%

Function 033240A8, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f718d90fa824166574e1a9b2b080fddf44a6c4dabe7aa20b50033247f615c93
Instruction ID: eaabd827f67acf7471a58fdfe93d586d1ca44caf9fa4aafe21a5bdf486f6bf25
Opcode Fuzzy Hash: 0f718d90fa824166574e1a9b2b080fddf44a6c4dabe7aa20b50033247f615c93
Instruction Fuzzy Hash: E13117B4E042199FCB44CFAAC4809AEFBB1FF49310F1195AAD814AB754D738AA41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03320006, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6334b7e9f94b5b0fc641a4254d91151e06d837db605db0a088b1e7324b10c62
Instruction ID: ad311c7f45654c275a45e17b53e743a00f928d8d7deae527b26979fd4d65a4be
Opcode Fuzzy Hash: d6334b7e9f94b5b0fc641a4254d91151e06d837db605db0a088b1e7324b10c62
Instruction Fuzzy Hash: 9721F32004E3D1AFCB179B7488656AA7FB09F1721070E18DBD0819F1A7C6685A59E763

Uniqueness

Uniqueness Score: -1.00%

Function 033240B8, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02d8b81092dbe7ec358a82844fdebb43cf2fac3b35cdc858554f0452fc2da149
Instruction ID: e99f25513a4efc681a0d29d8f4e742f8644f4be18ad2abea46dd0623cedc538d
Opcode Fuzzy Hash: 02d8b81092dbe7ec358a82844fdebb43cf2fac3b35cdc858554f0452fc2da149
Instruction Fuzzy Hash: 2A3106B4E04219DFCB54CFAAC4809AEFBB5FF88300F10956AD815AB754D738AA41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0332952F, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69cb759f82d50de8f32715add2ad2dd424b7f8801023d73ef31e74db36635df
Instruction ID: 9421198f7aa44528f0df6dda990384d557ad30809a9fc8436433577830042569
Opcode Fuzzy Hash: f69cb759f82d50de8f32715add2ad2dd424b7f8801023d73ef31e74db36635df
Instruction Fuzzy Hash: ED3138B4E09359DFCB04CFA4D58469EBFF1FF8A300F2485AAC406AB268D7349A51CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0332B0DB, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfebf5680a038ea720a498f5ee19a4bb52b8a4522b143dcd79539e42b765f9ae
Instruction ID: 3a4a55d82d196244b22d3a5c2b0b7cb156b5d874ae1e03b7bb5a3b5a3e4a5bca
Opcode Fuzzy Hash: bfebf5680a038ea720a498f5ee19a4bb52b8a4522b143dcd79539e42b765f9ae
Instruction Fuzzy Hash: 8D31E774E112288FDBA4DF26C889799BBB2BB88301F14C1EA950DA7254DB305A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03329550, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506d1551b5402f080e7a90cfda2978e5e0ed86d0b8712a2cfad9ca3e767e73a4
Instruction ID: 55ee2ce7ba316807bdbceefd5d9d430953c8b8b3b799bd5db4acea072a476875
Opcode Fuzzy Hash: 506d1551b5402f080e7a90cfda2978e5e0ed86d0b8712a2cfad9ca3e767e73a4
Instruction Fuzzy Hash: 6E2105B4E05219DFCB14CFE5D58469EBBF6EB88310F2095AAC406AB218D7349A518B51

Uniqueness

Uniqueness Score: -1.00%

Function 03321C00, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb6a612f828883a4053d4b95bf3b6d61b922f07c8c05057efbfa2f74d322520
Instruction ID: 559030da2964c8741496014ea13b3e2e99748dbe329de0b3b84b8f7aebcd49c8
Opcode Fuzzy Hash: 7cb6a612f828883a4053d4b95bf3b6d61b922f07c8c05057efbfa2f74d322520
Instruction Fuzzy Hash: ED2180B4D01219DFCB04DFA9C6816AEFBF5BB48300F2495AAD404B7354E7749A81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0332D3FA, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c400f757aaf5e9a3e2cbf7dcb44cf600be2771e4e43bf793a1a7416c58a59e1
Instruction ID: 7289222c29d86969ba364a8f909fff52f9abca9732c1a63c27249c0ba6145c56
Opcode Fuzzy Hash: 9c400f757aaf5e9a3e2cbf7dcb44cf600be2771e4e43bf793a1a7416c58a59e1
Instruction Fuzzy Hash: 97213970D053588FEB19CFAAC88439EBFB2AB8A300F1480AAC414AB256D7781945CF81

Uniqueness

Uniqueness Score: -1.00%

Function 071A1C60, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.435643500.00000000071A0000.00000040.00000001.sdmp, Offset: 071A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee0ad72e5ca77942720ef17cbd6a3c1c474abe1608dc465c5758244bf841723
Instruction ID: ad2c846d2282c615b15c68975bf463537e89899836b143503df21f9114b7b8fa
Opcode Fuzzy Hash: 9ee0ad72e5ca77942720ef17cbd6a3c1c474abe1608dc465c5758244bf841723
Instruction Fuzzy Hash: 7511BDB5508301AFD340CF19D840A5BFBE4FB88664F14895EF998D7311D371EA148FA6

Uniqueness

Uniqueness Score: -1.00%

Function 03380726, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430587527.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db410e464c5149dfeed18af569050974c41fd1be2db62c54437f1cd773d314c3
Instruction ID: 1297f57916a46d57b3f8799b7f55779672bff293c21dbeb691cdfd6c52a14009
Opcode Fuzzy Hash: db410e464c5149dfeed18af569050974c41fd1be2db62c54437f1cd773d314c3
Instruction Fuzzy Hash: 09213D3550D3C49FC707DB20C890B15BFB1AB47204F1985DAE8858B6A3C23A980ADB52

Uniqueness

Uniqueness Score: -1.00%

Function 0338075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430587527.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3701da2e8ad7e8eed2ba9b08af45a5d9f54ca4b51a09584e227aa979e9e8cad6
Instruction ID: 25fe8b77ca6933dda0910b9d6a5ae42448fefe166911b6a3d4b96a09fd6bb552
Opcode Fuzzy Hash: 3701da2e8ad7e8eed2ba9b08af45a5d9f54ca4b51a09584e227aa979e9e8cad6
Instruction Fuzzy Hash: FF11B434204384EFD719DB24C9C4B26BB95AB88B08F28C99DF9491B653C777D807CE51

Uniqueness

Uniqueness Score: -1.00%

Function 03325C40, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae6d8554221ba02d004bbbdff8a582202415e905497b244ff71200d37929d67d
Instruction ID: bcb99c5b1ef8cc4c8f9099bb57d15de4a2ce6b9e576685ff803996117338ad9e
Opcode Fuzzy Hash: ae6d8554221ba02d004bbbdff8a582202415e905497b244ff71200d37929d67d
Instruction Fuzzy Hash: 0B212970D05269DFDB05CFA9D9809AEFBB4FF4A300F1488AAD415AB214E3309704DF95

Uniqueness

Uniqueness Score: -1.00%

Function 07D51798, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5494a46bc5b6e5624891b6b9b679064822b815ae91bf0334fba26f99bc0df14
Instruction ID: 60e709ab08228c01b3d306eb4daa968b29726c24a3c16841f143d98392e15603
Opcode Fuzzy Hash: f5494a46bc5b6e5624891b6b9b679064822b815ae91bf0334fba26f99bc0df14
Instruction Fuzzy Hash: 462159B0D06349EFCF15DFB8C9416AEFFB1EF86211F1088AAC401EB241DA359A00CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0332EA40, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9fc2114964324c50bb79db84b6ed9b7af7fbc753421fca985f4bbacf4be70c1
Instruction ID: 451d7bbf756a964d4f4c050354a102645d550551e4410312ddca099141424b1f
Opcode Fuzzy Hash: c9fc2114964324c50bb79db84b6ed9b7af7fbc753421fca985f4bbacf4be70c1
Instruction Fuzzy Hash: 13218E74D09219DFCB10DFA8D5825AEBFF5FF49310F2088AAC402AB214D3319A01DB52

Uniqueness

Uniqueness Score: -1.00%

Function 03321E0B, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44dcfe90388f0a3b8df3f68c18c451d0107f8488bea912ef079101ba3fca109a
Instruction ID: 0979f06d46bbdbc3a0a84fc9bcd823e0c8fa657851d652d7d23749e8d7bb3147
Opcode Fuzzy Hash: 44dcfe90388f0a3b8df3f68c18c451d0107f8488bea912ef079101ba3fca109a
Instruction Fuzzy Hash: 2211E974E012589FDB04DFA9C990AAEFBF2EF89300F1081A9D504A72A5E7355A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 07D517A8, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 608c81a42cb60891fafdf78ff985dfa7ab6d6aa6d5c95e5cc6702bbdff7b266f
Instruction ID: a692573f0188cc4b4904a70270771d00c8b9fe1b01099cb5834d210a7f9387be
Opcode Fuzzy Hash: 608c81a42cb60891fafdf78ff985dfa7ab6d6aa6d5c95e5cc6702bbdff7b266f
Instruction Fuzzy Hash: 60114CF0D0120DEFCF14DFA9C5456AEFBB6EF89211F1098AAD405A7240DB359A00CB56

Uniqueness

Uniqueness Score: -1.00%

Function 071A1B04, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.435643500.00000000071A0000.00000040.00000001.sdmp, Offset: 071A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb0368f113466709b35b6d79b70fc5a05ce375fc6e89a9f1622966aad84b208
Instruction ID: b2a9d42d4bbc33c1094a6035475c873a82a101d3021e9996a8bb803c150f7175
Opcode Fuzzy Hash: 2cb0368f113466709b35b6d79b70fc5a05ce375fc6e89a9f1622966aad84b208
Instruction Fuzzy Hash: 4011ECB5608305AFD350CF49DC80E5BFBE8EB88660F14891EFD9997311D271E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0173ADBC, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430189237.0000000001732000.00000040.00000001.sdmp, Offset: 01732000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bae6ec10f7aea3f5b0a360acf5a02fd4b25cab98d5a55cbc4388a844dd6637d
Instruction ID: 0776579d2490b96759ab1fc9f6cf8fad63cd219777afc8bf78f3ecf81d3985ec
Opcode Fuzzy Hash: 1bae6ec10f7aea3f5b0a360acf5a02fd4b25cab98d5a55cbc4388a844dd6637d
Instruction Fuzzy Hash: CA11ECB5A08305AFD350CF09DC40E5BFBE8EB88660F14891EFD9997311D271E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 03325D28, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861ad7d240a2694b88cbcfe06fa4ed2a941a7c1f08728cdcdb5adb12bd499f00
Instruction ID: 56d3813f01af3ab6cdb061833bd62e6c449e4043b089fd09394f12b59f46db01
Opcode Fuzzy Hash: 861ad7d240a2694b88cbcfe06fa4ed2a941a7c1f08728cdcdb5adb12bd499f00
Instruction Fuzzy Hash: 81112574E00118EFDB04DFA8C588AADFBF6EF89300F14C499D419AB225DB30AA00CF40

Uniqueness

Uniqueness Score: -1.00%

Function 03321E18, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3274fca98cc306d31cc83aebb6a4652a9994a627e09ec4608522de9e964f7eff
Instruction ID: 657e59aa1042f57fcb685429688d9d07f38d164da8789161a57d09c87b977fbb
Opcode Fuzzy Hash: 3274fca98cc306d31cc83aebb6a4652a9994a627e09ec4608522de9e964f7eff
Instruction Fuzzy Hash: B511D374E002099BDB08DFA9C950AAEFBF2EF88300F20C169D514B7394EB355A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 033805CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430587527.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a1608a70aca17da5b894ef485b333af53713f69840a7a640f1d2d13bdae3fd
Instruction ID: ad3dc4070c94a4e14ce07a8eb62f7d1ae49c8e51792087e6309a0196e9a7d3fb
Opcode Fuzzy Hash: a0a1608a70aca17da5b894ef485b333af53713f69840a7a640f1d2d13bdae3fd
Instruction Fuzzy Hash: C40186765097806FD712CF16EC41862FFB8DF86620709C4DFED498B612D229B908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0332B62E, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89776f26f326945830bcfe270f9a42230ae118036dae73d70aaf34f10d6e74f6
Instruction ID: e4614285707c9957bc69f419c167eb65724cd661237723cd3aebe5a0e5f85c30
Opcode Fuzzy Hash: 89776f26f326945830bcfe270f9a42230ae118036dae73d70aaf34f10d6e74f6
Instruction Fuzzy Hash: 14119F7490026A8FCB65DF20D8587DDFBB5BB49306F1082EAD91AA6345DB700E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0332BE81, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee391e8acacce253de7de741382275f469df776cf19d3ab4a220422e6eabcbc7
Instruction ID: 017b5dabacea5f0fa647b23542a61925f31bb49736b5014ea117c97cdcb4ae0c
Opcode Fuzzy Hash: ee391e8acacce253de7de741382275f469df776cf19d3ab4a220422e6eabcbc7
Instruction Fuzzy Hash: F5113A74E063A88FDB60CF60C8982D9BBB2BF49301F0080E9D48EAB745D7700A81CF46

Uniqueness

Uniqueness Score: -1.00%

Function 0332AF59, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71df4974c5b21605ec03afb18fcb10f4b9513c40b7b832cc16aff998aa91f48c
Instruction ID: 172ebbca22dca64aaa76217c83cac9b4c99a293aa766792dd4caf726de2639e9
Opcode Fuzzy Hash: 71df4974c5b21605ec03afb18fcb10f4b9513c40b7b832cc16aff998aa91f48c
Instruction Fuzzy Hash: 890142B0E16219EFCB44CFA8E9804CCBBF6FF89310F20956BE519E6204EB3599018F10

Uniqueness

Uniqueness Score: -1.00%

Function 0332BC10, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45daf8f9d7d5a86dc7675f42a99639fb41fda0f0b6406886668ee06ab05a2ddf
Instruction ID: e4c1d469121b9d855f1e96e3502428b2c2f416ca68d0dc85043bf4f39fb6cf6f
Opcode Fuzzy Hash: 45daf8f9d7d5a86dc7675f42a99639fb41fda0f0b6406886668ee06ab05a2ddf
Instruction Fuzzy Hash: 0B117274901669DFCB60DF64DD583D9BBB2BB89302F1081D9941DAA758DB344A80CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0332BB24, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a73bd206fde71e777917262ad2f614e98125a1229b0b5f8383246576cbf17801
Instruction ID: 23812974c0be42500cde372454e2af17b93d488acb2ffc2bf3be7164ccb3fc46
Opcode Fuzzy Hash: a73bd206fde71e777917262ad2f614e98125a1229b0b5f8383246576cbf17801
Instruction Fuzzy Hash: D611D674D062688FCBA5DF24C99839DFBB5BB88306F5081E9E44AA6345DB341F84CF15

Uniqueness

Uniqueness Score: -1.00%

Function 0332B560, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c910c930508649e5ce3042f29b3a1de6af3c8e2d77288cc08552b8993598530a
Instruction ID: 1c0deb8b31bbf087032a57c03a529da0f8e4f36d0e96bd072b8e13baa796b90e
Opcode Fuzzy Hash: c910c930508649e5ce3042f29b3a1de6af3c8e2d77288cc08552b8993598530a
Instruction Fuzzy Hash: D011B3749022298FCB65DF20C9A4798BBB6BB49301F1485DAE80EA7345DB314E80CF51

Uniqueness

Uniqueness Score: -1.00%

Function 033286B0, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e51e234f7a07f6c6f0de75de50cb5a10c592f07ad7b3d21df6e3f320ee9d00
Instruction ID: badcc637ab4842439a02eaf8b6298737d2447d03fa3ce57c187b6ac1b03f7af5
Opcode Fuzzy Hash: 45e51e234f7a07f6c6f0de75de50cb5a10c592f07ad7b3d21df6e3f320ee9d00
Instruction Fuzzy Hash: 290156B0D1620DCFCB50CFA4D99849CBFB2FF88311B108669E506A7358EB785D42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0332AB0E, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 381a8bb783eaf533fa42926838097f75fe6acc8eae9abe021a2ea34de756cbc0
Instruction ID: 0b2a24b02f8eed10ea73acc27d91d2b2b644dbe17665bea6ceed2470144ad74f
Opcode Fuzzy Hash: 381a8bb783eaf533fa42926838097f75fe6acc8eae9abe021a2ea34de756cbc0
Instruction Fuzzy Hash: F2115E78E012289FDB64CF64D984B99BBF2FB8A215F1081E9E94DA7705DB305E818F11

Uniqueness

Uniqueness Score: -1.00%

Function 03380818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430587527.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: e994a0f67ba654dcdfa8a3ae73fbd9b4bced663f66b14c0c533decfb99a27782
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: 96F01D35204644DFC705DF40D980B15FBA6EB89718F24CAADE9490B752C337D813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 0332BA00, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 800f98c9e02eaee9631e6850a9aea91ea55437a7a74299a1c3f76bfc44494e0f
Instruction ID: e5f2366551f43bd43c79153a8394bdecf78866f82757c10a4a02cc11411f58c7
Opcode Fuzzy Hash: 800f98c9e02eaee9631e6850a9aea91ea55437a7a74299a1c3f76bfc44494e0f
Instruction Fuzzy Hash: 0D01B2B8D08228DFDBA0CF30D8847D9FBB1AB48345F5082EA940DA6254DB745E81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0332C02D, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2258ab5ceb4ccd0601105b7921677f2e4716d31ca7d6c871697cf94c44aa76f0
Instruction ID: 396ffb653213558f8488a4511e02ca89c7d045e332723e872e43c43052b24483
Opcode Fuzzy Hash: 2258ab5ceb4ccd0601105b7921677f2e4716d31ca7d6c871697cf94c44aa76f0
Instruction Fuzzy Hash: 9E011678D052288FCBA5DF24C8883ADBBB5BB8830AF1480E9950EA7355DB711F81CF11

Uniqueness

Uniqueness Score: -1.00%

Function 03322E44, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e8e634222074b2d94c70a4dccd3e5c51868cd939e67e43ec463e935efc52a7b
Instruction ID: e37b29f0337d34b4a8c3335a1cf282cdd9ce9e40692342da3de8093208e109ea
Opcode Fuzzy Hash: 5e8e634222074b2d94c70a4dccd3e5c51868cd939e67e43ec463e935efc52a7b
Instruction Fuzzy Hash: 7101E870902229DFDB64DF24DD90B5DBBB2FF88200F1096E9E009A7254DB305E84CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0332B79B, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb241090945c182cca80c0b46e3be76158b43012c374169bb03dbcaed2e43d65
Instruction ID: 0cf43c99551ff4135051119ca8ae9e71023d8bdb5bb2c4c8629361c7126f1bc7
Opcode Fuzzy Hash: bb241090945c182cca80c0b46e3be76158b43012c374169bb03dbcaed2e43d65
Instruction Fuzzy Hash: 4D019EB490022ACFCB60DF24D958699FBB1FB88316F10C1E9D559A3745DB704D81CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0332B2DE, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e36e76d96eacaf64d41bc86fa9d30320741e77875b23603a20ca1519e6a3c6a3
Instruction ID: be7cf8d7f8b24c6b73cf308b0b98677976fb7489fce2d11a25c6afd64b019d5b
Opcode Fuzzy Hash: e36e76d96eacaf64d41bc86fa9d30320741e77875b23603a20ca1519e6a3c6a3
Instruction Fuzzy Hash: 7C01D674E052298FCB65DF20D89869DBBB5BB88315F1091E9E50EA7344DA311F80CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0332C108, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2de4be1cbd88a2a81b3f84cb2b0835019297bfaafc5f74bdda913d678003db
Instruction ID: a76dbc9381b8a21f4e2d51bcc1cbd131061aa60c3ce2578a20a1a71b80e16253
Opcode Fuzzy Hash: ee2de4be1cbd88a2a81b3f84cb2b0835019297bfaafc5f74bdda913d678003db
Instruction Fuzzy Hash: F8011674D4126B8FCB64DF20D888BADFBB2BB88341F1081FA941AA7705DB301E818F51

Uniqueness

Uniqueness Score: -1.00%

Function 033805F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430587527.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbf89623f620a24022d621a2a896e06059d74e74c427d6897186d6cfac5502d9
Instruction ID: 10f1f070b552f7e4df182a3fa0b20a55eb89365b4c2dfd79c4c35d43c1cbfafc
Opcode Fuzzy Hash: cbf89623f620a24022d621a2a896e06059d74e74c427d6897186d6cfac5502d9
Instruction Fuzzy Hash: 02E06D76A006048B9650CF0BEC41452FBD8EB88630B18C06FDC0D8B711E136B5048EA5

Uniqueness

Uniqueness Score: -1.00%

Function 0332DB73, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee65b326a606bb8b25edf7ba80bb1502d36771a339c3259ef7650568013c59eb
Instruction ID: 4e038a9557aac6e7e119b8055e6d4497e72bbd51cbc5ade8ba271e1eb6152dd2
Opcode Fuzzy Hash: ee65b326a606bb8b25edf7ba80bb1502d36771a339c3259ef7650568013c59eb
Instruction Fuzzy Hash: BEF05874C09398AFCB11DFA8D881A9DBFB1EB05310F0088EAD81097252D6309550DB81

Uniqueness

Uniqueness Score: -1.00%

Function 0332E3A8, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdea105fab3e4d80291225366c3ccc5cf1c8f897837f541abe48ab2a05f7c916
Instruction ID: a61357fb853ed2a3bdc88bdb0b1e87f0db0232ee82551c082fc425c57637312d
Opcode Fuzzy Hash: bdea105fab3e4d80291225366c3ccc5cf1c8f897837f541abe48ab2a05f7c916
Instruction Fuzzy Hash: FFF06D78D002089FCB28EFE8D44265CBBB5AF49300F1445E9C9159B341E6B6AA56DFC6

