Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Invoice#06-11-2021_PDF.vbs

Overview

General Information

Sample Name:Invoice#06-11-2021_PDF.vbs
Analysis ID:433519
MD5:fcc6014f7ee0539aead5f38b4fe5245e
SHA1:2f006d44ad82ca71319a5bf615677016ff7e918b
SHA256:699d670809bccdbbdb2ae85d80be86d6fd00586c56e0375df34527d4ec6045cf
Tags:NanoCoreRATvbs
Infos:

Most interesting Screenshot:

Detection

Nanocore AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
VBScript performs obfuscated calls to suspicious functions
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Nanocore RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 4804 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice#06-11-2021_PDF.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • file1.exe (PID: 5784 cmdline: 'C:\Users\user\AppData\Local\Temp\file1.exe' MD5: 07C82C84BAEC92953A270419C72D7F10)
      • schtasks.exe (PID: 5412 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\HHyKJahmIz' /XML 'C:\Users\user\AppData\Local\Temp\tmpC46.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • file1.exe (PID: 4076 cmdline: {path} MD5: 07C82C84BAEC92953A270419C72D7F10)
    • 2name.exe (PID: 5828 cmdline: 'C:\Users\user\AppData\Local\Temp\2name.exe' MD5: CF4CD927CCC626FB016D0E91CF6BD456)
      • 2name.exe (PID: 5004 cmdline: {path} MD5: CF4CD927CCC626FB016D0E91CF6BD456)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "c687c38e-2b2d-4d96-b5eb-9a31ccba", "Group": "Sys", "Domain1": "sys2021.linkpc.net", "Domain2": "", "Port": 11940, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "result@jetport-aero.comNiniola@456mail.jetport-aero.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfcf5:$a: NanoCore
      • 0xfd05:$a: NanoCore
      • 0xff39:$a: NanoCore
      • 0xff4d:$a: NanoCore
      • 0xff8d:$a: NanoCore
      • 0xfd54:$b: ClientPlugin
      • 0xff56:$b: ClientPlugin
      • 0xff96:$b: ClientPlugin
      • 0xfe7b:$c: ProjectData
      • 0x10882:$d: DESCrypto
      • 0x1824e:$e: KeepAlive
      • 0x1623c:$g: LogClientMessage
      • 0x12437:$i: get_Connected
      • 0x10bb8:$j: #=q
      • 0x10be8:$j: #=q
      • 0x10c04:$j: #=q
      • 0x10c34:$j: #=q
      • 0x10c50:$j: #=q
      • 0x10c6c:$j: #=q
      • 0x10c9c:$j: #=q
      • 0x10cb8:$j: #=q
      00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xff8d:$x1: NanoCore.ClientPluginHost
      • 0xffca:$x2: IClientNetworkHost
      • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      Click to see the 37 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      21.2.file1.exe.4346f00.5.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xf7ad:$x1: NanoCore.ClientPluginHost
      • 0xf7da:$x2: IClientNetworkHost
      21.2.file1.exe.4346f00.5.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xf7ad:$x2: NanoCore.ClientPluginHost
      • 0x10888:$s4: PipeCreated
      • 0xf7c7:$s5: IClientLoggingHost
      21.2.file1.exe.4346f00.5.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        21.2.file1.exe.5680000.7.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xe75:$x1: NanoCore.ClientPluginHost
        • 0xe8f:$x2: IClientNetworkHost
        21.2.file1.exe.5680000.7.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0xe75:$x2: NanoCore.ClientPluginHost
        • 0x1261:$s3: PipeExists
        • 0x1136:$s4: PipeCreated
        • 0xeb0:$s5: IClientLoggingHost
        Click to see the 48 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\file1.exe, ProcessId: 4076, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\file1.exe, ProcessId: 4076, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\file1.exe, ProcessId: 4076, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\file1.exe, ProcessId: 4076, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "c687c38e-2b2d-4d96-b5eb-9a31ccba", "Group": "Sys", "Domain1": "sys2021.linkpc.net", "Domain2": "", "Port": 11940, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
        Source: 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "result@jetport-aero.comNiniola@456mail.jetport-aero.com"}
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 4076, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 5784, type: MEMORY
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\HHyKJahmIz.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Local\Temp\file1.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Local\Temp\2name.exeJoe Sandbox ML: detected
        Source: 21.2.file1.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 21.2.file1.exe.4346f00.5.unpackAvira: Label: TR/NanoCore.fadte
        Source: 21.0.file1.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 21.0.file1.exe.400000.3.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.2.2name.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
        Source: 21.2.file1.exe.5c00000.11.unpackAvira: Label: TR/NanoCore.fadte
        Source: 16.0.2name.exe.400000.1.unpackAvira: Label: TR/Spy.Gen8
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\fHUHYTcyNn\src\obj\Debug\Fojl.pdb source: file1.exe, HHyKJahmIz.exe.1.dr
        Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\BgZPfvXhjX\src\obj\Debug\ybwg.pdb source: 2name.exe, 2name.exe.0.dr
        Source: Binary string: mscorrc.pdb source: file1.exe, 00000001.00000002.306351221.0000000007090000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.301515455.0000000006520000.00000002.00000001.sdmp, 2name.exe, 00000010.00000002.481913869.0000000006450000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.480073860.00000000057B0000.00000002.00000001.sdmp