Uniqueness

Uniqueness Score: -1.00%

Function 071A1B53, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.435643500.00000000071A0000.00000040.00000001.sdmp, Offset: 071A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d0a718b6abe2abcb539970972c66c37edde20143f8bdb935a8d92f61f657e86
Instruction ID: 1bf91e98e53182c94d9f32aa420961c021c5fc72fdee133ca5157becd62815db
Opcode Fuzzy Hash: 7d0a718b6abe2abcb539970972c66c37edde20143f8bdb935a8d92f61f657e86
Instruction Fuzzy Hash: 12E0927290020467D2509A069C85B53FB98DB44A30F18C557EE091A302D172B5149AB5

Uniqueness

Uniqueness Score: -1.00%

Function 071A1577, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.435643500.00000000071A0000.00000040.00000001.sdmp, Offset: 071A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf08bb8b23aa0610093710cd6666a3f37a9b020816bca8d04bea878313ed080a
Instruction ID: 037e45c7f4e65eb2dde36c7fe0660ed6e26dcbf8491448175e75bb7ef5677036
Opcode Fuzzy Hash: bf08bb8b23aa0610093710cd6666a3f37a9b020816bca8d04bea878313ed080a
Instruction Fuzzy Hash: 36E0D87290020467D210DF079C45F53FF98DB80A30F18C557EE091B302D172B614CAF5

Uniqueness

Uniqueness Score: -1.00%

Function 071A1CCB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.435643500.00000000071A0000.00000040.00000001.sdmp, Offset: 071A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cee482ae8f8d4942df7d019ffc4a53141a8000c58eda1f9e4e21c125601667d
Instruction ID: c9a283313c739a408aa1699440f12a1c5326ed92d80a0fea64d7ce8f2c830226
Opcode Fuzzy Hash: 2cee482ae8f8d4942df7d019ffc4a53141a8000c58eda1f9e4e21c125601667d
Instruction Fuzzy Hash: 6BE0D8B294030467D2108F079C45F53FF98EB84A30F18C567ED081B302D172B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0173AE0B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430189237.0000000001732000.00000040.00000001.sdmp, Offset: 01732000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9ed7ca5493613f561d3eee14b27247030bb947267b35e9c24497096850266e
Instruction ID: 4f0f73dde2b19861e9143613cc761a445e9444f7829d805b80b1d3258c99ab4a
Opcode Fuzzy Hash: 9c9ed7ca5493613f561d3eee14b27247030bb947267b35e9c24497096850266e
Instruction Fuzzy Hash: 30E0D872A4020467D2108F079C41F53FB98DB40A30F18C557EE0D1B302D172B5149AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0332BA5F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc7c504a50b7bc7ad5249f026952fee23cc3c89c3c63c806e80189307a4d659a
Instruction ID: fca3b5628e77fc0d4a8634b365aebbb559636daf27145d98838b5baf6fd21bb1
Opcode Fuzzy Hash: dc7c504a50b7bc7ad5249f026952fee23cc3c89c3c63c806e80189307a4d659a
Instruction Fuzzy Hash: 0BF0E774D08228CFDB60DF30D8587E9BBB1BB58305F5082EAD40EA7255DB745A81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0332E4E0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d535d06ebb910fc80452a0a1cb21b2df9b3a5f539f264e3323a7ac2ea6650b5
Instruction ID: 3be717a5ed64e98997d442b7aea1adcbd9db91560d54c28827dbe8c551b67cd0
Opcode Fuzzy Hash: 4d535d06ebb910fc80452a0a1cb21b2df9b3a5f539f264e3323a7ac2ea6650b5
Instruction Fuzzy Hash: A9F06D70906398AFCB16DB78845239DBFF49B06601F0584EBE844DB242E6349948CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0332E568, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f56f69f8c4fb09fa71068ffee3a64c99a3acd27735d7cf6c569d0887966044
Instruction ID: 4fc3d291c69f512605b0cd52967096819e6db60496a3302f5bb801f53a76e964
Opcode Fuzzy Hash: 68f56f69f8c4fb09fa71068ffee3a64c99a3acd27735d7cf6c569d0887966044
Instruction Fuzzy Hash: 7CE0C275D11308AFCB25EFA8949629CBBF4AF49201F1448E998089B250E635AA64DB92

Uniqueness

Uniqueness Score: -1.00%

Function 0332B43F, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5049dcddac016fb7967cac89901a8082f8a35c1527c6dda2a65bf34a486230
Instruction ID: 1da31fe2e5332aaaf072e2ebd1b5f39ffc54b9d6368be1e0cbc12d9b81f28d24
Opcode Fuzzy Hash: 8c5049dcddac016fb7967cac89901a8082f8a35c1527c6dda2a65bf34a486230
Instruction Fuzzy Hash: 61F01274C2922D8FCB64CF20C8887D9FBB8BB48301F0045DAC40AA6280D7305BC0CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0332E4A0, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eadaa0ac85be65e646be77b0d6c77753d1772ff13709d8d9a98ca6c79f603c0
Instruction ID: 6651a83b4bd194429bae1b70efe339b74eb154984009d994e39de98827d3d25b
Opcode Fuzzy Hash: 3eadaa0ac85be65e646be77b0d6c77753d1772ff13709d8d9a98ca6c79f603c0
Instruction Fuzzy Hash: EEE09274D093985FCB56EBB8844178DBFB49B02201F0441EACC44DB293E6385A45CB52

Uniqueness

Uniqueness Score: -1.00%

Function 07D50FEC, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc966cc52b8f103642833a893c23cce1e90a7c1af01fbe309b2484315da23a4
Instruction ID: 5432532d56d2dfc5ec85875a2619f840c235d80e240376ee0947f9f2d5da9d89
Opcode Fuzzy Hash: 6cc966cc52b8f103642833a893c23cce1e90a7c1af01fbe309b2484315da23a4
Instruction Fuzzy Hash: F8F0B2B08553299BCB60DF60CE44BD9B7B0AB45301F5084D98159B6681DB305BC1EF50

Uniqueness

Uniqueness Score: -1.00%

Function 0332E708, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adc77437789a358a9bb83df0c94a939b8f79bc4b9439f04b1ce9e5518c5d5e61
Instruction ID: 8e4d6969f51efd9b589d3ff0a0aca7bb4b8a42a645a3bc1f3e32982f832fd578
Opcode Fuzzy Hash: adc77437789a358a9bb83df0c94a939b8f79bc4b9439f04b1ce9e5518c5d5e61
Instruction Fuzzy Hash: F8E09234D0A3D8AFCB66EB78944139ABFF45B03611F1544E7C884DE143E1380608DB92

Uniqueness

Uniqueness Score: -1.00%

Function 0332E630, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f30c893df1e0bc4b9806fa96d1dfea19ed96b9e6f8be7f6670a5e01019c0d7c
Instruction ID: 0d4b168792f795931babbd401c58e1ceac9267b50b3025d7c9885998bef28619
Opcode Fuzzy Hash: 8f30c893df1e0bc4b9806fa96d1dfea19ed96b9e6f8be7f6670a5e01019c0d7c
Instruction Fuzzy Hash: 3EE01A74D093989FCB66EFB8D481399BFB49B02614F1444EBC854DB282E6385A08DB92

Uniqueness

Uniqueness Score: -1.00%

Function 0332E520, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64482f36ffd107378f9d8956865e13bf050506340ca1a6f5886f649feb3583c6
Instruction ID: d1a259bdeb34ae86afa89f0838248b64faf6e8aa1d30628f932581e5fe696f69
Opcode Fuzzy Hash: 64482f36ffd107378f9d8956865e13bf050506340ca1a6f5886f649feb3583c6
Instruction Fuzzy Hash: 5FE09270D05348AFC755EFB8945225C7FF09F05201F1448EAC480DB291E634D610DF91

Uniqueness

Uniqueness Score: -1.00%

Function 03320070, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d75803752b79c39c898c8136e739e2223d437c652de3a70ed1054efdb57277
Instruction ID: e95354a8716af1a8e7fce86ce9ad3d0716f28ab844766cc69cd42c2ae2409d94
Opcode Fuzzy Hash: 20d75803752b79c39c898c8136e739e2223d437c652de3a70ed1054efdb57277
Instruction Fuzzy Hash: F4E0C271583209E7C718FBB4D95A73FF3A8DF82210F141CAC810533241CE759E10DAA5

Uniqueness

Uniqueness Score: -1.00%

Function 0332B47B, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e25ee7ea42162a20982ca0cd09103a25bce1a726d2c1b45f647653cc514ad4a
Instruction ID: 881eecf2930523e841d8506f104ef35e42dad79f4a69ca2bae13ee2e73223729
Opcode Fuzzy Hash: 0e25ee7ea42162a20982ca0cd09103a25bce1a726d2c1b45f647653cc514ad4a
Instruction Fuzzy Hash: 51F0E774D052298FCB65CF20D8447DDBBB5BB88301F1051DAD509A6384D7305F81CF52

Uniqueness

Uniqueness Score: -1.00%

Function 07D50394, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e459b1ab803fbe6d76e6f0ee7118ea0774cb9de6ff8ad48e7826fa35724dff9
Instruction ID: 0b13626415ed37a3fd69fec15443388889fe286ef4b114904fd6baa51d91d1ba
Opcode Fuzzy Hash: 7e459b1ab803fbe6d76e6f0ee7118ea0774cb9de6ff8ad48e7826fa35724dff9
Instruction Fuzzy Hash: 0CF0F4B0C55229DFCF24CF60C984BEEB7B4AB49300F2081EA8188A3240E2345A85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0332C0DD, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d38dcac0042d4cfd31e0a2c38fa9cd4f7d1737b3f59e4e88f770bce5a0cb02bb
Instruction ID: f2eebcba9cdb54104522fddfb1183a42523090ba95cd4e79a6727a8ca91fb304
Opcode Fuzzy Hash: d38dcac0042d4cfd31e0a2c38fa9cd4f7d1737b3f59e4e88f770bce5a0cb02bb
Instruction Fuzzy Hash: 06F01278C057788FCB65DF20CC893ACBBB5AB48706F1841E9A409A7660DB340F84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 03322B37, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e289dbd5edc58fa2c932971934f20e93716a0e0211d9050d5e2ef682d3ed21c
Instruction ID: a53cebbebdd8b58dc502fb034395e3b94e50bdab08e137002cf0a83d024707ff
Opcode Fuzzy Hash: 9e289dbd5edc58fa2c932971934f20e93716a0e0211d9050d5e2ef682d3ed21c
Instruction Fuzzy Hash: 96E086B04193988FCB6AEF78DC59656BF78BF03616F0448D1E845CB017D7325518C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 0332DB2B, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f727b86055d2f951942dc5bbb2c65e5b076eca1133cca1ee494fd32a647ae57e
Instruction ID: 790e1160401a1e1971e417df2adfa6f28cb2e1265ac8d73446a231caf97d5111
Opcode Fuzzy Hash: f727b86055d2f951942dc5bbb2c65e5b076eca1133cca1ee494fd32a647ae57e
Instruction Fuzzy Hash: 74F0C9B0D00218AFCB58DFA8C8556ADBFF4EB99301F1485AAD814A7251D7359650DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0332F0B0, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec13ae3d27a6ac5b738b224096f48276b0b4e606b8ee3d341e439ddc57c4b9f
Instruction ID: dd094e0868504b8ba44f5c94fad32bab3c2ae5d80b187861e37ab13e24d0a47b
Opcode Fuzzy Hash: dec13ae3d27a6ac5b738b224096f48276b0b4e606b8ee3d341e439ddc57c4b9f
Instruction Fuzzy Hash: 5EE04FB0D01308EFD718EFB4E94966DBBB1EB45712F10C5A9C804A3384E7755A40CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0332DB30, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba1f79be5b754db2ca9c2223dcf3dea2a3e2ea427702ac05c625e576e7af031
Instruction ID: 969e6859b21baeef4a8fb03d5c13ab17cffafaa57fce66033f85d53d7b99c5fa
Opcode Fuzzy Hash: fba1f79be5b754db2ca9c2223dcf3dea2a3e2ea427702ac05c625e576e7af031
Instruction Fuzzy Hash: 67E01AB4D00218AFCB44EFA8C8416AEFBF4EB48301F1085AAD824E7340D7359640DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0332D7D4, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257a86bebc69973026e2573013b2d164a66525e726f5316191054d24abed01cf
Instruction ID: 885c995f68f13b03d9dda16ae39a67bdf5225a2eddf7fa8cd953f9747e5f643d
Opcode Fuzzy Hash: 257a86bebc69973026e2573013b2d164a66525e726f5316191054d24abed01cf
Instruction Fuzzy Hash: 69F04878E04228CFDBA0DF64C981B9DBBB1BB49205F1081AA990DA7746DB305E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 03324CB9, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02e52243ebf3afb94a5b3a7923ff4779aeaf3ddd5dc630bb92d9285bc677057e
Instruction ID: ea84b24eb865976e8689dbfcfa2ee472c26bafea2badb1d3dc943aa3a1a7640c
Opcode Fuzzy Hash: 02e52243ebf3afb94a5b3a7923ff4779aeaf3ddd5dc630bb92d9285bc677057e
Instruction Fuzzy Hash: 00F00C74912368CFCB65DF68D984ADEBBB1FB09311F504599E809A7314D731AE81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0332DB80, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9261aebf0b1a19c93164e78bbf4fb2c29d5c9eff46b055bcd3c4a25fdace1ea
Instruction ID: 8bd8e7e9df039a41ed985c247098073011f971f83f94ed79f3eb5cb92764a13a
Opcode Fuzzy Hash: d9261aebf0b1a19c93164e78bbf4fb2c29d5c9eff46b055bcd3c4a25fdace1ea
Instruction Fuzzy Hash: A0E01AB4D00348EFCB54EFA8C8456ADBBB1FB48310F1085AAD824A3340D7359651DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0332AABC, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16eea27bd56d529cdf841265cbdcd8afdff1531ec031b4eeed9c71714ff163d
Instruction ID: 03826bcaf5036c9dbb64aebeab8fb9690ffa9095d2c1d02c3fc9d45fad52b96f
Opcode Fuzzy Hash: f16eea27bd56d529cdf841265cbdcd8afdff1531ec031b4eeed9c71714ff163d
Instruction Fuzzy Hash: A7E039B1C016848FC758EFA4C0D955CBFBAFB0A226F04A269A01A9F5A4CB208840CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0332C469, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f955daea7c8d51c541ffc19ea7efc0d19708076ea9401a8ee9cdf940b8644274
Instruction ID: 194e3bc27f2e43b7d6383f61e9927851f671453ef180d2eef6557423d8c1134f
Opcode Fuzzy Hash: f955daea7c8d51c541ffc19ea7efc0d19708076ea9401a8ee9cdf940b8644274
Instruction Fuzzy Hash: 60F09234944268CBCBA1DA14C89DAADBB74AB44311F1462EAC44E66664CE715EC1CF09

Uniqueness

Uniqueness Score: -1.00%

Function 07D50B76, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06e5283cddc4b76ab705c4e7773355b055fc67c341a27c7a31a07db14d618e05
Instruction ID: ade71f29227d41fa311137c240ceddaa285d7ebc543ed09868cae086df24597c
Opcode Fuzzy Hash: 06e5283cddc4b76ab705c4e7773355b055fc67c341a27c7a31a07db14d618e05
Instruction Fuzzy Hash: 5AF0DF7580122A8FCB65CF60C944BC8BBB1AB18304F0081E9D448A6251DB349B80DF10

Uniqueness

Uniqueness Score: -1.00%

Function 0332E530, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff3196e3529216ae47e84aa7d5ce39164598995e8ddac9c93a62910626f5fda
Instruction ID: f7a7d20bf151a894751d1924b45ed812929b8810d0ea63ba88a4f7866bb2158c
Opcode Fuzzy Hash: 2ff3196e3529216ae47e84aa7d5ce39164598995e8ddac9c93a62910626f5fda
Instruction Fuzzy Hash: 74E017B4D01308AFCB64EFB994063ACBBF4AB44602F2489E9D8449A240E7399640DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0332E578, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6040ae43c9c6a866030496d28fcae4e8523a36f91b422b3e8f7993775fd3ad5
Instruction ID: 4488637572e05f0059947934e4a6e50624b8ba9792f71973ab2ef0680534ee0c
Opcode Fuzzy Hash: b6040ae43c9c6a866030496d28fcae4e8523a36f91b422b3e8f7993775fd3ad5
Instruction Fuzzy Hash: 1DE0E2B4D11308AFCB64EFB8944639CBBB4EB44601F1084A998089A240E635AA40CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0332A960, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae9d5ebd94c16295db758e071c84453200d6998dc0486b58810cd15d0637698
Instruction ID: cdef448c961710c8d7961da403addcbead84652386c18931e75e7f1f529000e4
Opcode Fuzzy Hash: 9ae9d5ebd94c16295db758e071c84453200d6998dc0486b58810cd15d0637698
Instruction Fuzzy Hash: F2D0A735C4755E8BC728CBA0E3D045EBF78E746840B3059C9D1455FA46DA30A65BA350

Uniqueness

Uniqueness Score: -1.00%

Function 0332A5D8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 084faa7754ce10d33799be0fc28ee744db6b4b765164853fecb96240bfbb99ea
Instruction ID: 8901bc053a276d29198c80b44ea1e90bd6445723efd9f64ddf06849b9253873b
Opcode Fuzzy Hash: 084faa7754ce10d33799be0fc28ee744db6b4b765164853fecb96240bfbb99ea
Instruction Fuzzy Hash: 6DE04F70E15004DFCB08CF64F2C405DBBBBFB85311FA04456E1059B204DB305904CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0332E4F0, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a347eae61f25fed85ed3dce56cc38107d78cdb04fac0303f8c36163d46e763
Instruction ID: 5365860cdd78d400a674d3c23a45aa3b50e8eea2490d3bd64a2551155d5df1dc
Opcode Fuzzy Hash: d2a347eae61f25fed85ed3dce56cc38107d78cdb04fac0303f8c36163d46e763
Instruction Fuzzy Hash: 93E0E2B0D11308AFCB58EFB8D44629CBBB5AB48601F1084A9E80896240E735AA85CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0332E718, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 549dc8058cbf70a80ffdba7148290c8b3bdfa904a22268b8321070939da565c7
Instruction ID: d343faad7bdd53fec2b29b67f48526a1ada469d93ecc0537b17c503fe1b6163e
Opcode Fuzzy Hash: 549dc8058cbf70a80ffdba7148290c8b3bdfa904a22268b8321070939da565c7
Instruction Fuzzy Hash: F9D01770D01308AFCB54EBB8A4053ACBFF49B44601F1085EA884492280E6385640DF92

Uniqueness

Uniqueness Score: -1.00%

Function 0332E640, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6204337787eca660fb1322037e1496f1a38f025b33c7c7d0a3872a87574874de
Instruction ID: fed3b7ba73da5b874d2184cdcea390a5d7e46df257507e5af1ecf0c5bf80cb32
Opcode Fuzzy Hash: 6204337787eca660fb1322037e1496f1a38f025b33c7c7d0a3872a87574874de
Instruction Fuzzy Hash: ACD017B0E00208AFCB54EFA8D54639CBBF4AB44600F1084AA881893280E6345A40DF81

Uniqueness

Uniqueness Score: -1.00%

Function 07D518CF, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e5d3dbecfee580585e9104dbb84b0b093043b47aadc928e4db24cd748e77ad
Instruction ID: 657fc7ce57e4fdfd46dc76be0772e1623ff11c9eaeb484d55d8fcf4b447ef26b
Opcode Fuzzy Hash: 16e5d3dbecfee580585e9104dbb84b0b093043b47aadc928e4db24cd748e77ad
Instruction Fuzzy Hash: 9ED017B0C113089FCB68EBB8940539CBFB1AB41311F2049AECC0492250D7324A40DB41

Uniqueness

Uniqueness Score: -1.00%

Function 017223F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430157718.0000000001722000.00000040.00000001.sdmp, Offset: 01722000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8d97bf4f73306aab552e78fa6893ed7263b752f0df6b93b770c0dd52c951b9e
Instruction ID: 430aeef434eac801aeb0032e4e05625a0cc6d616bc935c49493d3d8c5f446710
Opcode Fuzzy Hash: b8d97bf4f73306aab552e78fa6893ed7263b752f0df6b93b770c0dd52c951b9e
Instruction Fuzzy Hash: F0D05E79315A918FE3268A1CC1A8B957FA4AB51B04F5644FEE8008B663C368D982D610

Uniqueness

Uniqueness Score: -1.00%

Function 03322B48, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dcc157eb57a8cf8227b4b2bf47742cf6873455d6f373d653f47c3f4d2e60b3f
Instruction ID: 46d7ec32b88be34a8a0d9bdf1d8885c1ee34dc4d9e78d0a486f289ae5d400168
Opcode Fuzzy Hash: 1dcc157eb57a8cf8227b4b2bf47742cf6873455d6f373d653f47c3f4d2e60b3f
Instruction Fuzzy Hash: CCD0C9B14052589FC768EFB4A80E61ABBA8E706623F0088A4A909C3105DA315510DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 07D50671, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d63909cdeea21d6daca16c228d8b4db18475ea488ef123482627f4f9cf9ded
Instruction ID: f839fad6d0a9c588d68631896137761b82b11931ad621d8826d277e50a3ef0a4
Opcode Fuzzy Hash: 45d63909cdeea21d6daca16c228d8b4db18475ea488ef123482627f4f9cf9ded
Instruction Fuzzy Hash: D1E0B6B0E452198BDBA8CB64C991BDEFBB1AB54300F2090968658AB294DA715A808F84

Uniqueness

Uniqueness Score: -1.00%

Function 017223BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430157718.0000000001722000.00000040.00000001.sdmp, Offset: 01722000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e79937209f55fafb6a1dc5d709f8406f9305408a4b2855d811caa91e086453
Instruction ID: d8ce8c44f9e4cfe2e318d1c6e8bc614b269701ef25705910bfbd29dfd2cea32c
Opcode Fuzzy Hash: f3e79937209f55fafb6a1dc5d709f8406f9305408a4b2855d811caa91e086453
Instruction Fuzzy Hash: 5BD05E342002818BD719DB0CC594F597BD4AF41B00F0644E8ED008B663C3A4D882C600

Uniqueness

Uniqueness Score: -1.00%

Function 0332AA33, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c26f36bdaa9438c72df27ff4a3323698825b310b33a2e38c14f9f340b72c25
Instruction ID: 231f84e36ed71ebad8f213877fdb82d5af9ff93f939cc3c8037c284374d527cf
Opcode Fuzzy Hash: 67c26f36bdaa9438c72df27ff4a3323698825b310b33a2e38c14f9f340b72c25
Instruction Fuzzy Hash: C9E01775C05228CFCB14CFA0E9882DCBFB4BB84362F20646AE152E7190CB341B80CF14

Uniqueness

Uniqueness Score: -1.00%

Function 07D507B7, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d102d11b31f11ea520b5c345b5ea2d9b64a1cf8a2cb7312f4a868136ac7666d5
Instruction ID: 9c69493ae3fd9f11dcc330832730652ec17ce7854b9af032685fcdb253350429
Opcode Fuzzy Hash: d102d11b31f11ea520b5c345b5ea2d9b64a1cf8a2cb7312f4a868136ac7666d5
Instruction Fuzzy Hash: B4E08232C1522A8ECB24CF20C9843EEFBB0AB01300F5004EA8488B2184C734ABC0CF20

Uniqueness

Uniqueness Score: -1.00%

Function 07D50C81, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c6a95b184fe0d1e6836b409ff7e53a698b60b334444b3c8200403eca30919b2
Instruction ID: c321e4d7cd96c37899cc2e8043cb863758fdbc21bdc320e80a39a411d62e73bc
Opcode Fuzzy Hash: 4c6a95b184fe0d1e6836b409ff7e53a698b60b334444b3c8200403eca30919b2
Instruction Fuzzy Hash: D5D06CB5C09269CFCF24DF20CA487DDBAB0AB50741F0090EA8149B2244C7745BC5CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0332CAF9, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 472613b57048c61272b404b4c0e968f98bd82e011d90fda5aacf37ef5df36929
Instruction ID: 4997b38f5b39821b12631ba58ed3c7a37dccbe827ed17f5f0d8b53b64dc520b1
Opcode Fuzzy Hash: 472613b57048c61272b404b4c0e968f98bd82e011d90fda5aacf37ef5df36929
Instruction Fuzzy Hash: D0D06778D0526A8BCFA0DF64DA8D68DFBB0BB44714F4090DA960DA2210DB305A849F04

Uniqueness

Uniqueness Score: -1.00%

Function 07D509E0, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c890beea40682af10562621c0e81e028dad758fc523d19e754cab5a0da0193fd
Instruction ID: eb97850f3ddebc2e37d39ede7d7638b593f88a4a9f110ac7663ecb2f39f4fcd8
Opcode Fuzzy Hash: c890beea40682af10562621c0e81e028dad758fc523d19e754cab5a0da0193fd
Instruction Fuzzy Hash: 0ED09279C142688BCF25DF30C9142ECBA70AB55321F0456DA91A9B6591D7B00BC1CE40

Uniqueness

Uniqueness Score: -1.00%

Function 0332A9C5, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c9aae85de4be28002be76cdee7693f23bf5ed5e35d80f603e2bf8b37c1cb95
Instruction ID: 32428509d9f2538bae33241c5d6e42ece7646cbd8d199680e0e3bdc6adbc53a9
Opcode Fuzzy Hash: 11c9aae85de4be28002be76cdee7693f23bf5ed5e35d80f603e2bf8b37c1cb95
Instruction Fuzzy Hash: D2C08C3288760A9FCB14CB90E6C008EBBF4FB04A307342A4590769A2DEEB3052428E90

Uniqueness

Uniqueness Score: -1.00%

Function 0332A878, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af60cae59a5217cd8cc79fca474bdded55f083440d70d29c03f2709d5ac136d3
Instruction ID: 330497b1e927ccf51b2b78ed556a24d86c942594d83c14301bb0cb527b57c3e8
Opcode Fuzzy Hash: af60cae59a5217cd8cc79fca474bdded55f083440d70d29c03f2709d5ac136d3
Instruction Fuzzy Hash: FED01275C1A25ADFDF20CFE1E1C40DDFFF4AB08311B105416A451F6254E73846408F10

Uniqueness

Uniqueness Score: -1.00%

Function 0332C648, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2104f0f34009de89ba732c7f930bb695e82b251b6bef88c1f7f27ce342c72e70
Instruction ID: f293de1829e0d019bec404de7ace931f426c863016924316cc17776d2fbb8e1f
Opcode Fuzzy Hash: 2104f0f34009de89ba732c7f930bb695e82b251b6bef88c1f7f27ce342c72e70
Instruction Fuzzy Hash: 3ED0C978C092688BCB70CF20CA487DCBFB0BB04301F0090DAC68EB2600DA340A81DF05

Uniqueness

Uniqueness Score: -1.00%

Function 0332ABFD, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.430543220.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 583ff99fc86ef3d47b869456d15b79bb80ad1db46ae19f039f2fa5b40925a1bb
Instruction ID: 6b1b69367ed1604e7f35c9e35b19c05fc1da38b93b52ee747bad33f8bab8d69e
Opcode Fuzzy Hash: 583ff99fc86ef3d47b869456d15b79bb80ad1db46ae19f039f2fa5b40925a1bb
Instruction Fuzzy Hash: 5EC09B74501559DFC718CF50E5C45597F71FB4D212F245044D54593144DB301C40CF41

Uniqueness

Uniqueness Score: -1.00%

Function 07D50933, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.436642597.0000000007D50000.00000040.00000001.sdmp, Offset: 07D50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ee00c6ad88cc3ddfd8eaccb55056e362d9ae19df83ce698bf0fb998a1eaaa1
Instruction ID: 385ad8f3f14953f9991a3a80caad16c3b77c60083c577ff898e7cd5980d61bbb
Opcode Fuzzy Hash: 60ee00c6ad88cc3ddfd8eaccb55056e362d9ae19df83ce698bf0fb998a1eaaa1
Instruction Fuzzy Hash: E4C02B7183E212CBC73C8E20C1C4349F6B0E302313F00949080D7D0054CE3481C08F10

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: pGKuRU.exe PID: 5644 Parent PID: 3388 pGKuRU.exeCOMMON

Executed Functions

Function 057120A9, Relevance: 6.5, Strings: 5, Instructions: 203COMMON

Download Yara Rule

Strings

EntryPoint, xrefs: 05712232
Load, xrefs: 057121A6
Invoke, xrefs: 05712305
8}ir, xrefs: 057120FB
X1kr, xrefs: 05712281

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
API String ID: 0-2582972406
Opcode ID: f5752273b6b6f378fbc62bbcbe6966a5a48ec796255b478ebe2430e079216c30
Instruction ID: 1dae8abcd2191b1a85e1ba9d4b3fea60bedc7f25a688b1c803c32a88198b8ff2
Opcode Fuzzy Hash: f5752273b6b6f378fbc62bbcbe6966a5a48ec796255b478ebe2430e079216c30
Instruction Fuzzy Hash: C191C478E002189FDB54DFA9C944B9EBBF2BF89300F24C06AD508AB355DB71A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 057120B8, Relevance: 6.4, Strings: 5, Instructions: 199COMMON

Download Yara Rule

Strings

EntryPoint, xrefs: 05712232
Load, xrefs: 057121A6
Invoke, xrefs: 05712305
8}ir, xrefs: 057120FB
X1kr, xrefs: 05712281

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
API String ID: 0-2582972406
Opcode ID: 4bdb695a2a76971652afbfbdf1c468597c04e6b354c1d68b806fe194b42aa79b
Instruction ID: 3bcfb802f6f34adac1e450b6f4d312dd5201216da820507154c4c760ed28cd4a
Opcode Fuzzy Hash: 4bdb695a2a76971652afbfbdf1c468597c04e6b354c1d68b806fe194b42aa79b
Instruction Fuzzy Hash: A291B478E002188FDB54DFA9C944B9EBBF2BF88310F24C069D509AB354DB71A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 05710170, Relevance: 2.7, Strings: 1, Instructions: 1455COMMON

Download Yara Rule

Strings

"Uq, xrefs: 05711142

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: "Uq
API String ID: 0-3550767893
Opcode ID: 0ccdbdee9efb77cd47df90c33d95c2045055860980666c0000391fc9611125cb
Instruction ID: d5a1469664a474091f69c0aa841ececf919e9b9ce5f276f566c19cd2e02a1195
Opcode Fuzzy Hash: 0ccdbdee9efb77cd47df90c33d95c2045055860980666c0000391fc9611125cb
Instruction Fuzzy Hash: 38E2D334A01219DFDB64DB28C894BE9B7B2FF8A310F5141E8D549AB361CB31AE95CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05710180, Relevance: 2.7, Strings: 1, Instructions: 1451COMMON

Download Yara Rule

Strings

"Uq, xrefs: 05711142

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: "Uq
API String ID: 0-3550767893
Opcode ID: 094bc9e1bbe5e85c3cd192cc1474621e345cb8472f751e90de43cad941e4a84b
Instruction ID: 22bea260f36d8afb18e5334d92bde850678a3707f293903c2ab4b35df5ea580c
Opcode Fuzzy Hash: 094bc9e1bbe5e85c3cd192cc1474621e345cb8472f751e90de43cad941e4a84b
Instruction Fuzzy Hash: 4CE2D334A01219DFDB64DB28C894BE9B7B2FF8A310F5141E8D549AB361CB31AE95CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05712733, Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

X1kr, xrefs: 057127CC
X1kr, xrefs: 057127D7

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: X1kr$X1kr
API String ID: 0-2397868964
Opcode ID: b6881730549b66beafdebef4d027ee5369c8e80f614baeefdaa4ee56d7d1487c
Instruction ID: da04469ddf504dd3486c61b21608e3a8ac0d17b2d1e59f9a408b06177f25bc3d
Opcode Fuzzy Hash: b6881730549b66beafdebef4d027ee5369c8e80f614baeefdaa4ee56d7d1487c
Instruction Fuzzy Hash: 4551E5B4E04258DFDB04DFAAC580AAEFBF2BF88300F24C569D814A7255D734AA41DF94

Uniqueness

Uniqueness Score: -1.00%

Function 058C24F3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 058C2573

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: b9380b21f3832d5f76326bd805c1071ff541f03606c2aca838024936c8f72569
Instruction ID: ae4e39eb30926b8a97736f5c87aeb35ddc5d0c4eeed5838ff3f2a1113b1b8e52
Opcode Fuzzy Hash: b9380b21f3832d5f76326bd805c1071ff541f03606c2aca838024936c8f72569
Instruction Fuzzy Hash: E1219F76509784AFDB228F25DC40B52BFB4EF06310F0885EAED85CB1A3D275D908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 058C2675, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 058C26E1

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: a21b4998b448320a048faafab781a220f6573df05c790feaa8b839d4e863eb88
Instruction ID: 3216e581fd10917ea8cb231cdeb15a5634f4d7016e2aa7df7f08e96099fc47e2
Opcode Fuzzy Hash: a21b4998b448320a048faafab781a220f6573df05c790feaa8b839d4e863eb88
Instruction Fuzzy Hash: 231181754093849FD7228F24DC45A52FFB4EF06324F0980DAED858B163D275A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 058C252A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 058C2573

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 3019344de165aaf5d31b07c525f59019f23a3637229d9b4a43a149c37fd2053e
Instruction ID: f0df1a61b8246e23c73f9cbe10adfe9803215e3b07efd9e3e596c539faae5535
Opcode Fuzzy Hash: 3019344de165aaf5d31b07c525f59019f23a3637229d9b4a43a149c37fd2053e
Instruction Fuzzy Hash: C0119E759046049FDB20CF65D884B66FFE5EF08320F08C4AEED86CB651D275E808DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C26A6, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 058C26E1

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: d2638dee5192184fb97a2a6ca87805b8660189bc7bca095461ae2431f6b6404c
Instruction ID: 1e9f20221d9e73fd7215dce5619e6a3c9cb88306d157e9724ee4b6d75a6d0c9e
Opcode Fuzzy Hash: d2638dee5192184fb97a2a6ca87805b8660189bc7bca095461ae2431f6b6404c
Instruction Fuzzy Hash: 9E017C394046049FDB208F15D984B26FFA0EF04720F18C09ADE8A4A255D275E418DB72

Uniqueness

Uniqueness Score: -1.00%

Function 0571894B, Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

i, xrefs: 057188E9

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: i
API String ID: 0-3865851505
Opcode ID: d5819f4723827e1c722a99480fa6226db85aa47bfd659b162f3301d900601ce6
Instruction ID: 8528def7aec1c94e5bab4ca76af97f08059fcac4423e64a6a75fb2138df047fd
Opcode Fuzzy Hash: d5819f4723827e1c722a99480fa6226db85aa47bfd659b162f3301d900601ce6
Instruction Fuzzy Hash: CF91ABB4E05248CFDB14CFA9D48499DBFB2FF49310F10C0AAD805AB259DB749A06DF56

Uniqueness

Uniqueness Score: -1.00%

Function 0571B0E0, Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

r@>@, xrefs: 0571C1FF

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: r@>@
API String ID: 0-2817613862
Opcode ID: 373983b4ef9a40e9e0e286017fecb861277ad40e728c7cfc57a811af427213c3
Instruction ID: 844fc4965c2a8de9d03f5c3d41f2a7d57da0945bb02a46bc0b58ea0db494e705
Opcode Fuzzy Hash: 373983b4ef9a40e9e0e286017fecb861277ad40e728c7cfc57a811af427213c3
Instruction Fuzzy Hash: 0E813874E452288FCBA0CF69D989799BBB6BB49304F1080EAD50DE7214DF349E84DF04

Uniqueness

Uniqueness Score: -1.00%

Function 0571E758, Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

:@Dr, xrefs: 0571E82C

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: :@Dr
API String ID: 0-3830894600
Opcode ID: 6e61a9a6efeab66be0e5c0435627176b99d90aa977f9a9897bda360b4d43de90
Instruction ID: 06600bb31477df5ac13141c8785da6cf8d8f37bfadc2c9b82cca7e30c296584f
Opcode Fuzzy Hash: 6e61a9a6efeab66be0e5c0435627176b99d90aa977f9a9897bda360b4d43de90
Instruction Fuzzy Hash: C881F2B4E01209DFDB14DFE8D5849ADBFB2FF89300F20946AD806AB258DB345A41DF58

Uniqueness

Uniqueness Score: -1.00%

Function 0571555B, Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76194805645c23c25fdcf473a8c8ac05c00eb19d917d67f9231050e85a7e85f6
Instruction ID: 983f982b5b947f34e05bdfa31ccb20e14b293dc29ba819f687fcc9e255249ff9
Opcode Fuzzy Hash: 76194805645c23c25fdcf473a8c8ac05c00eb19d917d67f9231050e85a7e85f6
Instruction Fuzzy Hash: 14F191B4805206DFCB0CCF98C5848BEBBB2FB95724F949595D805BB205E7309A41EFE8

Uniqueness

Uniqueness Score: -1.00%

Function 057156B0, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20db34dbc41cbcb9074aa574544a175e9f064533900cf5b4fff752f782b210e1
Instruction ID: dca8306c7683885b96e7b26fdce3b065df6c01b247f9e032c895bf121c872773
Opcode Fuzzy Hash: 20db34dbc41cbcb9074aa574544a175e9f064533900cf5b4fff752f782b210e1
Instruction Fuzzy Hash: 08C10C74D0520ADFCB08CFA8C5948AEFBB2FF89310F24955AC806AB255D734EA41DF95

Uniqueness

Uniqueness Score: -1.00%

Function 057135D8, Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3332443780727c31ecb9a71c2673e26360e132ec81308324a9036e1cdabd3cc
Instruction ID: b137e4da7aeec01dd9d0290d72f9150774febae9067d7db2197b0c93f72fc4cf
Opcode Fuzzy Hash: c3332443780727c31ecb9a71c2673e26360e132ec81308324a9036e1cdabd3cc
Instruction Fuzzy Hash: C7A16A74D04248CFCB08CFA9C445AAEBBB2BF8A310F6484A9D805BB355D735A902DF59

Uniqueness

Uniqueness Score: -1.00%

Function 0571363B, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0684310867e9005327f6b9831bca2315b803f78bdcdb87c022505a95946d53
Instruction ID: c3b7dcc1ef7aee60318b334ebe41b8656282539aad5772a50108094fd7072019
Opcode Fuzzy Hash: df0684310867e9005327f6b9831bca2315b803f78bdcdb87c022505a95946d53
Instruction Fuzzy Hash: B8811474D04209DFCB08CFA9D955AADBBB2FF89300F20846AD805BB354DB349A45DF55

Uniqueness

Uniqueness Score: -1.00%

Function 057183DC, Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55827eaa1824553c50f062665c5a8bd2fb802760aaf711de476aca9cbcdd556b
Instruction ID: 73ce213203f073c6c8809619a665e6305e70fc40716da1a1e9ed77ce33f39f9e
Opcode Fuzzy Hash: 55827eaa1824553c50f062665c5a8bd2fb802760aaf711de476aca9cbcdd556b
Instruction Fuzzy Hash: 2C81DE75A05384CFCB10CFACE484A5DBFB1FB09314F2481AADC059B29ADB749A05EF56

Uniqueness

Uniqueness Score: -1.00%

Function 057140A8, Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee5b4a4671f3316cf74f715ae93ff5fa58dd7dfeec63b2868467ca87273e14f
Instruction ID: 78969f4bc9ce3ce454e30bb20d008b675fb1144818b312355c00b605bd9d9f57
Opcode Fuzzy Hash: eee5b4a4671f3316cf74f715ae93ff5fa58dd7dfeec63b2868467ca87273e14f
Instruction Fuzzy Hash: E08118B4D0520ADFCF44CFA9C4809AEFBB2FB89310F10956AD815BB254C7359A41DF98

Uniqueness

Uniqueness Score: -1.00%

Function 05713DB8, Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f54f29ef1a6b5aaa341c72e60681d9cc3eba18eda6a9d477670554bac254e653
Instruction ID: 5b34712226ef6f4d99332a089efb443a18452459696d89dfb3d4ca0fe05f9df5
Opcode Fuzzy Hash: f54f29ef1a6b5aaa341c72e60681d9cc3eba18eda6a9d477670554bac254e653
Instruction Fuzzy Hash: 57619CB1D09309DFCB04CFA9C4416AEFBB2FB89300F1499AAC815B7255D7349A45DFA8

Uniqueness

Uniqueness Score: -1.00%

Function 07C60007, Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 555474975e79f6c156c6a03d0184b35b1c3f73f900fd8c7c39c9b01653409dac
Instruction ID: 8c0bd5a62b44ec997a2901cccbc521cfb5b3a1e64f8e0bece68a9b5a99f7f2f5
Opcode Fuzzy Hash: 555474975e79f6c156c6a03d0184b35b1c3f73f900fd8c7c39c9b01653409dac
Instruction Fuzzy Hash: C5619FB49093598FD725CF64C884BD9BFF2AF4A300F1580EAC548EB292E7344A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05713DF8, Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de5a0fe4c586d6ecfc8a4e50a6f3f86290317eb36744a31a832fe433e102f6c9
Instruction ID: 11b56e4f8315fc2829dbeec1310767b1fbaea802acdc05346e9bcddcbd97ed90
Opcode Fuzzy Hash: de5a0fe4c586d6ecfc8a4e50a6f3f86290317eb36744a31a832fe433e102f6c9
Instruction Fuzzy Hash: 586169B1D09349DFCB04CFAAC4416AEFBB2FB89300F14946AC415BB255D7349A45DFA8

Uniqueness

Uniqueness Score: -1.00%

Function 05713678, Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bbc4b185fae6ec70913c64ace0574f52f1ddbad95e67d202cdba64e4daa8d5
Instruction ID: 15a8b5902b39be5315e1fa19fd80a9bff33e6848317b3a2ea085d566dd3185e9
Opcode Fuzzy Hash: 13bbc4b185fae6ec70913c64ace0574f52f1ddbad95e67d202cdba64e4daa8d5
Instruction Fuzzy Hash: 4571D274E05209DFDB08CFA9C595AAEBBB2FF89300F20846AD806BB354DB345A45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 05718427, Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ad0fd0d166c2f8b361c021ae7908d2618d8d4974712c61cb31a24b35e610b9
Instruction ID: b8dce2ae5911ce9cbca705873ea95ccf0be6a57afe69daca407540284af8fd92
Opcode Fuzzy Hash: 00ad0fd0d166c2f8b361c021ae7908d2618d8d4974712c61cb31a24b35e610b9
Instruction Fuzzy Hash: 4371D075A05244DFCB20CFACE584A5DBFF5FB09324F1481AAD805DB299DB309A05EF46