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49731 -> 191.96.25.26:11940
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 191.96.25.26:11940
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49742 -> 191.96.25.26:11940
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49743 -> 191.96.25.26:11940
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49747 -> 191.96.25.26:11940
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs:
        Source: Malware configuration extractorURLs: sys2021.linkpc.net
        Source: global trafficTCP traffic: 192.168.2.3:49723 -> 52.39.28.134:11940
        Source: global trafficTCP traffic: 192.168.2.3:49731 -> 191.96.25.26:11940
        Source: global trafficTCP traffic: 192.168.2.3:49736 -> 217.182.175.206:587
        Source: Joe Sandbox ViewIP Address: 191.96.25.26 191.96.25.26
        Source: Joe Sandbox ViewIP Address: 217.182.175.206 217.182.175.206
        Source: Joe Sandbox ViewASN Name: AS40676US AS40676US
        Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
        Source: global trafficTCP traffic: 192.168.2.3:49736 -> 217.182.175.206:587
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: unknownTCP traffic detected without corresponding DNS query: 191.96.25.26
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E2936 WSARecv,21_2_055E2936
        Source: unknownDNS traffic detected: queries for: clientconfig.passport.net
        Source: 2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
        Source: 2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, file1.exe, 00000001.00000003.208580143.00000000052BB000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: 2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpString found in binary or memory: http://gKSfZA.com
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0/
        Source: 2name.exe, 00000010.00000002.482412718.000000000760F000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0m
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
        Source: 2name.exe, 00000002.00000003.215138787.0000000004D1E000.00000004.00000001.sdmpString found in binary or memory: http://www.agfamonotype.
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: 2name.exe, 00000002.00000003.210776108.0000000000D3D000.00000004.00000001.sdmp, 2name.exe, 00000002.00000003.211318733.0000000004D03000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
        Source: 2name.exe, 00000002.00000003.211273379.0000000004D0D000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comC
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: 2name.exe, 00000002.00000003.210776108.0000000000D3D000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-u
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: 2name.exe, 00000002.00000003.212658288.0000000004D15000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frer
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: file1.exe, 00000001.00000002.294083787.0000000001147000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comgrito
        Source: 2name.exe, 00000002.00000002.297889020.0000000004D00000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comionu
        Source: file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com8
        Source: file1.exe, 00000001.00000003.208373034.00000000052BB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comc
        Source: file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comic
        Source: file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comn
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: file1.exe, 00000001.00000003.209781217.00000000052A4000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnk
        Source: file1.exe, 00000001.00000003.213306168.00000000052DD000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: file1.exe, 00000001.00000003.213306168.00000000052DD000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/c
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, file1.exe, 00000001.00000003.213754536.00000000052A4000.00000004.00000001.sdmp, 2name.exe, 00000002.00000003.214409435.0000000004D19000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: 2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/A
        Source: 2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/X
        Source: 2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: 2name.exe, 00000002.00000003.211318733.0000000004D03000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/r
        Source: 2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
        Source: 2name.exe, 00000002.00000003.214932192.0000000004D0E000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
        Source: file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmp, file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com4
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000003.211690154.0000000004D17000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://x1.c.lencr.org/0
        Source: 2name.exe, 00000010.00000002.482412718.000000000760F000.00000004.00000001.sdmpString found in binary or memory: http://x1.i.len
        Source: 2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpString found in binary or memory: http://x1.i.lencr.org/0
        Source: 2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%(
        Source: 2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
        Source: 2name.exe, 00000010.00000002.478136134.00000000033C3000.00000004.00000001.sdmpString found in binary or memory: https://w5tNnUBgMNAftBN.net
        Source: 2name.exe, 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, 2name.exe, 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
        Source: 2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
        Source: file1.exe, 00000001.00000002.293733593.0000000000E99000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: file1.exe, 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 4076, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 5784, type: MEMORY
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000015.00000002.479905732.0000000005680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: file1.exe PID: 4076, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: file1.exe PID: 4076, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: file1.exe PID: 5784, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: file1.exe PID: 5784, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.file1.exe.5680000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 21.2.file1.exe.32f12e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        .NET source code contains very large array initializationsShow sources
        Source: 16.2.2name.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bCC1C2456u002d206Cu002d47B2u002dB640u002d7A9D0A18E16Bu007d/B899F0BCu002d2DBBu002d4D46u002dA39Eu002dC38AFE9A69B6.csLarge array initialization: .cctor: array initializer size 12097
        Source: 16.0.2name.exe.400000.1.unpack, u003cPrivateImplementationDetailsu003eu007bCC1C2456u002d206Cu002d47B2u002dB640u002d7A9D0A18E16Bu007d/B899F0BCu002d2DBBu002d4D46u002dA39Eu002dC38AFE9A69B6.csLarge array initialization: .cctor: array initializer size 12097