Uniqueness

Uniqueness Score: -1.00%

Function 05714823, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9180dd92472c0bcc3b2924ca257e0ab4383585ae7b98b8a9648caea760e3db30
Instruction ID: 8af56d94fcc7b65b4ab3e4306ac06e7054d098b02ab22ceb9834a04887a97763
Opcode Fuzzy Hash: 9180dd92472c0bcc3b2924ca257e0ab4383585ae7b98b8a9648caea760e3db30
Instruction Fuzzy Hash: 6E61E675E01219DFDB14CFA9D9806EEBBB3FF89310F108466D905AB214DB34AA45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 05713E78, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0501c662869613fe7357d90bdfe45a7915b8ae175281aa31f9d9667024d1337
Instruction ID: 659328fecf90469934770fc81dc398a508a10fb1018702abf6f4d301337f5cec
Opcode Fuzzy Hash: a0501c662869613fe7357d90bdfe45a7915b8ae175281aa31f9d9667024d1337
Instruction Fuzzy Hash: DA5149B1D0520ADFCB08CFAAC4405AEFBF2FB88300F14996AD515B7254D7349A45DFA8

Uniqueness

Uniqueness Score: -1.00%

Function 07C6003C, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95cbeb2ba70487642d85ee305519b3e0b2364e490b2d3a83a649dbd34ae0c1bd
Instruction ID: 5421230ed9c56b7b5acd5432650938042496c8a02610b107c8cda86d3e8cd0e0
Opcode Fuzzy Hash: 95cbeb2ba70487642d85ee305519b3e0b2364e490b2d3a83a649dbd34ae0c1bd
Instruction Fuzzy Hash: 68514CB5D052199FDB68CF69CC84BDABBF2AF89300F1480EAD508A7254EB745A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 07C60070, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70044dcce662f1333b3788ee8f31b9006856562471fdb8401828e0cf59163b8f
Instruction ID: 4373c7b295efb41c5256ec90295a3655359fadeda0d3ff204f500bba3d5d56fc
Opcode Fuzzy Hash: 70044dcce662f1333b3788ee8f31b9006856562471fdb8401828e0cf59163b8f
Instruction Fuzzy Hash: 0F512AB4E052198FDB64CF65C884BDAFBF6AB88300F1080FAD619A7244EB705A85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05715DE0, Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1ab416a269ca76c8a4b5789d8139968b266ce923f69cd2295ec37ebe95d2a11
Instruction ID: 3ce7438019eefe38430be3c8cc8797bf1ed3c5f8453ee8ac7ad6757dae3eba2c
Opcode Fuzzy Hash: c1ab416a269ca76c8a4b5789d8139968b266ce923f69cd2295ec37ebe95d2a11
Instruction Fuzzy Hash: A451F474E04209DFCB18CFA8C5859AEFBF2FF89300F14909AD915AB215D334AA41DF99

Uniqueness

Uniqueness Score: -1.00%

Function 057141D3, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414b2d225a4cf16d10ea4512dda2195fe6d02af876ad6f1844f527ad49a07dea
Instruction ID: f52f6ea80e354c59fcfc307f6eefa8a7108734f806b37eb01425718ebf154629
Opcode Fuzzy Hash: 414b2d225a4cf16d10ea4512dda2195fe6d02af876ad6f1844f527ad49a07dea
Instruction Fuzzy Hash: BC5105B4E1521A9FCB04CFA9C5809AEBBF2FF99300F1085AAD814AB355D7349A41DF94

Uniqueness

Uniqueness Score: -1.00%

Function 0571AE9B, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b70a550762c5e744841694a48b57e0b79aae781cba40a3059d72b7b8d933dc0
Instruction ID: 47848f48744c9ecfc1252ab2886393818c5cb290e22b3da6b75d8e4d0da3e966
Opcode Fuzzy Hash: 6b70a550762c5e744841694a48b57e0b79aae781cba40a3059d72b7b8d933dc0
Instruction Fuzzy Hash: 2C4148B0D16209DFCB44CFA9D585AEDBBF5FB89300F20946AD805F7214D7349A059FA8

Uniqueness

Uniqueness Score: -1.00%

Function 05717958, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7441e98c6ea53f2c6826f0aed496fc0aa621272db6186aec8e72115f1becdd9e
Instruction ID: 65df65f75b4b9c653996546d4cd4fddf6f85a3a2b8d4acebc5d600c89f011ebb
Opcode Fuzzy Hash: 7441e98c6ea53f2c6826f0aed496fc0aa621272db6186aec8e72115f1becdd9e
Instruction Fuzzy Hash: 48412B70E05619DFDB18CF6AD88469EFBB3FF85300F04D1A6D808AA214D7349A45CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0571AEA8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f753a5e71c09548b9e758e196db6227cd44b2e266cbc80bd88c19f576c8140d7
Instruction ID: cab9802b8f4c188f6476a063a069f0277e4320b0c23b26b9ebeb9b1f01d78654
Opcode Fuzzy Hash: f753a5e71c09548b9e758e196db6227cd44b2e266cbc80bd88c19f576c8140d7
Instruction Fuzzy Hash: C0313AB0D26209DFCB44CFA9D5859EDBBFAFB4E310F10A42AD415F6214D7349A019BA8

Uniqueness

Uniqueness Score: -1.00%

Function 07C6036E, Relevance: 2.5, Strings: 2, Instructions: 31COMMON

Download Yara Rule

Strings

R^, xrefs: 07C603E5
R^, xrefs: 07C603EF

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID: R^$R^
API String ID: 0-3555706379
Opcode ID: c8971f08c2ef45aea87142b389cd1deb5a106f1b31b920a6d36d80c35fd1f1f2
Instruction ID: eb484e4186aee3e1e066cf6756d0db9912021b22b167c3438d0d2426b9cda2bd
Opcode Fuzzy Hash: c8971f08c2ef45aea87142b389cd1deb5a106f1b31b920a6d36d80c35fd1f1f2
Instruction Fuzzy Hash: 2A0128B4C15329DFCF24CF21C9C9BEABBB0AB45305F1085EAE44966600D7310AC6DF00

Uniqueness

Uniqueness Score: -1.00%

Function 07C6055A, Relevance: 2.5, Strings: 2, Instructions: 23COMMON

Download Yara Rule

Strings

YL6z, xrefs: 07C605AE
YL6z, xrefs: 07C605B8

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID: YL6z$YL6z
API String ID: 0-3855105777
Opcode ID: e4b988c9523cbc09b52621d1b6537b285140758b2e2d02ce08a3a0cd40807c43
Instruction ID: 1949ded906e67b50d9508bf236045d3343c1a87476cb901e9e13415f37342944
Opcode Fuzzy Hash: e4b988c9523cbc09b52621d1b6537b285140758b2e2d02ce08a3a0cd40807c43
Instruction Fuzzy Hash: 4DF09DB4C05229DFDB248F61CA96BDCBBB1AB08300F2004D9926DB6248D7355FD5DF11

Uniqueness

Uniqueness Score: -1.00%

Function 01832477, Relevance: 1.7, Strings: 1, Instructions: 401COMMON

Download Yara Rule

Strings

Hr4*, xrefs: 01832661

Memory Dump Source

Source File: 0000001A.00000002.446191128.0000000001832000.00000040.00000001.sdmp, Offset: 01832000, based on PE: false

Similarity

API ID:
String ID: Hr4*
API String ID: 0-1207970257
Opcode ID: 0019d6f69ab3e4c4322513224a1369999d81f072da263e1005f21526178e2a94
Instruction ID: 508963793c93888ef3ff7f56cdbb584e1088b66593c419a0ee749df7b9c4589f
Opcode Fuzzy Hash: 0019d6f69ab3e4c4322513224a1369999d81f072da263e1005f21526178e2a94
Instruction Fuzzy Hash: E9C1A0A190E3D29FC74747346878550BF77AE9336431E41CBD692CE0E3E2154B0AA7EA

Uniqueness

Uniqueness Score: -1.00%

Function 058C1A6E, Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 058C1B7D

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f2b33b1e100b78d39ff8d53f57145758aac9cc467f0ea2e949b534aca6ef7a39
Instruction ID: b3acbb8426906ac84cae322f835edf4569ed332e6c89f308c473a6a3ba0a530e
Opcode Fuzzy Hash: f2b33b1e100b78d39ff8d53f57145758aac9cc467f0ea2e949b534aca6ef7a39
Instruction Fuzzy Hash: EB513A7150D3C05FE7138B658C64AA2BFB4AF47610F0A44DBE9C4DF1A3D264A809D771

Uniqueness

Uniqueness Score: -1.00%

Function 058C1EE3, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 058C1F93

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b95c4778a6b73986bd95aef5b483b6d9b28c84ea0d2117f8ebbbbbcee0358072
Instruction ID: 6e84dd44a37f66461149da5d37cb6ae8805594c0c161db39b64f2a1c888f1529
Opcode Fuzzy Hash: b95c4778a6b73986bd95aef5b483b6d9b28c84ea0d2117f8ebbbbbcee0358072
Instruction Fuzzy Hash: AE31A371408384AFE7128B65DC44F6BBFACEF46720F04849BE985DB152D364A909DB71

Uniqueness

Uniqueness Score: -1.00%

Function 058C1516, Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 058C15C0

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: c166890179e99620fdf82fbf921395d49618b4ec504a79c4c781b4d057684b4b
Instruction ID: 4a5ae58797ddefed09aa26184c8a20b080d377a9dae85586475aa2c93ae8a61f
Opcode Fuzzy Hash: c166890179e99620fdf82fbf921395d49618b4ec504a79c4c781b4d057684b4b
Instruction Fuzzy Hash: 1731A171409384AFEB228F64DC95FA6BFB8EF06314F0884DBE985DB153D234A909C761

Uniqueness

Uniqueness Score: -1.00%

Function 0183AC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0183ACD1

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9ce5111bca8b9ea55db26a0f4e6880f744532eef95ff728fe3b4e4d519b2e5e8
Instruction ID: f50c9f0296bb1a1a0d833d325c9667945de8c6d68f31bef9822b26f38f8b0cbe
Opcode Fuzzy Hash: 9ce5111bca8b9ea55db26a0f4e6880f744532eef95ff728fe3b4e4d519b2e5e8
Instruction Fuzzy Hash: 4C31A472544384AFE7128B25CC45F67BFACEF46710F08849BED81DB152D265A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0183AD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 0183ADD4

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: bcd26922f2390f93e039156bf4aded2b2f2ad1d150b1d24fedd1687abad513b1
Instruction ID: d81d88416391b20199f675007cf9203a3a38d27f2ba3a8a8074c10caa345c2ea
Opcode Fuzzy Hash: bcd26922f2390f93e039156bf4aded2b2f2ad1d150b1d24fedd1687abad513b1
Instruction Fuzzy Hash: A2319371509384AFE722CB25CC84F92BFF8EF46710F18849AE985DB153D264E549CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 058C07E2, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 058C0889

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 17162c553e660f527944e29170f6bf77de0682610b1a00a3b40298964684cef0
Instruction ID: 65785f95407bcbbe68e1b01d09789e30d95194c62af3fd417cdc22e3ad6910a8
Opcode Fuzzy Hash: 17162c553e660f527944e29170f6bf77de0682610b1a00a3b40298964684cef0
Instruction Fuzzy Hash: 9331A171509384AFE712CB25CC85F56FFE8EF06210F08849EE985CB292D334E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C08E0, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 058C0996

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f8a52584e21762e4956cf25c2c5fb2f59ef134a08cf3c1d9a9eb86ed3ed87324
Instruction ID: 9fd66619dcc9b795ba5d02e4bf98218deeba6a8fe2825796a140588cb547460d
Opcode Fuzzy Hash: f8a52584e21762e4956cf25c2c5fb2f59ef134a08cf3c1d9a9eb86ed3ed87324
Instruction Fuzzy Hash: 1D31D7754097C06FD3038B259C55B62BF78FF47624F0A81DBE8848B563E224691AC7B1

Uniqueness

Uniqueness Score: -1.00%

Function 058C1847, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 058C18E3

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 7abfe2ac71ff4101262bb517764fa47b2b42dc319efccde2bffaa8269764f1fc
Instruction ID: 8fefe4c78f7551084e1b1a80d8e030124ed14b7f22bca85ec29756e028d961a4
Opcode Fuzzy Hash: 7abfe2ac71ff4101262bb517764fa47b2b42dc319efccde2bffaa8269764f1fc
Instruction Fuzzy Hash: D6218F72508344AFE721CB65DC84F6AFFA8EF46710F18849AED849B252D224A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C1BD4, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 058C1C69

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 44898fdab719f78a2974bfb75bc618841e1a4acedd659da04dc47ef54510d0fb
Instruction ID: df1b47ac452941abbd134bfa1d634066f04c9a113beeec5d4dc48a6e123caa0e
Opcode Fuzzy Hash: 44898fdab719f78a2974bfb75bc618841e1a4acedd659da04dc47ef54510d0fb
Instruction Fuzzy Hash: BE21FBB54493806FE7128B25DC41F62BFA8EF47720F1884D7ED849B193D264A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 058C1F16, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 058C1F93

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6f3fcd445b9ed421645e0ae4ae5e7d0bd46fdd84ca6e252de8016b62b8cfe51b
Instruction ID: 8e951231f4c897116bb7b477d1b76325755ed964f754617f28be9a26c09d7de0
Opcode Fuzzy Hash: 6f3fcd445b9ed421645e0ae4ae5e7d0bd46fdd84ca6e252de8016b62b8cfe51b
Instruction Fuzzy Hash: B9219D72500204AFEB219F65DC88F6BBBACEF05720F14896AEE45DB651D774E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0183A2AC, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0183A346

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: aef47e7f5bdf691f30b6a8671ec2be9ab95cd0bd1945ad9a8d9a40d12d0e2e4c
Instruction ID: 188a6a3acefbc0523cd992932a837f06192ee0b09ee448480f4ce69853dee058
Opcode Fuzzy Hash: aef47e7f5bdf691f30b6a8671ec2be9ab95cd0bd1945ad9a8d9a40d12d0e2e4c
Instruction Fuzzy Hash: BF21B67144D3C06FD3138B259C51B22BFB8EF87A24F0981DBE884CB553D225A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 058C1AFE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 058C1B7D

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d5fde43ac4d89efa6760d8cb4c36ab5b4b36b52ef2f14e65cbe18f68cc562cca
Instruction ID: b0d18bf1785417a5ea6a19e4bdbb0e98afdc0d8a46399c8be4e8ae155b7cd30e
Opcode Fuzzy Hash: d5fde43ac4d89efa6760d8cb4c36ab5b4b36b52ef2f14e65cbe18f68cc562cca
Instruction Fuzzy Hash: 6E218B71504204AFE721DF25C888F66FFE8EF48610F1488AEED858B252E371E804CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C1CA4, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 058C1D35

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: eff1b60389bfc8fef4e2590a4ca3ff84cc66e3ca11af440c0f8d27a9fb329a72
Instruction ID: d8f8626c70ada572144d514665d616255f143c1026715cb3043a3ab8426a3061
Opcode Fuzzy Hash: eff1b60389bfc8fef4e2590a4ca3ff84cc66e3ca11af440c0f8d27a9fb329a72
Instruction Fuzzy Hash: 1E219271409780AFD7228F65DC44F66BFB8EF46314F0885DBEA849B153C265A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C1FF1, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 058C2078

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 601b6e77404b3c9423c7ee4e9481bab9648debcc6122a478782b44b0de0a1bf1
Instruction ID: 714182f2f167d3e493ead4c42803bd5d3ce7b9bd0b06e6820138819aa4b67443
Opcode Fuzzy Hash: 601b6e77404b3c9423c7ee4e9481bab9648debcc6122a478782b44b0de0a1bf1
Instruction Fuzzy Hash: B3218E765093809FDB128B25DC91A92BFB4EF06210F0984DBDC858F2A3D635A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0183AC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0183ACD1

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0a06467344b98aaf822ad4b5bf0b41ecd59059df7653b16437854c5e11644c48
Instruction ID: 515cbb24a35aa8fc56efd7eab841fd27fa09c5d5c106b8d6d5313ff34181dc31
Opcode Fuzzy Hash: 0a06467344b98aaf822ad4b5bf0b41ecd59059df7653b16437854c5e11644c48
Instruction Fuzzy Hash: D121AE72500604AFE7219B69DC84F6BFBECEF44720F18845BEE85DB241D664E9098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 058C2370, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058C23F2

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 0197220b8471a18061b61bae58508f76d06ebf4dc918889dfab29e77c3bb31c3
Instruction ID: 7e9268d494eb852cf0d3c756824286a244a55f683789bc548accd5e7011a0a85
Opcode Fuzzy Hash: 0197220b8471a18061b61bae58508f76d06ebf4dc918889dfab29e77c3bb31c3
Instruction Fuzzy Hash: 422162765093805FD7128B25DC85B92BFA4EF06220F0984EEDD85CB153D274E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C0816, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 058C0889

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 97357c70ceefa65e6876cd43f747f0e5b3ca00b256bc27b6246a246a7c08a087
Instruction ID: d8fc8e59c6883b24c61950b07d2fe9e0e62b22e555c77fb0ce9f200fbc98c454
Opcode Fuzzy Hash: 97357c70ceefa65e6876cd43f747f0e5b3ca00b256bc27b6246a246a7c08a087
Instruction Fuzzy Hash: DD217C71504204EFE720DB65CC89B6AFFE8EF04620F1484AEEE85DB642D775E805CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 058C1872, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 058C18E3

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: fa0c45562bbbd1af62bd5e4165d3e3fe1a8cd96a222030b2a098f2d9c6c25a0f
Instruction ID: 220d2cc26d7061bdc68e672a63895a529fa56761cca4fe5aa35df90eb6369308
Opcode Fuzzy Hash: fa0c45562bbbd1af62bd5e4165d3e3fe1a8cd96a222030b2a098f2d9c6c25a0f
Instruction Fuzzy Hash: 0F219F72504304AFE720DB25DC85F6AFFA8EB44710F14846AED45DA641D674E8098B75

Uniqueness

Uniqueness Score: -1.00%

Function 0183AD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 0183ADD4

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c26a03d72cadb9658757fe3aac425ca6c5841e275fae1a1593d99140da2597f9
Instruction ID: 440831e091c6b12ead92d2a56fa5adceaa5752f2f7ca3be32fb1ef2d42e8b5c3
Opcode Fuzzy Hash: c26a03d72cadb9658757fe3aac425ca6c5841e275fae1a1593d99140da2597f9
Instruction Fuzzy Hash: A2218C71600604AFE721CF29CC84FA7BBECEF45711F18846AEE85DB251D764E508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 058C01E1, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058C0250

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 1b4b7bba3845350c1ff015133d59db6f86e9a453717723411d95e4e0ed8056be
Instruction ID: 75c2d6a7c929dc7a0d9428c36ee9ed19c2454ce222780f79e945565c5697a0c4
Opcode Fuzzy Hash: 1b4b7bba3845350c1ff015133d59db6f86e9a453717723411d95e4e0ed8056be
Instruction Fuzzy Hash: E721C2714093849FD7138B65DC89B55BFA8EF42224F0981DBDD858F6A3D278A808DB62

Uniqueness

Uniqueness Score: -1.00%

Function 058C1556, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 058C15C0

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: ff08b65cca2fc744e74b9ce34e11e3a1fafd2e5292e4714a35f23ba1474b18c9
Instruction ID: 1e1e56eb332c33a463989c7797e8debb6d0c90de0be5619dd5a69bc211a02d31
Opcode Fuzzy Hash: ff08b65cca2fc744e74b9ce34e11e3a1fafd2e5292e4714a35f23ba1474b18c9
Instruction Fuzzy Hash: D1118C71500204AEEB21DF65DC84FAABBA8EF45724F1484ABEE45DA251D674E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058C22B4, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058C2334

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3b1f24901f155e8eca98cd7a0815d80e029b6bea5c1b2200679cab7aca7d937a
Instruction ID: 3f23fedf09fe04f1b0227a7b49d8be479f7432133a559afbebef917e4942f6e6
Opcode Fuzzy Hash: 3b1f24901f155e8eca98cd7a0815d80e029b6bea5c1b2200679cab7aca7d937a
Instruction Fuzzy Hash: AD21AF765097809FDB128B25DC85A96FFF4FF07220F0980DEDD858B163D225A848DB21

Uniqueness

Uniqueness Score: -1.00%

Function 058C09BF, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 058C0A4B

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7ef80bac73bfe01c4bab7f2519afcd9f7fd0f1b61b481b224e056d496c397850
Instruction ID: 052833793e0b99e336ca654e937a7b9268bba6552a4bcab618e51cf059745205
Opcode Fuzzy Hash: 7ef80bac73bfe01c4bab7f2519afcd9f7fd0f1b61b481b224e056d496c397850
Instruction Fuzzy Hash: 7021E771509384AFE721CB24CC85F66FFA8EF46720F14809AFD449B292D274A948C762

Uniqueness

Uniqueness Score: -1.00%

Function 058C25C0, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058C262C

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 3a582b429226b7d34c877ff34dadaeb0086d8f8fa4ace47d7fd8581cdd5b886e
Instruction ID: ee7ce199dfca9e98be68ce33545740797314eab089d3363dc4b8844780fd67e0
Opcode Fuzzy Hash: 3a582b429226b7d34c877ff34dadaeb0086d8f8fa4ace47d7fd8581cdd5b886e
Instruction Fuzzy Hash: 9021AE725093C49FDB128B25DC54A92BFE4EF43624F0980EADD858F263D274A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0183B7C9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0183B845

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 007332ab26bac23e04399412111770fe7449dfb0e5d463aa20a8fc5029733257
Instruction ID: aaf1124daac33f262d324fc3db865732310d5ae03d731e00badf44b6ef6e275a
Opcode Fuzzy Hash: 007332ab26bac23e04399412111770fe7449dfb0e5d463aa20a8fc5029733257
Instruction Fuzzy Hash: B121C0B5509380AFE7228E25DC41B62BFE8EF46714F0C808AED84CB253D275E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C27B9, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 058C282D

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 81f424464159270a2dad7bbf8c3249a9b801301094ae662e20e093f650342a4b
Instruction ID: ecfa70cca162627afda4a04d067ac83d8df641548183fd37b7302c4d97d55af8
Opcode Fuzzy Hash: 81f424464159270a2dad7bbf8c3249a9b801301094ae662e20e093f650342a4b
Instruction Fuzzy Hash: 5E216A714093C0AFDB228B25CC44A52BFB4EF17220F0984DAEDC58B163D265A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0183A5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0183A666

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e92960780ac202fd70a9ea2ed3bf3ee96c13f8a290e972b10f7e04f2762b03f1
Instruction ID: be80a1a3ebad27a0e1da0cf36278a53dd156ae871b644dce4ca7883e6269a4fd
Opcode Fuzzy Hash: e92960780ac202fd70a9ea2ed3bf3ee96c13f8a290e972b10f7e04f2762b03f1
Instruction Fuzzy Hash: 3711A271409380AFDB238F54DC44A62FFF4EF8A310F08849AEE858B162D275A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C1CD6, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 058C1D35

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 173719ef7e44a1501d3bd23941ddc75707cb20da856d765e177261903210c2fb
Instruction ID: 30340ebd0cb96cbf7a08c6545f96b255b57e4e421a72c58a41812f36acce2390
Opcode Fuzzy Hash: 173719ef7e44a1501d3bd23941ddc75707cb20da856d765e177261903210c2fb
Instruction Fuzzy Hash: E511BF71400604AFEB21CF65DC84F6AFFA8EF45720F1485ABEE459B252C274E808CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 058C2213, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058C2278

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 0b2f37e70668e4607a14a2295001c2e7dceebc531e8c846ebe2e6d9847645077
Instruction ID: 9f2cacb5eb15bb19717efb1d4e933d6ccd181f98c69cce12769e8952298cde93
Opcode Fuzzy Hash: 0b2f37e70668e4607a14a2295001c2e7dceebc531e8c846ebe2e6d9847645077
Instruction Fuzzy Hash: 9E119376409784AFDB228F25DC40E52FFB4EF46220F08C0DEED858A562D275A558DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C2AA7, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 058C2B11

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 4ace0eeb4eb9a1d0ba0c93f0dc1940709da053c693bd32654e3b9ced50c5a733
Instruction ID: becffc2be805b82db57c349fcc45f427c25542d60c00413c0fe0584fd27d85a9
Opcode Fuzzy Hash: 4ace0eeb4eb9a1d0ba0c93f0dc1940709da053c693bd32654e3b9ced50c5a733
Instruction Fuzzy Hash: AC119075409384AFDB228F25DC85B52FFB4EF06224F1884DEED858B1A3D275A818DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C09E2, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 058C0A4B

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 226751dab74e6678a15fed247213bcfeea27c61a6ad6cbdc1e2d59ba303c41d0
Instruction ID: aa51d0c513f8be0e036858b0115a60dc3498e93fa9042bbc1891e6411bc6f0a9
Opcode Fuzzy Hash: 226751dab74e6678a15fed247213bcfeea27c61a6ad6cbdc1e2d59ba303c41d0
Instruction Fuzzy Hash: 3E11E571600604EFE720DB25DC85F7AFF98EF05720F14C09AEE459A381D2B4A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058C216C, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 058C21CB

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 8ff6947410c9f7d86cad3305f8de8597f299e66a12ed28c0c6567b4dd5411a47
Instruction ID: 9d695e72488eedb4cb36141a382947e2103fba912ad0aba8b89da2bdeb0a4837
Opcode Fuzzy Hash: 8ff6947410c9f7d86cad3305f8de8597f299e66a12ed28c0c6567b4dd5411a47
Instruction Fuzzy Hash: 14118F755093849FD7118B25DC85E66FFE8EF06220F0980EEED858B262D278E948DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058C23AA, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058C23F2

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 3d5f33304a83808264619b9256538ef6550ef91820bdcf57aeecedeb97b9f584
Instruction ID: e71afd05f0708a3dc9881e18e0faff720b05e036abb4e31047d341bd3eb5aaed
Opcode Fuzzy Hash: 3d5f33304a83808264619b9256538ef6550ef91820bdcf57aeecedeb97b9f584
Instruction Fuzzy Hash: 9F1182756046049FD710CF29DC84B56FFD8EF04220F08C4AEDD8ACB291D674E804CA61

Uniqueness

Uniqueness Score: -1.00%

Function 058C1C16, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,68C13D06,00000000,00000000,00000000,00000000), ref: 058C1C69

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 2763620fe7e383cff50a653875c6ba25d34e18f5320453af53ef6e14cf839e15
Instruction ID: 4a853045236fd4a56898fc02e784342479fe9a3586ec2fd718cf1ba0d57d02fa
Opcode Fuzzy Hash: 2763620fe7e383cff50a653875c6ba25d34e18f5320453af53ef6e14cf839e15
Instruction Fuzzy Hash: 4B01C071504604EEE720DB15DC85F66FF98EF05720F14C09BEE499B242D6B8E809CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0183A42A, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0183A480

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: acc3b45edae05017f02a2407537069b49f68e7017553805b09fab0ad9c8f6735
Instruction ID: a0f2d74d1f009465cba3326ed88af9cc1323614d386e0749c4032680390a02ff
Opcode Fuzzy Hash: acc3b45edae05017f02a2407537069b49f68e7017553805b09fab0ad9c8f6735
Instruction Fuzzy Hash: E41152754093C4AFD7128B15DC84B62FFB4DF46624F1880DAEDC58B253D279A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0183AEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0183AF50

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e3a5cafa57222e45996d80cb4101448cdc4b09cd1420ae17cba56961901583ec
Instruction ID: 1921c320c0861876199d8b3f18f71e0cc6a5c0dfc31e0529960674d2a0501bd9
Opcode Fuzzy Hash: e3a5cafa57222e45996d80cb4101448cdc4b09cd1420ae17cba56961901583ec
Instruction Fuzzy Hash: 82119171409784AFD7228F15DC44E56FFF4EF46320F08849EED858B262C375A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0183AAEC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0183AB46

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: d2a3ee6f283347be6b11df33bb2654dff5a34dff2b84cf5b7f33064d7f15e25a
Instruction ID: 3bc62b0ee44b4ba699b7fad13502a08f8fb001033837cf8b61fc275614b30f7d
Opcode Fuzzy Hash: d2a3ee6f283347be6b11df33bb2654dff5a34dff2b84cf5b7f33064d7f15e25a
Instruction Fuzzy Hash: B011A031409784AFC7228F15DC84A52FFF4EF46320F08C49AED858B262C275A508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058C22EE, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058C2334

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2ceac2caa66d3e52190be01ebf2beede110e8797f0938566ef5760b9ada65817
Instruction ID: d2f05a1e8dcff90803c845fe5d63b97cac439689de65d58810b00a52239ef3d5
Opcode Fuzzy Hash: 2ceac2caa66d3e52190be01ebf2beede110e8797f0938566ef5760b9ada65817
Instruction Fuzzy Hash: 870139395046049FDB21CF29D884B66FFE4FB04620F1884AEDD868B6A2D275E858DA61

Uniqueness

Uniqueness Score: -1.00%

Function 058C203E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 058C2078

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 89e1de0307b7b068f811d8307d2e1d163c9f00c06dd6580f5cd0b4c499f9985d
Instruction ID: 1761dffe8be15b6f289af21be0b2abfbd5b171fd578e5d518a5b972dedb02b50
Opcode Fuzzy Hash: 89e1de0307b7b068f811d8307d2e1d163c9f00c06dd6580f5cd0b4c499f9985d
Instruction Fuzzy Hash: 7D019E755042449FDB10DF29D884766FF98EF00620F18C0AFDD8ACB292D675E848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0183B7FA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0183B845

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 5d6889ada3310e5537ff208001957f7cb95c98a48e0abe904c805b622fc05b24
Instruction ID: 79da7bdba2f689cd67afef0153651cd6185f3deeed2001f281f1d0990b4ec129
Opcode Fuzzy Hash: 5d6889ada3310e5537ff208001957f7cb95c98a48e0abe904c805b622fc05b24
Instruction Fuzzy Hash: CB016DB55006049FDB20DE19D885B26FFE4EF44760F0C805ADE49CB212D275E508CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0183A622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0183A666

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: bdbaee372b8317bc6e67b6918fc6e796cea001c3c3936ecf23082ef38f1670e4
Instruction ID: 878f78c02bfc9b1d187758e2ca36b1e0106bf073d6513a0ffcfae1712f169689
Opcode Fuzzy Hash: bdbaee372b8317bc6e67b6918fc6e796cea001c3c3936ecf23082ef38f1670e4
Instruction Fuzzy Hash: CC01C431400604DFDB218F55D844B16FFE4EF88320F08C55ADE898B612E375E514DF61

Uniqueness

Uniqueness Score: -1.00%

Function 058C218E, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 058C21CB

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 4b4d3936b87141ce235eaa8b2ab180dd7acf47534c0988b71178ad9aab3751dc
Instruction ID: 8781d375e109e8b9a97b7c8bbb345c0a9470bfb3f8e46089b9d548f6f9f50f3d
Opcode Fuzzy Hash: 4b4d3936b87141ce235eaa8b2ab180dd7acf47534c0988b71178ad9aab3751dc
Instruction Fuzzy Hash: A301B1395046449FDB10DF19D884B6AFFE8EF04620F18C0AFDE86CB691D274E848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0183A2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0183A346

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4994019d740fab8aadd6202731d9ba79d9db8b32c45546962acca6a4a3176e74
Instruction ID: daf7bf5b6e901f0c7b2ded7e1c21a13f1a230954259a5812be2557ca71652c1f
Opcode Fuzzy Hash: 4994019d740fab8aadd6202731d9ba79d9db8b32c45546962acca6a4a3176e74
Instruction Fuzzy Hash: 2601A271500600ABD210DF16DC86F26FBA8FB88B20F14815AED084B741E335F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 058C25FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058C262C

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 2c522575f3fc5a3ae57f559a1162276a1c06c1a38794709156d95f7214f2ed10
Instruction ID: 25e73b6a78bf4f49fea942a07fafe1580c5f2eb9274553157c67906afb951fc3
Opcode Fuzzy Hash: 2c522575f3fc5a3ae57f559a1162276a1c06c1a38794709156d95f7214f2ed10
Instruction Fuzzy Hash: 2401DF759042449FDB10CF29D884B66FFA4EF40720F18C0ABDD8ACB652D6B5E808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 058C021E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058C0250

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 326aa2e1dcaecb2e82426e5b8697de612efea4b2889b53f6ff45126b4e4eac69
Instruction ID: 1df39edde0eb10b0553694aeebcfa250f2d88b8f0d682b0069f59bb223866002
Opcode Fuzzy Hash: 326aa2e1dcaecb2e82426e5b8697de612efea4b2889b53f6ff45126b4e4eac69
Instruction Fuzzy Hash: DC01BC71904204DFDB11CF69D88976AFF94EF04220F18C0ABDD0ACB602D279E808CA61

Uniqueness

Uniqueness Score: -1.00%

Function 058C223A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058C2278

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: b0036365b4d9c9d2e3c8d19ad5ed494579b4cf275b4045c60ea43c557bd08ce2
Instruction ID: a3b85c597ab2e79bc138502b15ff946a0fcefa927720d1a33b20ccb754dc0e17
Opcode Fuzzy Hash: b0036365b4d9c9d2e3c8d19ad5ed494579b4cf275b4045c60ea43c557bd08ce2
Instruction Fuzzy Hash: D201B13A504604DFDB208F55D884B66FFA5EF08720F08C09EDE878BA51D275E818DF62

Uniqueness

Uniqueness Score: -1.00%

Function 058C0946, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 058C0996

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 95b5baf5fc4192eecfe37907b5fae2372bfa6cc0af05e8d139f8cb6e3ab1bf98
Instruction ID: 3e66f9fcff4963c2464a3a44150b519394ef78de44beaf6bc81c74fd80439539
Opcode Fuzzy Hash: 95b5baf5fc4192eecfe37907b5fae2372bfa6cc0af05e8d139f8cb6e3ab1bf98
Instruction Fuzzy Hash: F801A272500604ABD210DF16DC86F26FBA8FB88B20F14811AED084B741E375F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 058C2AD6, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 058C2B11

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c0c4a74c81b93276c72c9d9dded2e09af73b8b5af9651f8c08d0737162a4a15b
Instruction ID: d66709d98b2e81ff6a343b7d6c0ceae2aa85f271d5a129fcfe424a9842f3e274
Opcode Fuzzy Hash: c0c4a74c81b93276c72c9d9dded2e09af73b8b5af9651f8c08d0737162a4a15b
Instruction Fuzzy Hash: 2101D435504704DFEB218F15D884B66FFA0EF04320F08C09EDD868B651D675E818DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0183AF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0183AF50

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9f2df4120f1582e5c8a083e08cef7799515c9043866e0533aa97ec8afc9f1b58
Instruction ID: 81927791cea019f30563c1669077479aacf280b0e432eba16c06187d20adb004
Opcode Fuzzy Hash: 9f2df4120f1582e5c8a083e08cef7799515c9043866e0533aa97ec8afc9f1b58
Instruction Fuzzy Hash: 9701DF71400604DFDB219F15D884B26FFA0EF48720F08C09ADE898B262D3B6A118DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 058C27F2, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 058C282D

Memory Dump Source

Source File: 0000001A.00000002.450666087.00000000058C0000.00000040.00000001.sdmp, Offset: 058C0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1f233f4f245a5b1b1515a351a4a3d885cb5cbc29c97f509fa68eb4523adacaa1
Instruction ID: 994d4fac8ca1b4bac13da571031639d424c8e6a3b3322034084f73c60d8d5063
Opcode Fuzzy Hash: 1f233f4f245a5b1b1515a351a4a3d885cb5cbc29c97f509fa68eb4523adacaa1
Instruction Fuzzy Hash: D7018F35804604DFDB20CF15D885B26FFA0EF08320F18C0AEDE8A4B252D275E418DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0183AB0E, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0183AB46

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 87a53e18a260aece24dd76bc9ece5b79ffb51d6b7c49fda341d069210efae1c7
Instruction ID: fda2a76c7df6c993bc383b94ebeeef07378dda21e1a90cd54fdd016722c2036d
Opcode Fuzzy Hash: 87a53e18a260aece24dd76bc9ece5b79ffb51d6b7c49fda341d069210efae1c7
Instruction Fuzzy Hash: FF01D131404604DFDB248F19D884B12FFA0EF44720F18C49ADE8A8B252C2BAA508DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 0183A44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0183A480

Memory Dump Source

Source File: 0000001A.00000002.446199485.000000000183A000.00000040.00000001.sdmp, Offset: 0183A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: f5a47de673839c3ee00670a331fa19b0b42516bc9358e0c14a962ad6c3cad461
Instruction ID: 31f528621a1e1107e5e8f1a8632d767f791c589da5bace1408eb5a7052f6226d
Opcode Fuzzy Hash: f5a47de673839c3ee00670a331fa19b0b42516bc9358e0c14a962ad6c3cad461
Instruction Fuzzy Hash: A3F0A435804644DFD7109F19D888765FF94DF44724F18C0AADD898B216D2B9A508CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 07C61798, Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

Uoq^, xrefs: 07C617D4, 07C617D9

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID: Uoq^
API String ID: 0-2995016766
Opcode ID: c108145c138c64a92baf9e06c1fc9e6ef496c1433b1b8b2f360c963a276a6ef2
Instruction ID: 97ededd9aa845cf1bf80889b1b5798154c7dde2a8cde2794361f019b2574e266
Opcode Fuzzy Hash: c108145c138c64a92baf9e06c1fc9e6ef496c1433b1b8b2f360c963a276a6ef2
Instruction Fuzzy Hash: 89217CB0D0124DEFDB04DFB9C9865ADBBB2EF8A601F1484AAC405E7251DB348B04CF52

Uniqueness

Uniqueness Score: -1.00%

Function 057100B8, Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

</kr, xrefs: 0571011C

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: </kr
API String ID: 0-2427075492
Opcode ID: 28b715337826d9c2fa45d1ced7f96afb958daf3c7d68b56bcf3908c790230186
Instruction ID: 12236c1b621b0e02f0094111c6af008301e425f7c38d8f6bc11a83f40a061018
Opcode Fuzzy Hash: 28b715337826d9c2fa45d1ced7f96afb958daf3c7d68b56bcf3908c790230186
Instruction Fuzzy Hash: A0114F74D05209DFCB05DFA8C594AAEBBB2FF46300F2441A9C804A73A1DB305E44DB95

Uniqueness

Uniqueness Score: -1.00%

Function 07C617A8, Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

Uoq^, xrefs: 07C617D4, 07C617D9

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID: Uoq^
API String ID: 0-2995016766
Opcode ID: fce122c7993376e9167913587effa4dd8f31fc6f38779f52f9850cc8eee15dd6
Instruction ID: dfa35c3dc74f085c43984cce43a95549d1724200e0023baa7313cebe2f0effff
Opcode Fuzzy Hash: fce122c7993376e9167913587effa4dd8f31fc6f38779f52f9850cc8eee15dd6
Instruction Fuzzy Hash: F3114FB0D1120DEFCB04DFA9C5855AEBBB6FB89701F1584AAD405E7240DB349B00CF56

Uniqueness

Uniqueness Score: -1.00%

Function 057100C8, Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

</kr, xrefs: 0571011C

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: </kr
API String ID: 0-2427075492
Opcode ID: bde757560fa36d9773fa0c3a629e94ed9d0f0706b43d6362e17c780b3c23ba01
Instruction ID: 16161e210d7ef715e315e4c7023ba21a1022a5bf67e080a433d976699b15cbfc
Opcode Fuzzy Hash: bde757560fa36d9773fa0c3a629e94ed9d0f0706b43d6362e17c780b3c23ba01
Instruction Fuzzy Hash: C911E874E01209DFCB04EFA8C584AAEBBF2FF85300F2441A9D904A7361DB30AE44DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0571C1BF, Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

r@>@, xrefs: 0571C1FF

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: r@>@
API String ID: 0-2817613862
Opcode ID: 429750b9c7633d199398f8bafd479f5fcb54a04df573619dd57e3d1ff331b00e
Instruction ID: b14735f794660981559c19b2bcaa35d1122f6a7c56b891585ad4adcad82b566d
Opcode Fuzzy Hash: 429750b9c7633d199398f8bafd479f5fcb54a04df573619dd57e3d1ff331b00e
Instruction Fuzzy Hash: 80118D78E012288FCBA0DF68D98C79ABBB9BB49304F1040EAD54DA7215DF345E81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0571BD10, Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

_>>, xrefs: 0571BD2E

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: _>>
API String ID: 0-2807168339
Opcode ID: 5c1c24dcb24cd93ed7da9307a4d7ec7967deea3d0b8b364140908a5836aa77da
Instruction ID: a61ab90ceaaa7db2b949b2f17d3222efd53b5320e15923c69ed70cf93fb0b62b
Opcode Fuzzy Hash: 5c1c24dcb24cd93ed7da9307a4d7ec7967deea3d0b8b364140908a5836aa77da
Instruction Fuzzy Hash: 6911DFB8D022289FCB74EFA4D89C299BBB1FB49301F1041DAC80DA6354DB385B81DF14

Uniqueness

Uniqueness Score: -1.00%

Function 05712C1E, Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

f]Ir, xrefs: 05712C23

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: f]Ir
API String ID: 0-3302829692
Opcode ID: b9a065667df65bf0d4d7000762ea3e40b99025a92318791cec04acbe8c687b05
Instruction ID: 8851c0c119e45dc3601d7eede82feb7dbdd7425b8ed9f81bf81f22427c2c9ea4
Opcode Fuzzy Hash: b9a065667df65bf0d4d7000762ea3e40b99025a92318791cec04acbe8c687b05
Instruction Fuzzy Hash: E6F0A938E21219CFEB24CF28E940A5EB7B2FB85300F1591A9D809AB240C7309E408F65

Uniqueness

Uniqueness Score: -1.00%

Function 0571BF63, Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

z, xrefs: 0571BFF0

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: z
API String ID: 0-1509636059
Opcode ID: 4ff4e86b77a3747b6cdddd40ac62dae0110a3eb61e04332178fcb9c4b842dda2
Instruction ID: 570456fda23886b58c9a20d55f67bec6ed22ae5a324598593135dad39be93f6e
Opcode Fuzzy Hash: 4ff4e86b77a3747b6cdddd40ac62dae0110a3eb61e04332178fcb9c4b842dda2
Instruction Fuzzy Hash: 80017278E012289FCB70DB64D9696DABAB2BB49305F1080D9990EA7244DE305F81DF55

Uniqueness

Uniqueness Score: -1.00%

Function 057154B2, Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

FOG, xrefs: 057154D6

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID: FOG
API String ID: 0-1269656527
Opcode ID: af8e468a55d667ed2483d3acf50157acc9eb42034ff180eb9f485344ff5b5ee9
Instruction ID: d6ce12d16e13237dccfb5e29e79a8cfa9f11b062ca429a2185316819a78a44b4
Opcode Fuzzy Hash: af8e468a55d667ed2483d3acf50157acc9eb42034ff180eb9f485344ff5b5ee9
Instruction Fuzzy Hash: F7D06778905258CFCB20CFA4C6809DDBBB2EB09701F500294D80967314CB319E81DF44