        .NET source code contains very large stringsShow sources
        Source: file1.exe.0.dr, Util/Form1.csLong String: Length: 11840
        Source: HHyKJahmIz.exe.1.dr, Util/Form1.csLong String: Length: 11840
        Source: 1.0.file1.exe.5d0000.0.unpack, Util/Form1.csLong String: Length: 11840
        Source: 1.2.file1.exe.5d0000.0.unpack, Util/Form1.csLong String: Length: 11840
        Source: 2.0.2name.exe.190000.0.unpack, Util/Form1.csLong String: Length: 11840
        Source: 2.2.2name.exe.190000.0.unpack, Util/Form1.csLong String: Length: 11840
        Source: 16.0.2name.exe.a30000.2.unpack, Util/Form1.csLong String: Length: 11840
        Source: 16.2.2name.exe.a30000.1.unpack, Util/Form1.csLong String: Length: 11840
        Source: 16.0.2name.exe.a30000.0.unpack, Util/Form1.csLong String: Length: 11840
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_05153A6A NtQuerySystemInformation,1_2_05153A6A
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_05153A39 NtQuerySystemInformation,1_2_05153A39
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04BD27EE NtQuerySystemInformation,2_2_04BD27EE
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04BD27B4 NtQuerySystemInformation,2_2_04BD27B4
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E116A NtQuerySystemInformation,21_2_055E116A
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E112F NtQuerySystemInformation,21_2_055E112F
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_010C2E091_2_010C2E09
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A954201_2_02A95420
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A945A01_2_02A945A0
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A94EF91_2_02A94EF9
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A91F081_2_02A91F08
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A91F181_2_02A91F18
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A92CE81_2_02A92CE8
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A92CF81_2_02A92CF8
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A954111_2_02A95411
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A9458F1_2_02A9458F
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02AD22C21_2_02AD22C2
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B47EF91_2_02B47EF9
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B44EC81_2_02B44EC8
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B46C001_2_02B46C00
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4ED801_2_02B4ED80
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B487E81_2_02B487E8
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B467C01_2_02B467C0
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4D1301_2_02B4D130
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B477201_2_02B47720
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B401281_2_02B40128
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4C9671_2_02B4C967
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B461481_2_02B46148
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B476A61_2_02B476A6
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B476FE1_2_02B476FE
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4C84E1_2_02B4C84E
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4D8481_2_02B4D848
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4C6491_2_02B4C649
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4DDAF1_2_02B4DDAF
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4AD901_2_02B4AD90
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4D5911_2_02B4D591
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B7801_2_02B4B780
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4C78E1_2_02B4C78E
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4AD8A1_2_02B4AD8A
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4DDE01_2_02B4DDE0
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B5301_2_02B4B530
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B461381_2_02B46138
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B3201_2_02B4B320
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B5281_2_02B4B528
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B3111_2_02B4B311
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B401181_2_02B40118
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B483091_2_02B48309
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B9701_2_02B4B970
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4ED721_2_02B4ED72
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02B4B77A1_2_02B4B77A
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_005D20501_2_005D2050
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241D6402_2_0241D640
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02416C102_2_02416C10
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02414ED82_2_02414ED8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024176E82_2_024176E8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241DAB82_2_0241DAB8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024161482_2_02416148
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024187102_2_02418710
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024167D02_2_024167D0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02417DE02_2_02417DE0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024195A02_2_024195A0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024176502_2_02417650
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02416C082_2_02416C08
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241CE102_2_0241CE10
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241C81E2_2_0241C81E
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024182202_2_02418220
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024182302_2_02418230
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241D6302_2_0241D630
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B8C02_2_0241B8C0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B4C02_2_0241B4C0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02414EC82_2_02414EC8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B2C82_2_0241B2C8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B4D02_2_0241B4D0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B2D82_2_0241B2D8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241DAA82_2_0241DAA8
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024194B02_2_024194B0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B8BF2_2_0241B8BF
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024187002_2_02418700
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024101182_2_02410118
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B7182_2_0241B718
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241B7202_2_0241B720
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241AD202_2_0241AD20
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241AD302_2_0241AD30
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_024161382_2_02416138
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241A3382_2_0241A338
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02417DD12_2_02