Uniqueness

Uniqueness Score: -1.00%

Function 05712421, Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df0a6ed823a64f725c3a72208503f5df89904a3a0bccb95a53e312f9e2b2f2e
Instruction ID: 3bfcf2468e1b85dbd9985d96a165241ffe49f11f9c41b2151dfad72d8823074b
Opcode Fuzzy Hash: 0df0a6ed823a64f725c3a72208503f5df89904a3a0bccb95a53e312f9e2b2f2e
Instruction Fuzzy Hash: 92911675D01219DFDB25CFAAC840BEDBBB2BF85304F5080A9D508BB291DB719A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05712900, Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a20c4127449243e49c60e2fe65d7d23a8c27ce7ce43ba3aeb42a4148995ed022
Instruction ID: 3847e8b1d0c1160ee8033062d47845e1933ff957d76774db8f2af9ee5d8ea0ff
Opcode Fuzzy Hash: a20c4127449243e49c60e2fe65d7d23a8c27ce7ce43ba3aeb42a4148995ed022
Instruction Fuzzy Hash: 01518E74E002199BDB14DFADD854BAEBBF2BF89700F24806AE905BB355DB306D01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 05718488, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be6e150c86bfd4747d243b4186f9db3a0b9ee393277947185e9b97aa6654a03
Instruction ID: 7ef9546c2167acdbee3322ea5430c3a6b1e8b769a7b625297a166e424966c539
Opcode Fuzzy Hash: 4be6e150c86bfd4747d243b4186f9db3a0b9ee393277947185e9b97aa6654a03
Instruction Fuzzy Hash: B9616774A01248DFCB24CFE8E58495CBFB6FB48315F10846AE809AB358DB709A45DF95

Uniqueness

Uniqueness Score: -1.00%

Function 057184F2, Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea18a39732594c5df77630e565933c91e434023411fa816221f43992b8444560
Instruction ID: 1149cd0b43e752a97ba293b7958bb41f37bbdfd30176e28ba0e42fbda8110bd0
Opcode Fuzzy Hash: ea18a39732594c5df77630e565933c91e434023411fa816221f43992b8444560
Instruction Fuzzy Hash: 6D6155B4A11248DFCB14CFE8E58496CBFF6FB08324F10846AE805AB258DB709A44DF55

Uniqueness

Uniqueness Score: -1.00%

Function 05718893, Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ab0b1843bdffc6693966eb18a199004d1fa6d81d10ac78498d44608a732ce8
Instruction ID: 859d2e72a6fc6d2fb5bcb17831f29829c56fc9718e252bffa1077c42c8ca08f8
Opcode Fuzzy Hash: 86ab0b1843bdffc6693966eb18a199004d1fa6d81d10ac78498d44608a732ce8
Instruction Fuzzy Hash: 53518AB4A11248DFCB14CFE8E58499CBFF5FB08310F10846AE809AB358CB709A45EF55

Uniqueness

Uniqueness Score: -1.00%

Function 0571854F, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdb8375cb8e487319566194c633d37a258d283b46ea0eaae0b4a84fdeda509d
Instruction ID: 5187b9592b94fa494143d783d6bfe24f8976e34c6a0cc83a4edf2906fb64683f
Opcode Fuzzy Hash: bfdb8375cb8e487319566194c633d37a258d283b46ea0eaae0b4a84fdeda509d
Instruction Fuzzy Hash: 755156B4A11248DFCB14CFE8E18499CBFF6FB08314F20846AE805AB258CB749E44DF55

Uniqueness

Uniqueness Score: -1.00%

Function 05718605, Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e93b10cba1b2ddebe13cafd956e25d6039af8a693b11cc670809f0b5da6659
Instruction ID: 548e4991bca554ba334ded08f13a1e097eabcc99a2bae0dd32402c2922f44d02
Opcode Fuzzy Hash: 93e93b10cba1b2ddebe13cafd956e25d6039af8a693b11cc670809f0b5da6659
Instruction Fuzzy Hash: 3A5199B5A11248DFCB10CFE8E58496CBFB6FB08320F20806AE805AB358DB749E45DF55

Uniqueness

Uniqueness Score: -1.00%

Function 05716AC8, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb025a71f855e144388168e4e123f4431c802bf3462ac26a89b784cb0cabef8d
Instruction ID: 51c3d73c3b3d6e94a06a0162cf0cf901fcecb3de73f86f58954be5128739ec8b
Opcode Fuzzy Hash: eb025a71f855e144388168e4e123f4431c802bf3462ac26a89b784cb0cabef8d
Instruction Fuzzy Hash: F941F5B4D05209EFCB14CFA8D685AAEFBF2FF48304F20855AD801A7604D734AA40DF94

Uniqueness

Uniqueness Score: -1.00%

Function 05716ABB, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4763bea25ff5607a46fdae903fdf52ac3080403950ebbe117e2ec53653dfe300
Instruction ID: d543398a154e7b9135c1adb925303543ba1f9b963fc87eb622d80308106cc14d
Opcode Fuzzy Hash: 4763bea25ff5607a46fdae903fdf52ac3080403950ebbe117e2ec53653dfe300
Instruction Fuzzy Hash: FE5119B4E01209EFCB14CFA8D581AAEBBF2FF49314F24855AD901AB601C735AA41DF94

Uniqueness

Uniqueness Score: -1.00%

Function 05711CC1, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2f0d3ff38d6674bacce98c84b81e76248ccdc3831f466c4fbdee201a27caf3
Instruction ID: 01adb4df4969dae27f3d27fe4041ac872de594560127104b7712eb8262b43834
Opcode Fuzzy Hash: 2d2f0d3ff38d6674bacce98c84b81e76248ccdc3831f466c4fbdee201a27caf3
Instruction Fuzzy Hash: 4F41A474E01208DFCB44DFA9D494AADBBF2FF89300F2480AAD815A7354DB359A45CF55

Uniqueness

Uniqueness Score: -1.00%

Function 05711CD0, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c336f998bfd9c8886c1d68d7630eed5e99594442a64b68e00e0dc1a9dc15e40
Instruction ID: 9e890df99bcf3b7b94ab7ecec5de6794f7d8dc5bc150b1a7b595336172bcb2fd
Opcode Fuzzy Hash: 3c336f998bfd9c8886c1d68d7630eed5e99594442a64b68e00e0dc1a9dc15e40
Instruction Fuzzy Hash: BC4182B4E01208DFCB44DFA9C594AADBBF2FF88300F24806AD819A7354DB35AA45CF55

Uniqueness

Uniqueness Score: -1.00%

Function 07C60292, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df062708526e52ff5d2850a3aa87df8a3b572126e797a4b472086ae979f5f7c
Instruction ID: 89fd182e551d8b875481a9b51749745d56c5a932e828e516ec5999f93b9f095d
Opcode Fuzzy Hash: 1df062708526e52ff5d2850a3aa87df8a3b572126e797a4b472086ae979f5f7c
Instruction Fuzzy Hash: CD41EA78E012298FDB64DF64C984BDEB7F1AB58300F1084EAD619A7254EB745BC5CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05710007, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8fbbdefcd15b5dfa84e70b36c946bab48b2e00975cfab067c012e3d23355b69
Instruction ID: ec6b82126ce352d2ef297f24f5ae912f541a62b5c72ccf6386aec464cce42768
Opcode Fuzzy Hash: a8fbbdefcd15b5dfa84e70b36c946bab48b2e00975cfab067c012e3d23355b69
Instruction Fuzzy Hash: 0A21385140F3C45FC7079778A829AA67F70AF03214B0E44DBD484DF1A3E96A498AD37B

Uniqueness

Uniqueness Score: -1.00%

Function 0571EB20, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa99b9edac234691a80b4b93e86eb977dee658cc556b50e21f02c12f9c65673c
Instruction ID: 0990a9b0260776ec29a1143a584c879b3e7dd8d2eed647f52746590b92c8a30f
Opcode Fuzzy Hash: aa99b9edac234691a80b4b93e86eb977dee658cc556b50e21f02c12f9c65673c
Instruction Fuzzy Hash: F7313974D05209DFCB20CFA9D181AAEBFB6FF48300F1094AACC16A7254DB389A44DF59

Uniqueness

Uniqueness Score: -1.00%

Function 07C60239, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c0be75f3eb55e3d89ad0327594249f811805bd6eb6f73cc123d5fa429a6d67c
Instruction ID: 00ef21e56ea43fac5ee2d6431ed690e9a0112295a9368c7c066717e559b03788
Opcode Fuzzy Hash: 1c0be75f3eb55e3d89ad0327594249f811805bd6eb6f73cc123d5fa429a6d67c
Instruction Fuzzy Hash: 2C41F7B8E012299FDB64CF64C884BDAB7B2AB58300F1084EAD619A7244EB705A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05711ADB, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6028efa85010a7cc8402b1dcb468afd17ccb1ec1e70affe15af28ceae357598c
Instruction ID: ee97d515bfce076c373b1d2d86a57ad1cecf84a8cd06e35407c52b8ea78cf870
Opcode Fuzzy Hash: 6028efa85010a7cc8402b1dcb468afd17ccb1ec1e70affe15af28ceae357598c
Instruction Fuzzy Hash: 3B31D874E01208DFDB44DFA9D844AAEBBF2FF88310F14816AE805A7354DB355A41DF51

Uniqueness

Uniqueness Score: -1.00%

Function 07C6027A, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9734bc26514e1fd578041fc379f238345cf82646f4204f30850608f0df081f13
Instruction ID: 71d895e9eaa984919f38b3875bd1bfcfac96f1826e9229c443a7590c68b68c2c
Opcode Fuzzy Hash: 9734bc26514e1fd578041fc379f238345cf82646f4204f30850608f0df081f13
Instruction Fuzzy Hash: 8E3106B4E012198FDB64CF68C884BDAF7B2AB48300F1084EAD619A7244EB705A85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 07C6025F, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262df25d11af572bba94ed03ebabefd6df07d7fd43c59d150d2d4824669a3a0d
Instruction ID: c97e04570fb48457612b770486c8a231457f8c260b51b5879acd095187863798
Opcode Fuzzy Hash: 262df25d11af572bba94ed03ebabefd6df07d7fd43c59d150d2d4824669a3a0d
Instruction Fuzzy Hash: E431F8B4E412299FDB64CF64C984BDAB7F2EB58300F1084EAD619A7244EB709A84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 057140B8, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6014c31a77026bde7cce052361111b0379d68187e1c1d44ead3249e9dbc1093
Instruction ID: a7c023bec6b82051e92564a82de778a5dfcfff14a0dee029c8c892173f2f88ea
Opcode Fuzzy Hash: e6014c31a77026bde7cce052361111b0379d68187e1c1d44ead3249e9dbc1093
Instruction Fuzzy Hash: E331E7B4E14209DFCB54CFAAC4809AEBBF2FF89300F1095AAD815AB754D7389A41DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0571952F, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a28e347bc9cb686e1a7f624d9745615c4e207aac61cf86b3788477f0f900a68
Instruction ID: ae579eb905a3465a83ebfa9318fee96f7a65efa093e74e58a0181b0ba4201b15
Opcode Fuzzy Hash: 8a28e347bc9cb686e1a7f624d9745615c4e207aac61cf86b3788477f0f900a68
Instruction Fuzzy Hash: 60314AB4D09309DFCB04CFA9D54469EBBB2FF59300F1081AAC906AB265E7349A41DB55

Uniqueness

Uniqueness Score: -1.00%

Function 0571B0D4, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91e403ed6e5a23729ac68da7fcd523286c63258d81b26e6191fc394b5777d6fc
Instruction ID: d90149e97bbdfce49fe46bd3e7913f0af8d1788fd7c396b1adcf59e3304348a0
Opcode Fuzzy Hash: 91e403ed6e5a23729ac68da7fcd523286c63258d81b26e6191fc394b5777d6fc
Instruction Fuzzy Hash: 4331EB74D012188FDBA4DF65D849799BBB2BB89304F14C1E9D90DA7254DF304E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0571B0DB, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6316463dce1bb179a92bf5e8962571caf40b564b2e396ca2e3be71c526cf5e30
Instruction ID: 222b9a1902d9d3e06babbf3026eb48ed2957603e704e4dab85f959ff3d5c63bb
Opcode Fuzzy Hash: 6316463dce1bb179a92bf5e8962571caf40b564b2e396ca2e3be71c526cf5e30
Instruction Fuzzy Hash: 6D31E974E012288FDBA4DF26D84979ABBB2BB89304F14C0E9D50DE7254EF345A85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 05719550, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c6249a66ed01a1f35d718dd18b4ea7d167b58abf41564167471ccdfea28d56
Instruction ID: eb96a05367dc28d03dae99f0a41fb608a76d6337e16ccfe26e344b0191315535
Opcode Fuzzy Hash: d6c6249a66ed01a1f35d718dd18b4ea7d167b58abf41564167471ccdfea28d56
Instruction Fuzzy Hash: 4B2105B4D05209DFCB14CFE9D5845AEBBB2FB88300F2094AAC906B7254EB349B41DF55

Uniqueness

Uniqueness Score: -1.00%

Function 05711C00, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c601b60fece96a63905810f80d266912fb6f44d62d4a22a5712296eed533a2
Instruction ID: 328a9346d0ae517e7680955bd758df0f59fada9f56f640fb32ecd1ca2bc40384
Opcode Fuzzy Hash: 51c601b60fece96a63905810f80d266912fb6f44d62d4a22a5712296eed533a2
Instruction Fuzzy Hash: 722192B4D05219DFCB04DFA9C5806AEFBF2BB48300F60956AD804B7350E7749A81DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0571AFF8, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700574cc1245f467f864f8b99516a79e6228be5210fd981c0a3a7c8bba83135c
Instruction ID: bf88299259248e7d4cd9de213a9e1d85a75f565c5ebc7266189316d86ead3921
Opcode Fuzzy Hash: 700574cc1245f467f864f8b99516a79e6228be5210fd981c0a3a7c8bba83135c
Instruction Fuzzy Hash: 7811ACB0E06209DFCB04DBBCE4455DCBBF1FB4A200F1084AAC919EB214E7319905CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0571D3FB, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15eee329c8c1cd94ee487d7ed66638ad04878ba25dc411913e0ec93afa8557fa
Instruction ID: c808135f132df2a5763d0dcc2f2808366df7d4e0d881d77dc587571b2083149d
Opcode Fuzzy Hash: 15eee329c8c1cd94ee487d7ed66638ad04878ba25dc411913e0ec93afa8557fa
Instruction Fuzzy Hash: A8213B74D04708CFEB24CFAAC8453AEBBB2AF89300F24C16ACD15AB252D7795905DF85

Uniqueness

Uniqueness Score: -1.00%

Function 070E1C60, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.451834732.00000000070E0000.00000040.00000001.sdmp, Offset: 070E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6dc94212b006af901c50860096a6406fa7931f1d053c341a8685ce62d914a13
Instruction ID: 111250b07059cd46cf4b4571da15f433c1389eea8cd642d0433088768c083a3e
Opcode Fuzzy Hash: d6dc94212b006af901c50860096a6406fa7931f1d053c341a8685ce62d914a13
Instruction Fuzzy Hash: B611EDB5508301AFD340CF19D880A5BFBE4FB88664F14895EF998D7311D335E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0321075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446442600.0000000003210000.00000040.00000040.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6284132badafe41818e2ae8f523a4cdc999258d489f2f42ecafd5d7cc4de82
Instruction ID: 9f6d739e378a56de5bd22d844f208834c793a1a691b3e9fb31f64e67afdbb80a
Opcode Fuzzy Hash: aa6284132badafe41818e2ae8f523a4cdc999258d489f2f42ecafd5d7cc4de82
Instruction Fuzzy Hash: ED11E435214245EFD305DB20CA84B26FBD5AB98708F28C59CE9491B643C7B7D893CE51

Uniqueness

Uniqueness Score: -1.00%

Function 05715C40, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e351bdd3d42b5a68bd8ba7ce720b0c396360001972766546dbf272821a5d95ac
Instruction ID: 7c5afab2d65862b0adf477b933edc95321627f39018f858ed9eb6aa957e9db5f
Opcode Fuzzy Hash: e351bdd3d42b5a68bd8ba7ce720b0c396360001972766546dbf272821a5d95ac
Instruction Fuzzy Hash: 95216D70D0625ADFCB09CFA9C8409AEFBB1FF89304B14D5AAD815EB251D7309601DF85

Uniqueness

Uniqueness Score: -1.00%

Function 03210726, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446442600.0000000003210000.00000040.00000040.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d9672eae3cae5408bd5ecd1903ddaf2bbad12abb2ba69d885c03085852daa41
Instruction ID: 5e4ed37e15481adaae2402a98a476fb1b0c568afdb1fe15806c1d067eaa09aa2
Opcode Fuzzy Hash: 3d9672eae3cae5408bd5ecd1903ddaf2bbad12abb2ba69d885c03085852daa41
Instruction Fuzzy Hash: 2F21683110D3C59FC307CB60C950B15BFB2AF47208F2D85EED4889B6A3C67A9856CB52

Uniqueness

Uniqueness Score: -1.00%

Function 05715D1B, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef5fa9044e9c4832df510529b8ef466d849e101524e985b121b6fa13352d7748
Instruction ID: 909320bbb9c1f20e5102f2cb5f7e54a7acc3ef4f3a99614f0e0976cac162991f
Opcode Fuzzy Hash: ef5fa9044e9c4832df510529b8ef466d849e101524e985b121b6fa13352d7748
Instruction Fuzzy Hash: 52115E34E05508DFDB05CFA8C584A5DFBF2EF89304F19C1D9D949AB2A5DB309A01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 05711E0B, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea98d815826a1a3bb9bae619c605860348944f17bd89c5db7eb76919848f32a
Instruction ID: b1a65a7ea249c7b72f9e668a4c5e2f934474583af74a0949329c15c0c1fba81b
Opcode Fuzzy Hash: cea98d815826a1a3bb9bae619c605860348944f17bd89c5db7eb76919848f32a
Instruction Fuzzy Hash: 5611E674E042089BDB08DFA9D940BAEBBF2EF88300F2481A9D914A7294DB355A45DF95

Uniqueness

Uniqueness Score: -1.00%

Function 0184ADBC, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446221033.0000000001842000.00000040.00000001.sdmp, Offset: 01842000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0f8d3ab76dfdafb2a780af1bcd156d477b2dd0cc352224a2110c24b72233fba
Instruction ID: c4e28703a0c85786a21fcb3f5205b61ba7e2c610deaae491e3b6e8629ef83fb3
Opcode Fuzzy Hash: d0f8d3ab76dfdafb2a780af1bcd156d477b2dd0cc352224a2110c24b72233fba
Instruction Fuzzy Hash: A511ECB5A08305AFD350CF19DC80E5BFBE8EB88660F14891EFD9997311D275E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 070E1B04, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.451834732.00000000070E0000.00000040.00000001.sdmp, Offset: 070E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e39fa5b553e21e78b14f0eaeba0e023af0d324002f3e8734bcf8b849cde7fc
Instruction ID: 2d71cc293ced62fab827d6e3a9b432ca7c9ac4d79425b883fabddaed1e09fc24
Opcode Fuzzy Hash: 86e39fa5b553e21e78b14f0eaeba0e023af0d324002f3e8734bcf8b849cde7fc
Instruction Fuzzy Hash: 0911ECB5608305AFD350CF19DC80E5BFBE8EB88660F14891EFD9997311D275E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 05715D28, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7405d6dd9adcb04d41732bc809d9f58f0da2c1d4319ae01e6f10836f95c3bf
Instruction ID: 97f8db02c7b0036f61a5d9a11fafac1f9f1360e9273372c18df98e146ac5eed3
Opcode Fuzzy Hash: 7a7405d6dd9adcb04d41732bc809d9f58f0da2c1d4319ae01e6f10836f95c3bf
Instruction Fuzzy Hash: A3110A74E01519EFDB08DFA9C588A9DFBF2EF88340F15C499D919AB265DB30AA00DF40

Uniqueness

Uniqueness Score: -1.00%

Function 05711E18, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83762e2679885d61b0ad7760e7fe8688e1428f56df70f155c61df9352703d014
Instruction ID: e231881a19707d540dce127f5f75de368d685c46f452ba6777a84f79b8e77102
Opcode Fuzzy Hash: 83762e2679885d61b0ad7760e7fe8688e1428f56df70f155c61df9352703d014
Instruction Fuzzy Hash: 49119274E00209DBDB08DFA9D940AAEBBB2FF88300F208169D915A7394EB355A45DF95

Uniqueness

Uniqueness Score: -1.00%

Function 032105CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446442600.0000000003210000.00000040.00000040.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22fe35a57b51881d4af49bfb6820aa261f3afbd3d0ae95ba784bcb97a999235
Instruction ID: c34cf04d3b1ea1ee3d7fce9feb688f9d1a50bc834203ed278d941618535c059b
Opcode Fuzzy Hash: b22fe35a57b51881d4af49bfb6820aa261f3afbd3d0ae95ba784bcb97a999235
Instruction Fuzzy Hash: F501D6B250D7805FD712CF16EC40862FFB8EB86670749C09FED498B611E239A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0571B62E, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5052b66c5c83e6a40dc52c774c3e10e022a18e8d54d29a5773e8473bdd2ef20f
Instruction ID: da76330970022f1898d0b8d81c82470aa1434e2c9c2151cadcbe63ef3f150314
Opcode Fuzzy Hash: 5052b66c5c83e6a40dc52c774c3e10e022a18e8d54d29a5773e8473bdd2ef20f
Instruction Fuzzy Hash: 1A118D78D002698FCB75DF24D8587EEBBB1BB49309F1081EAD80AA2249DB305B81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0571BE81, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a47435455889711ed6dcc84d82569bce4dd50cfd92a64e59eaebad03bc7b2d
Instruction ID: 946d51273bac9cd3ac89703e9d930becb61ecabbff65d369151d79155cc25cbc
Opcode Fuzzy Hash: 85a47435455889711ed6dcc84d82569bce4dd50cfd92a64e59eaebad03bc7b2d
Instruction Fuzzy Hash: 7E11C978E062A88FDB70CF64C8986DABBB2BF49305F0440E9D45EA7245DB740A85CF46

Uniqueness

Uniqueness Score: -1.00%

Function 0571AF59, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ff7cd424f8cf0d3ed9a351e402c5db67413e0b8a3919c968411bd2924c2cd56
Instruction ID: dae0dd9990cb948a7b7995e05971f56d7efb5e15714a1f147e04c8710e180c56
Opcode Fuzzy Hash: 0ff7cd424f8cf0d3ed9a351e402c5db67413e0b8a3919c968411bd2924c2cd56
Instruction Fuzzy Hash: 120146B0E16209DFCB40CFA8E5809DCBBF5FB49310B10942BE519F7204DB3199058F94

Uniqueness

Uniqueness Score: -1.00%

Function 0571BC10, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f030d70d177429a528034c26c020642a24d9ac4b31122ac6fe7dabd16467504a
Instruction ID: 9aee53fa635b3048786af1d71b47517752a101b85a2d145ce1b3330695d0828d
Opcode Fuzzy Hash: f030d70d177429a528034c26c020642a24d9ac4b31122ac6fe7dabd16467504a
Instruction Fuzzy Hash: F1117FB8901668DFCB709F68D8583D9BBB2BB8A302F1040D9D81DAA358DB344A85DF51

Uniqueness

Uniqueness Score: -1.00%

Function 0571B560, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6c4e3eb12744cd6fd24fba78c9fc4861dfc8dc00bf5a0d9b91f705b266e3a0
Instruction ID: 75c8f469da20e5d63b081896a6762f8eedf265eb02fd6af1d559561cd78f70f8
Opcode Fuzzy Hash: af6c4e3eb12744cd6fd24fba78c9fc4861dfc8dc00bf5a0d9b91f705b266e3a0
Instruction Fuzzy Hash: 1511C2B4D022288FCBA5DF24D868799BAB6BB59300F1041DAD90EB7344DB318F81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0571BB24, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ac029b2b3c60fefc89d3974aa659d069e29dddb8944cb438871f5b946c9d6c0
Instruction ID: 09ccc47abf7f2d09f013de511d6d6c6d2c9a2fe88b00bb4065e9d3c63339b470
Opcode Fuzzy Hash: 2ac029b2b3c60fefc89d3974aa659d069e29dddb8944cb438871f5b946c9d6c0
Instruction Fuzzy Hash: EF11C2B8D026688FCBB5DF68C998399BBB5BB88305F5040D9D80EA6344DB341F85DF19

Uniqueness

Uniqueness Score: -1.00%

Function 0571DC00, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83724b5614173705e679f032856df21fff2b65111712b3e799af75525dd37d8d
Instruction ID: 8185eeaa48a4494178feacafc7466394a46d6966d938d5c1d78db85687b8429d
Opcode Fuzzy Hash: 83724b5614173705e679f032856df21fff2b65111712b3e799af75525dd37d8d
Instruction Fuzzy Hash: ACF014749093889FCB21DFB8D400A9DBBB1EB46204F1084EACC0897351E7369A51DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0571AB0E, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37174fa4384225c3fedcddd20ec57e6fa99432f85725aacd810efd00f4a6d972
Instruction ID: ccf3368f38b0e87a1bc157fd28b3d7dfb7bb7d4d438681abe5e692a5f3dd6ef1
Opcode Fuzzy Hash: 37174fa4384225c3fedcddd20ec57e6fa99432f85725aacd810efd00f4a6d972
Instruction Fuzzy Hash: 32116078A012289FDB60DF68D994B99BBF2FB4A304F1080E9D90DA7705DB305E81DF01

Uniqueness

Uniqueness Score: -1.00%

Function 03210818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446442600.0000000003210000.00000040.00000040.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 0ac2302faeaecfa41c111c56c382a2be8b181d721428d957ee1f07d5837ddc64
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: 79F0FB35108645DFC305DF40DA40B15FBE6EB89718F24C6A9E9490B652C337A863DE81

Uniqueness

Uniqueness Score: -1.00%

Function 057186B0, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c113e3693ac012ed708b7d25a63216518a3766cde745f8f0c67417b020fa08
Instruction ID: f82aa6ca84c8fa324d4ba65adc3585250b76ce765aa7087e5386ec273fd8ba92
Opcode Fuzzy Hash: 05c113e3693ac012ed708b7d25a63216518a3766cde745f8f0c67417b020fa08
Instruction Fuzzy Hash: EE01D274A06209CFCB50DFE8D98459CBFB1FF4A354B244529E906A7398DB785A06CF81

Uniqueness

Uniqueness Score: -1.00%

Function 07C618C0, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8427cf3c0cec58ba292b1ee48e8c06a54d24e2ca784ddb8f8f272e4119b4121
Instruction ID: 2b93a8382fa8934d2ac4b47aef74ed82284bf2416091687e2d937f45d5b5db2b
Opcode Fuzzy Hash: d8427cf3c0cec58ba292b1ee48e8c06a54d24e2ca784ddb8f8f272e4119b4121
Instruction Fuzzy Hash: 71E09BF5C0534CDFDB55DBB4888536C7FB4DB06B06F1900EEC80897152E6355A05CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0571C02D, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb5e5d5cabe25e8c9355b0e4aff349b93de85c13b508a0b3deeeeed7f5ae5f32
Instruction ID: bedc0c1c4c3c26546b6a0f00b4345a30d29f71b3dbff6602f363bac1e2c3da9d
Opcode Fuzzy Hash: cb5e5d5cabe25e8c9355b0e4aff349b93de85c13b508a0b3deeeeed7f5ae5f32
Instruction Fuzzy Hash: F701AE78D016288FCB75DF24D8983AABBB6BB4830AF1440E9D40EA6258DB305F85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0571BA00, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f510fc21159d6757a2e6d58f61652cf77c5701b4ce9dc5bdfd33e0d5b83c7e1d
Instruction ID: 20d396b5a9b48b1e15c32cc7c32a3cbe1d46b52af0b6ace325117fd589109a47
Opcode Fuzzy Hash: f510fc21159d6757a2e6d58f61652cf77c5701b4ce9dc5bdfd33e0d5b83c7e1d
Instruction Fuzzy Hash: 0701B2B8D08228DFDB60DF34D8487DABAB1BB49304F8042EAD80DA2294DB345F85DF54

Uniqueness

Uniqueness Score: -1.00%

Function 05712E44, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 105e5a9b3ee09a007b22c64f8dc97fa807a2871d0dc88f82eb91d0c67d5900f0
Instruction ID: 8e7eb976d776f938f90d6bf6c442dfa68dba30637d8d28c0e473c3d671be2b41
Opcode Fuzzy Hash: 105e5a9b3ee09a007b22c64f8dc97fa807a2871d0dc88f82eb91d0c67d5900f0
Instruction Fuzzy Hash: C1019670902229DFDB64DF68DD90B5DBBB6FF88200F1095D9D509A7254DB305E84CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0571C108, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 442dcec13365207b9e23fd3fb150e5fb28eab79fae8f09394a1c7c0879efc685
Instruction ID: c245714484fd092792b211b1578ff268f9c34b000e958ea9f3d6291034f89183
Opcode Fuzzy Hash: 442dcec13365207b9e23fd3fb150e5fb28eab79fae8f09394a1c7c0879efc685
Instruction Fuzzy Hash: 6D01D678D4126A8FCB64DF64D84D7ADBAB2BB49340F1041FAD919A3344DB305E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0571B79B, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e120d5c791e6656bf6b99a9fa55f41597c595facb2ad2314488de10fc94ac4
Instruction ID: 115bdf1611a814b1d1003a22c09c6094e8495e507c1f52ff7485c7dc14543b48
Opcode Fuzzy Hash: 80e120d5c791e6656bf6b99a9fa55f41597c595facb2ad2314488de10fc94ac4
Instruction Fuzzy Hash: 1D0179B8D002298FCB70DF64D958699BBB1BB49305F1081E9D959A2345DB304E81DF11

Uniqueness

Uniqueness Score: -1.00%

Function 0571B2DE, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ea1ca0c926cf1d9f45290fcca0e2d12efdadfbe03c571c7effcc2ea9b5ddf2
Instruction ID: 14dff7c95fc734e932b32de9333c6012cdf53bec888ed6d25a9942f22ea367ed
Opcode Fuzzy Hash: 70ea1ca0c926cf1d9f45290fcca0e2d12efdadfbe03c571c7effcc2ea9b5ddf2
Instruction Fuzzy Hash: AD01D278E012288FCB75DF64D89929DBBB6BB49204F1051EAD90EA7344DE301F80CF55

Uniqueness

Uniqueness Score: -1.00%

Function 032105F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446442600.0000000003210000.00000040.00000040.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6ae234c99c04a26e29b178a2f959573fb1426ec51df41e9f2567f269ba792e3
Instruction ID: d1cd9b7fa147d5b5882cc0e27aa64ec6bfd513e41785989964d19b11a7795c7a
Opcode Fuzzy Hash: d6ae234c99c04a26e29b178a2f959573fb1426ec51df41e9f2567f269ba792e3
Instruction Fuzzy Hash: EBE09276A446048BD650DF0BEC81456FBD8EB88630B18C07FDC0D8B700E139F504CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 0571DB23, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5450db49e796455441acdda971ed73ca97e21eb9b4e3d8413cf2d2d3d67a5117
Instruction ID: 0bf58aeb5b26523ad7a2895334e7c1e9355aca4ab85d78b2c8223c0557ee9a68
Opcode Fuzzy Hash: 5450db49e796455441acdda971ed73ca97e21eb9b4e3d8413cf2d2d3d67a5117
Instruction Fuzzy Hash: 22F085B4C04248AFCB24EFA8C8023ADBBB4EB4A300F1085AA9C14A2240D3319640EF91

Uniqueness

Uniqueness Score: -1.00%

Function 0184AE0B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446221033.0000000001842000.00000040.00000001.sdmp, Offset: 01842000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 568585566d8750b04c9e515108cd1baa160ecfb0381ffa3f6a97fd82eb648dbf
Instruction ID: b41a62ca5ebd6dbc2e01f7ef3fa9907653ab180c53c81b5f3d69b23ca9ab77d1
Opcode Fuzzy Hash: 568585566d8750b04c9e515108cd1baa160ecfb0381ffa3f6a97fd82eb648dbf
Instruction Fuzzy Hash: 01E0D872A502046BD2109F069C81B53FB58DB40A70F14C557EE0D1B301E175B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0571DB73, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abe2fd86fe2771435a4c9a156085226cecff78496959979932051b8b6f2e8d9
Instruction ID: b4ba71e1b3521fe9b94155b3da326fe43a9bb9abed41e3f41395eb11e23ac9bb
Opcode Fuzzy Hash: 6abe2fd86fe2771435a4c9a156085226cecff78496959979932051b8b6f2e8d9
Instruction Fuzzy Hash: B0F0A974C05348AFCB24EFB8D5427ADBBB1EB49300F2085AACC10A3300D7358642EF80

Uniqueness

Uniqueness Score: -1.00%

Function 0571BA5F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189066bbb51d05f22ee8f58ad4cc10f32815762cf309b60221e41cd51f631753
Instruction ID: 910135c903b0c7ff8bee98d5885866f52d238fd3a04a4d038a40ed9ae8ab45e2
Opcode Fuzzy Hash: 189066bbb51d05f22ee8f58ad4cc10f32815762cf309b60221e41cd51f631753
Instruction Fuzzy Hash: 1CF0F278E08228CFDB60DF34C8483A9BAB1BB48304F4041DAD80DA3280DB345B80DF04

Uniqueness

Uniqueness Score: -1.00%

Function 070E1B53, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.451834732.00000000070E0000.00000040.00000001.sdmp, Offset: 070E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e5e0fd5bd221446a14849c376d1c4f524baff587227fc664c4f3a8f9a2c74b
Instruction ID: eeddfae623c700c5a3aff2e10799d24707c539d14fe1705aff6846928011cb1a
Opcode Fuzzy Hash: d5e5e0fd5bd221446a14849c376d1c4f524baff587227fc664c4f3a8f9a2c74b
Instruction Fuzzy Hash: 43E0D8729403046BD2509E06DC85B53FF98DB44A30F14C557EE0D1B302E176B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 070E1577, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.451834732.00000000070E0000.00000040.00000001.sdmp, Offset: 070E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd0e8058af21eb5bbd1f00d1cff9eecb99f63b1d2ce78e26cdc4e19537548cef
Instruction ID: 616056e94dc8fbe7c0298d89a0ae552e59a38a40fef91e06514b562df714e720
Opcode Fuzzy Hash: dd0e8058af21eb5bbd1f00d1cff9eecb99f63b1d2ce78e26cdc4e19537548cef
Instruction Fuzzy Hash: 24E0D8729502046BD2109E069C85B53FF98DB40A30F14C557EE091B301E176B514CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 070E1CCB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.451834732.00000000070E0000.00000040.00000001.sdmp, Offset: 070E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 486dd6e4f9346b2e8884eed2931f175c957b1259c84d4f4fc3cb6e87b39e6409
Instruction ID: f9d6944c4db730c6f480a6bc3ebcbe44affe4821c3429dee849b8ab3503994dd
Opcode Fuzzy Hash: 486dd6e4f9346b2e8884eed2931f175c957b1259c84d4f4fc3cb6e87b39e6409
Instruction Fuzzy Hash: 8FE0D8B29503046BD2109E069C85B53FF98EB44A70F14C567ED081B301E175B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 05712B37, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5530559ac7e48bbd3a52dea45da6eab5e71efe589644bb58eae27369124e01e2
Instruction ID: 1daaece4fe6f7416789c9c3e1cedc55353d9728b9520d1a0b9b8678a53996fbe
Opcode Fuzzy Hash: 5530559ac7e48bbd3a52dea45da6eab5e71efe589644bb58eae27369124e01e2
Instruction Fuzzy Hash: B1E0D8758097884FC3229F78DA093557FA4EB13546F0408D5DE05D7023FB224A09DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0571B43F, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a63a05c720ca8c47eec357282de0e7d8f599d04f7c8829ed2be0479b34b1201b
Instruction ID: 639b4def1529ebebd57a7c62378f515412ad89ebb17eb02a9cb9346c064a42fd
Opcode Fuzzy Hash: a63a05c720ca8c47eec357282de0e7d8f599d04f7c8829ed2be0479b34b1201b
Instruction Fuzzy Hash: CEF01774D2522C8FCB64CF20C8887DABBB5BB48301F0045DAC809A2240DB304BC0DF59

Uniqueness

Uniqueness Score: -1.00%

Function 07C60FEC, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c764be3523e998054636ace881ba0284f55e3e23b54c02c8f65147dbfce5f3
Instruction ID: a367e0764d9eed934dc60aed808913548ad75b0168cdf5d7aa3ebd68728249b2
Opcode Fuzzy Hash: 12c764be3523e998054636ace881ba0284f55e3e23b54c02c8f65147dbfce5f3
Instruction Fuzzy Hash: EEF0C4B0C5622A9FCB60DF61CD84BD9B7B0EB05301F5484D98119A7681DB305BC1EF60

Uniqueness

Uniqueness Score: -1.00%

Function 05710070, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3840ca05aa8e4c26689d3d18219cb01f9c302863973b293a8f1819013637760
Instruction ID: e3e304584ace886940481d0ceee230cc38b18e14681dfd3b075f5dc1d0eb217e
Opcode Fuzzy Hash: d3840ca05aa8e4c26689d3d18219cb01f9c302863973b293a8f1819013637760
Instruction Fuzzy Hash: D0E0C27098320DE7C758FBB8D51673FB368EF42200F101CAC860663240CE715F10EAA9

Uniqueness

Uniqueness Score: -1.00%

Function 0571B47B, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bebc6b7ff73fa9e82d0be085b9c1009c9e106af8869ee4be69f3b3f3d75259b
Instruction ID: 7b011b84a89981d31a65e1e0614c3a6c5326f4e36e6331404c6181e2e6bdd191
Opcode Fuzzy Hash: 9bebc6b7ff73fa9e82d0be085b9c1009c9e106af8869ee4be69f3b3f3d75259b
Instruction Fuzzy Hash: F2F0E278D0122C8FCB65DF20D84879DBAB2BB88301F0051DAD90AA2284DB305F81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 07C60394, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24e61948bb3e6b08fbc1edb242d0221506e7a6de66cdbef4ffa4ff06eac2f0a
Instruction ID: 38bd55e62ff6b01df9b7b6fa6f41516c7015c08bb804a5c5ddbacb00f7de4e7a
Opcode Fuzzy Hash: f24e61948bb3e6b08fbc1edb242d0221506e7a6de66cdbef4ffa4ff06eac2f0a
Instruction Fuzzy Hash: 3BF0FFB0C15229DFCB24CF61C984BEEB7B4AB4A301F2082EA8149A3240D7345BC5CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0571C0DD, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 810e7ea4e493d555fa21e53e3206199a90775c39bc5587ac8492712d68547931
Instruction ID: 69e49e1cee458f0420d998e6de2b3f97c92b6427c117ad025186f5206e466f4b
Opcode Fuzzy Hash: 810e7ea4e493d555fa21e53e3206199a90775c39bc5587ac8492712d68547931
Instruction Fuzzy Hash: BBF012B8D04B688FCB25DF24CC493ADBBB5BB49706F1400E99809A7264DB340F84DF40

Uniqueness

Uniqueness Score: -1.00%

Function 0571F0B0, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078e7a751ed10ec5ca9d21f00861b1ac945ae32742101bf3749879cc8effb0ba
Instruction ID: ecf2dcfb1591ae79854191486dffedb9bd44899b7b9c8b217221addf177bb86a
Opcode Fuzzy Hash: 078e7a751ed10ec5ca9d21f00861b1ac945ae32742101bf3749879cc8effb0ba
Instruction Fuzzy Hash: 15E04674E01308EFD710EFB8E909AADBBB0FB45701F1085A9CC05A3284EB756A44DF95

Uniqueness

Uniqueness Score: -1.00%

Function 0571DB30, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da06307fa6fa91ba01e662e3d207d8a0dec026ca1a906b82bc8274bca44a41b1
Instruction ID: 14760d722f4b64e246861c8dd2d5df4343c8bcb423e8375d8462f40d489c7c28
Opcode Fuzzy Hash: da06307fa6fa91ba01e662e3d207d8a0dec026ca1a906b82bc8274bca44a41b1
Instruction Fuzzy Hash: 7EE01AB4D04218AFCB54EFA8C9456AEBBF4FB48300F1085AAD814E7340D7359640DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0571D7D4, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c62c847b41c9ea9981a6882a866190ba4553e4dc448dfbddf75d80ffa6ac3d87
Instruction ID: ff6425fa181afb5354ef884b5fc67afc54edc2832d1259202b70358b307b2cd0
Opcode Fuzzy Hash: c62c847b41c9ea9981a6882a866190ba4553e4dc448dfbddf75d80ffa6ac3d87
Instruction Fuzzy Hash: 50F04D78D00228CFDB60DF68C845B9DBBB1BB49204F1081A9D90DA7345DB305E85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 05714CB9, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65456dcdb0cf28980862f5a182f1d82b0d6f5f99da80ed0d9685a5ecf6f3678e
Instruction ID: e625e098d3118ced7186545ee4243738aadbb184db3f51eadd25a0ce11f9064c
Opcode Fuzzy Hash: 65456dcdb0cf28980862f5a182f1d82b0d6f5f99da80ed0d9685a5ecf6f3678e
Instruction Fuzzy Hash: E8F00C78912358CFDB65DFA8D984ADEBBB1FB0A311F500199E809A7314DB31AE81CF04

Uniqueness

Uniqueness Score: -1.00%

Function 0571DB80, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808d1f7dae49d2074004ae26de9d0facc2de384e5c7c732fc7dfe211b34749b4
Instruction ID: 258601919fe314dd2927903865f9b71d64f95cd4b32d50eb75ad1e94aad79b87
Opcode Fuzzy Hash: 808d1f7dae49d2074004ae26de9d0facc2de384e5c7c732fc7dfe211b34749b4
Instruction Fuzzy Hash: A9E01AB4D04348EFCB54EFA8C5416ADBBB1FB48300F1085AADC14A3300D7359651DF95

Uniqueness

Uniqueness Score: -1.00%

Function 0571AABC, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5157a5451af7cf8c2395ebd6b1b5610dfd477812613f5f1db787ba08869be0c9
Instruction ID: c4baaaa5fea6ae4d16442dfb483295e3c1a7dfbd7d911e7eef7650c0c86049dd
Opcode Fuzzy Hash: 5157a5451af7cf8c2395ebd6b1b5610dfd477812613f5f1db787ba08869be0c9
Instruction Fuzzy Hash: 1AE0ED71905284CFC758EFB9C19D55CFBBAFB06315F009269E41A9F5A4CB309940DF98

Uniqueness

Uniqueness Score: -1.00%

Function 0571C469, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bea5f162e2aaa8ce8143dea7ca73282656767ea3c62be11ad50e717e4d76c6d
Instruction ID: df4ca08b9549240a1904ef20195d4833ee6388abc116f6a3d8c69df46cef538f
Opcode Fuzzy Hash: 4bea5f162e2aaa8ce8143dea7ca73282656767ea3c62be11ad50e717e4d76c6d
Instruction Fuzzy Hash: 19F0F834988268CBCBA1CA98C88CBAC7B75AB44310F1041E9C84E67260CE304EC0DF09

Uniqueness

Uniqueness Score: -1.00%

Function 07C60B76, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b500889de4dcd2310945ee90bb793515e916976f64396cab9d209fe8d6729d
Instruction ID: 7f52dfa8293c0136c6cb08f9a8606aecfbfe588caf15eaac0dec5743c81ee3bc
Opcode Fuzzy Hash: f8b500889de4dcd2310945ee90bb793515e916976f64396cab9d209fe8d6729d
Instruction Fuzzy Hash: 34F0F275C0122ACFDB64CF60CD84BC8BBB1BB18304F0081E9D009A6250DB349BC0DF10

Uniqueness

Uniqueness Score: -1.00%

Function 0571E578, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b3874cf051fb7f691eba4ba86bba852c51630c857c628ffab61e0d67fb876b
Instruction ID: c54e5f35f30e446e92f007fe5999973646b39e14ed9c3a4059068a9e3e24d3d6
Opcode Fuzzy Hash: 25b3874cf051fb7f691eba4ba86bba852c51630c857c628ffab61e0d67fb876b
Instruction Fuzzy Hash: 96E0E274D01308AFCB64EFB8944539CBBB4EB48601F1044A99C089A240EB35AA40CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0571A960, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e3e780b2e4fdc8807ae81a65993c7ef01cea77a351bf0c8c64b432b9085f1c
Instruction ID: 91326aa88340b4601359abfddb611d433dd6aaf2fd0ec57519ef6622e3742837
Opcode Fuzzy Hash: 55e3e780b2e4fdc8807ae81a65993c7ef01cea77a351bf0c8c64b432b9085f1c
Instruction Fuzzy Hash: 23D0A73184754A9AC724CB98D3908EE7B74FB42644B301589E1458F60AEB30A35F77D0

Uniqueness

Uniqueness Score: -1.00%

Function 0571E530, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66feb1c8b229d93b58d0fbdf000ac38a035492a8534ec2eadbb6a5afc89b9b6b
Instruction ID: e10e5e549f2b6db2a6bc74e6b1d60d780b435846e01a45342170c125a7b19584
Opcode Fuzzy Hash: 66feb1c8b229d93b58d0fbdf000ac38a035492a8534ec2eadbb6a5afc89b9b6b
Instruction Fuzzy Hash: 19E01774D05308AFCB64EFB994063ACBBF4AB44601F2049E9DC449A240EB399640DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0571A5D8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87247a219f652c5a26e7f4e94006c07c27f4e46bf165c24e324eb45128f566a6
Instruction ID: 9a768a31c006ddb7548407d9088bec84aeab0340b14b385c8f10196aa38ea3a5
Opcode Fuzzy Hash: 87247a219f652c5a26e7f4e94006c07c27f4e46bf165c24e324eb45128f566a6
Instruction Fuzzy Hash: 66E04670A1A144EFCB04CFA8E28046CBBB7FB89350F904816F106AB204DB305A04DF88

Uniqueness

Uniqueness Score: -1.00%

Function 0571E4F0, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3601ecdef531136095d891c3f5eaba4c33f399a624ae56e81c5762360e1d52eb
Instruction ID: 9daea93f909941abdcf6ff5c6b2aa7bf2d52b99021ea444e85c0302794a73c94
Opcode Fuzzy Hash: 3601ecdef531136095d891c3f5eaba4c33f399a624ae56e81c5762360e1d52eb
Instruction Fuzzy Hash: 83E0E274D01308AFCB58EFB8940529CBBB5EB08600F1044A9EC0896240EB35AA81CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0571E718, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05005ca9d3a438928c257faeb280c4242688c479e2bec94f25e084290d8c1294
Instruction ID: d5f735348da9d00f6d482112f74dc4a5a06bb4739b2c4a70e5f8b38e14cd55c6
Opcode Fuzzy Hash: 05005ca9d3a438928c257faeb280c4242688c479e2bec94f25e084290d8c1294
Instruction Fuzzy Hash: E8D01774D05308AFCB54EFB8A4053ACBFF4AB04600F1045EA8C4492280EA385740DF92

Uniqueness

Uniqueness Score: -1.00%

Function 0571E640, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e33bf8987ff2bb491820420935576463679e3b4fabba302cf7a04f22f63a0f2d
Instruction ID: 6239ebc176b09be6e15458472066d783f00ae0f00d08cad93ba95ae256882cbc
Opcode Fuzzy Hash: e33bf8987ff2bb491820420935576463679e3b4fabba302cf7a04f22f63a0f2d
Instruction Fuzzy Hash: 53D01774E00208AFCB54EFA8D50539CBBF4EB04600F1045AA8C0893280EA345A40DF81

Uniqueness

Uniqueness Score: -1.00%

Function 018323F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446191128.0000000001832000.00000040.00000001.sdmp, Offset: 01832000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d1d8c4b5b7e6276fe2aae797079026f12d2dddba4b36e6f3d93ef7465a23f0
Instruction ID: ae0e708ac0d14fc933d5da5389e221d5c702c34a263ee62c54073d15257caa68
Opcode Fuzzy Hash: b5d1d8c4b5b7e6276fe2aae797079026f12d2dddba4b36e6f3d93ef7465a23f0
Instruction Fuzzy Hash: 09D05B752156814FD316CA1CC1A4B553FA5BB91B04F4A44FDE800CB663C354E681D240

Uniqueness

Uniqueness Score: -1.00%

Function 05712B48, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b48bf91763d5f814c6b57026d567c515b4b4647ba0052edfb80420f8d4def202
Instruction ID: 41aa533535953dbd63d6734bdcc5b3a924628b40af7ce97375e9ee651735ab6f
Opcode Fuzzy Hash: b48bf91763d5f814c6b57026d567c515b4b4647ba0052edfb80420f8d4def202
Instruction Fuzzy Hash: FFD0C9784056489BC720EFB5A909619B7A8E706602F0008A4AD0983106EF315A00DFE6

Uniqueness

Uniqueness Score: -1.00%

Function 07C60671, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e56e89c2cbf8b42060888fbad6a4b7fce63e06ec887284e52bd1b721ca9d2791
Instruction ID: c265af3d60ae5cdee51a5e78d973ae89ebf6b7f75ba187f70f625a17bfd38cfb
Opcode Fuzzy Hash: e56e89c2cbf8b42060888fbad6a4b7fce63e06ec887284e52bd1b721ca9d2791
Instruction Fuzzy Hash: F2E0ECB0E0521D8FDBA8CF65CC91BDEBBB5BF54300F2080958659BB294DA715EC08F84

Uniqueness

Uniqueness Score: -1.00%

Function 018323BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.446191128.0000000001832000.00000040.00000001.sdmp, Offset: 01832000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6c5b7454c3de9cc142dcb4d070f6f9adec3d5423a3cf8c79608f8c0c4f4d10
Instruction ID: ecad5529e656625cce6258684fa2fb1b69f4623346db0128507e94d851c85bbd
Opcode Fuzzy Hash: ba6c5b7454c3de9cc142dcb4d070f6f9adec3d5423a3cf8c79608f8c0c4f4d10
Instruction Fuzzy Hash: D3D05E342402818BD715DB0CC594F597BD5AB81B00F0A45E8AD00CB672C3A4D981C640

Uniqueness

Uniqueness Score: -1.00%

Function 0571AA33, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 956c21d03bd133bc3b270421e93ed3af2c2d52572802c0e9cd1b60b7b585919d
Instruction ID: c36e278bc0dfdf5bed831ca63818699d1ee20d389567fd57882e68b90d63bc68
Opcode Fuzzy Hash: 956c21d03bd133bc3b270421e93ed3af2c2d52572802c0e9cd1b60b7b585919d
Instruction Fuzzy Hash: 56E0E275806228CFCB10CFA1E9852DCBBB1BB84351F10246AA152E7190CB341B40CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07C607B7, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab5698404dd8a78ec283397be519bd50871e540540f22d1876757b72d6dcb8b
Instruction ID: 1116d275be67532bd4f5d8678450de3e392b14f453da5a005ba59c87438fd9a3
Opcode Fuzzy Hash: dab5698404dd8a78ec283397be519bd50871e540540f22d1876757b72d6dcb8b
Instruction Fuzzy Hash: 36E0E275D1622A8EDB64DF60C9847EEBBB1AB11314F5005EA8449B6184DB345BC4CF20

Uniqueness

Uniqueness Score: -1.00%

Function 07C60C81, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab4bbfa5b20209292326fe43d6f34f8294fd6a865e7eb9f5b1759da10ac239f
Instruction ID: 2fe1e4071356c7dd164b9598852f94b70896a3669b81d0c837204ada9c87862a
Opcode Fuzzy Hash: 0ab4bbfa5b20209292326fe43d6f34f8294fd6a865e7eb9f5b1759da10ac239f
Instruction Fuzzy Hash: 84D06CB5C0A26DCFDB24DF20C9847DDBBB1AB20740F0040EA814AB2240DB741BC5CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0571A876, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d6aeb30c76be83618289257b1f56d8a43d825c3f8c6bc221bdb295d16daa817
Instruction ID: 3494a914c08ba78aa492eb7ab04c06760967c020fdbafa05ff2282833e160938
Opcode Fuzzy Hash: 9d6aeb30c76be83618289257b1f56d8a43d825c3f8c6bc221bdb295d16daa817
Instruction Fuzzy Hash: 01D09275C5B2999EDB21CFA6D1852DCBFB4AE15200B10145AA851EA265E2355601CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0571CAF9, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b23294ce9ede80c04f0664538a8f471bee3d5750077c8bb866518eb4a0a146b
Instruction ID: 99c1f38165664f900cc02c83aa1e40e6b59695ec7d70fb5663bae8317cb81311
Opcode Fuzzy Hash: 8b23294ce9ede80c04f0664538a8f471bee3d5750077c8bb866518eb4a0a146b
Instruction Fuzzy Hash: B4D06778D4526A8BCBA0DF64D98D689F7B0BB44714F4050DAD909A6210DB345E849F04

Uniqueness

Uniqueness Score: -1.00%

Function 07C609E0, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eb859a68a132152960f7fd413ecf6686894fa6567c260bc0b618e667b8471f6
Instruction ID: 24d5127001729bdfe4a8032823c3d6945b25531dc1d30159feeab5c8f18c41db
Opcode Fuzzy Hash: 6eb859a68a132152960f7fd413ecf6686894fa6567c260bc0b618e667b8471f6
Instruction Fuzzy Hash: 16D09275C152688BCF24DF24C9546ECBB70AB55320F0016DA91AAB6590D7B00BC1CE41

Uniqueness

Uniqueness Score: -1.00%

Function 0571A9C5, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ece330866f686db2033fa2f37a0590ec72f483ebf2608b52c7e2ee4d06307bf
Instruction ID: ef543dab552b92a6d16c85b5bddee4e528e758ea4ff10c40fd585008951f3c2f
Opcode Fuzzy Hash: 4ece330866f686db2033fa2f37a0590ec72f483ebf2608b52c7e2ee4d06307bf
Instruction Fuzzy Hash: C3C080314472059FC710CB94D5C004DB774FB0073072426499531DF1DDE73053059DC4

Uniqueness

Uniqueness Score: -1.00%

Function 0571C648, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7fa9ce7269bd78fda4f43f6f8a96fd41bb923735ebcf7055eec0457f67f38ff
Instruction ID: f48e572d77a8661638d34e7e4aa8fc5b425a77d252d1fbcadc76118820c0189b
Opcode Fuzzy Hash: b7fa9ce7269bd78fda4f43f6f8a96fd41bb923735ebcf7055eec0457f67f38ff
Instruction Fuzzy Hash: 80D0C978C052688BCB71CF24C9487DDBBB1BB08300F0080DACA8AB2200DA340F81DF15

Uniqueness

Uniqueness Score: -1.00%

Function 0571ABFD, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.449732432.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db7fc45194562b2220faaa497724d1105f9294133f75c8d9cc875b2754e5bd5
Instruction ID: 6153014269750e702892710986dc4d5ac415e3a810aa2bc76b7711c23c9a1612
Opcode Fuzzy Hash: 2db7fc45194562b2220faaa497724d1105f9294133f75c8d9cc875b2754e5bd5
Instruction Fuzzy Hash: 3CC09238504245DFCB20CF99E685A69BBB2FB4D302F154188EA4AA3208DB301D44DF85

Uniqueness

Uniqueness Score: -1.00%

Function 07C60933, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.452267893.0000000007C60000.00000040.00000001.sdmp, Offset: 07C60000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1137165fb08c42123404a298b005c1221f3bf2e01ad8e5a0580fcaf7a898d443
Instruction ID: 94a61c173a70a0a2e652bbdfcbd22e24f4715d007a74ce8acfc84827d22d5238
Opcode Fuzzy Hash: 1137165fb08c42123404a298b005c1221f3bf2e01ad8e5a0580fcaf7a898d443
Instruction Fuzzy Hash: 7FC09B7183E656CBD7748E50C5C4659B7B4E756311F0054A59097E5455DF3456C0CF10

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: pGKuRU.exe PID: 808 Parent PID: 6744 pGKuRU.exeCOMMON

Executed Functions

Function 05700007, Relevance: 4.0, Strings: 3, Instructions: 232COMMON

Download Yara Rule

Strings

KDBM, xrefs: 05700231
:@Dr, xrefs: 057001F0
:@Dr, xrefs: 057002E0

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID: :@Dr$:@Dr$KDBM
API String ID: 0-1736680475
Opcode ID: 62e3992b66c51af553e7747672e5079216a431952e6354175073c2aeaff766b4
Instruction ID: 220193477d95004b129720f249bff830cdf933860291737067fede66b74052ca
Opcode Fuzzy Hash: 62e3992b66c51af553e7747672e5079216a431952e6354175073c2aeaff766b4
Instruction Fuzzy Hash: 43917E316082868FC361DF74E848A497FB5FF8A304F068598D1A58F259DFBC584DEB62

Uniqueness

Uniqueness Score: -1.00%

Function 05FE069C, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05FE0737

Memory Dump Source

Source File: 00000021.00000002.449903625.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f212a3a72673d8318dcf57d05291ca6e0aa72068247b9d1c4d877b55a3765c39
Instruction ID: d40967669b953e0f26cdfa0337151b76b62539a617306b7f1f288a4d04a488a8
Opcode Fuzzy Hash: f212a3a72673d8318dcf57d05291ca6e0aa72068247b9d1c4d877b55a3765c39
Instruction Fuzzy Hash: C721C871405380AFE7228B25DC45FA6FFB8EF46720F1484DAED855F192C2A8A949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05FE06CE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05FE0737

Memory Dump Source

Source File: 00000021.00000002.449903625.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d76c6fe537b5b482a9c34d91a873f129a4ab64d8cfe6b7a07826fd620e8447da
Instruction ID: 95b70e4aa9b3b261f3320bf61981790ba71da66080dfa058efb304fb8afbef6b
Opcode Fuzzy Hash: d76c6fe537b5b482a9c34d91a873f129a4ab64d8cfe6b7a07826fd620e8447da
Instruction Fuzzy Hash: CF11E571500700EFFB20DB15DC89F66FB9CDF05720F14849AEE455A281D6F8A549CA76

Uniqueness

Uniqueness Score: -1.00%

Function 05700A98, Relevance: .9, Instructions: 942COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fa9d5b1543916d725f262bf307c5b3a4655a46ec13c6327f144602fa517bb8
Instruction ID: 322d7b29b34ff9167546e71e3332e6a218e79d055c9d58d25d848a5bc2190a57
Opcode Fuzzy Hash: 95fa9d5b1543916d725f262bf307c5b3a4655a46ec13c6327f144602fa517bb8
Instruction Fuzzy Hash: 3362BF30B042818FDB25DB78C858B6D3BE2AF86300F5584AAD445DF2D6EB39DC09D762

Uniqueness

Uniqueness Score: -1.00%

Function 057018E0, Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e121321f6cacaa8955f344b7536f7c801d5a150927394464aa449ba74f9a6e84
Instruction ID: 7415dd204a3f0f27b66c6b363e0495a200312f4ddee1af56b4f4593bbd1b9489
Opcode Fuzzy Hash: e121321f6cacaa8955f344b7536f7c801d5a150927394464aa449ba74f9a6e84
Instruction Fuzzy Hash: D9618E70B04381CFDB16DB74C868A697BF1AF8A314F5950AAE405DB292EB25DC06D721

Uniqueness

Uniqueness Score: -1.00%

Function 05700558, Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595a750b2555e484631f7c91275d7df49e8fee98b66c244c825f57baa1334a95
Instruction ID: 1f83a92e0806db50a26194ee064d235f4adf4ded72ee86be5d5155fa5bfdb0e7
Opcode Fuzzy Hash: 595a750b2555e484631f7c91275d7df49e8fee98b66c244c825f57baa1334a95
Instruction Fuzzy Hash: FE51A2707097818FC346CB29C858B763BF2AF97314B5980E7D044CF2A2DA29DC09D762

Uniqueness

Uniqueness Score: -1.00%

Function 057015E8, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff416d64cb054d281209c9f61e01372d443c092dac90fe79cc8c63679cea07d
Instruction ID: 732696daec011563700564ea8aa831e6c1fc18b3124e1571c7860e4a40870ef3
Opcode Fuzzy Hash: 2ff416d64cb054d281209c9f61e01372d443c092dac90fe79cc8c63679cea07d
Instruction Fuzzy Hash: D641A772F002148FCF209FB8DC986AEBBF6EB86320F551476D515E7280EA31D905D761

Uniqueness

Uniqueness Score: -1.00%

Function 05701750, Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 426bd5b39b2001506913112f6adf85b8e5ad0f5861d57766319047df5299c491
Instruction ID: 9938ae2bea081f189ef7f4ba7b0e75ddf0bb0999587cac62b3fa8f3b4057775d
Opcode Fuzzy Hash: 426bd5b39b2001506913112f6adf85b8e5ad0f5861d57766319047df5299c491
Instruction Fuzzy Hash: 4E316F75F002149BDB68DBB5D858BAEBBF6BF88710F104429E516EB2C4EE349804DB50

Uniqueness

Uniqueness Score: -1.00%

Function 05701760, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c083cc898011cd297304e96e79122f20b1fceaf6ec8fbb63d9e8bdfada09bb7f
Instruction ID: 9d7567d43fc0e60857d2b10abf1ca8cb144fc8ab1128767edd684e393a258a93
Opcode Fuzzy Hash: c083cc898011cd297304e96e79122f20b1fceaf6ec8fbb63d9e8bdfada09bb7f
Instruction Fuzzy Hash: 86310174F002199BDB54DBB5D858BAEBAF6BF88740F114428E516EB3C4EE349804DB50

Uniqueness

Uniqueness Score: -1.00%

Function 05FF300E, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.449923842.0000000005FF0000.00000040.00000001.sdmp, Offset: 05FF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3544ed7ad69f38316422b600237d27641867959996b8d24e7a562d97d29a1df
Instruction ID: bdc3f893d7ec3af983e0171f0945c38bfd12b5e0ab8a9ff3e5b5512804fbcedb
Opcode Fuzzy Hash: e3544ed7ad69f38316422b600237d27641867959996b8d24e7a562d97d29a1df
Instruction Fuzzy Hash: 5421E4B5608341AFD350CF19D880A5BFBE4EB89664F04896EF98897311D270E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 05FF3A80, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.449923842.0000000005FF0000.00000040.00000001.sdmp, Offset: 05FF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2145b3fba85950ff27c56282a6dac4d533bc9c51ae485bb77ef7e270eb5494
Instruction ID: d7f2b88c7d9a14c22256bb788c838193598b377fd60868d40c1a78ca695bc8e5
Opcode Fuzzy Hash: fb2145b3fba85950ff27c56282a6dac4d533bc9c51ae485bb77ef7e270eb5494
Instruction Fuzzy Hash: 5711EDB5508301AFD350CF19D840A5BFBE4FB88664F04895EF998D7311D371E9048FA6

Uniqueness

Uniqueness Score: -1.00%

Function 05701525, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b754c1de0412737693416eca5675d0f6917a426aaf56a23b75c8e902ac10a4b
Instruction ID: fcb0e061298c221d7bf7ff7a2ce3f58663c646cb4bc32709fb2bf3f63a924429
Opcode Fuzzy Hash: 3b754c1de0412737693416eca5675d0f6917a426aaf56a23b75c8e902ac10a4b
Instruction Fuzzy Hash: 68119171E00215CFCF14EFB488441ADBBF1AF89310B5544BAC90AFB251D639D942CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05701538, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.448290932.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da3af3a90632ad64e7d7bc35f1d1fe9514266c64aeb6fde8ac9d48c95cf2688a
Instruction ID: b9ea8c09796d909855b46e847ee07cdeb7bb3baf807452f9c58381681d08e5fe
Opcode Fuzzy Hash: da3af3a90632ad64e7d7bc35f1d1fe9514266c64aeb6fde8ac9d48c95cf2688a
Instruction Fuzzy Hash: 21016D31E00215CFCF18EFB588441AEBBF1AB84310B54447AC80ABB250E639E941CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 05FF3AEB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.449923842.0000000005FF0000.00000040.00000001.sdmp, Offset: 05FF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbbae2c53826aa26af8e07b4a0294ac75244af393bd43d320a072e49e3feaac9
Instruction ID: 24b04084bb8f772a748cc11b2c707a20ab4e2b4205b2d70a4918945869bca6be
Opcode Fuzzy Hash: bbbae2c53826aa26af8e07b4a0294ac75244af393bd43d320a072e49e3feaac9
Instruction Fuzzy Hash: DBE0D8B294030067D2208E06DC45B53FB98EB45A70F14C567ED091B301D1B1B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 05FF3083, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.449923842.0000000005FF0000.00000040.00000001.sdmp, Offset: 05FF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158dae147ef670ca149b9b300dfca6a80b691c5c2457cfcd25b1923531714c5d
Instruction ID: 4270ab0e63d27c51778bd9c28e32ac4d1970792fd8f79db806377a29c3d8953a
Opcode Fuzzy Hash: 158dae147ef670ca149b9b300dfca6a80b691c5c2457cfcd25b1923531714c5d
Instruction Fuzzy Hash: 86E0D87290030067D2208F06DC45B53FB98DB41A30F14C557EE091F302D1B1B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Request for Price Quotation.pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior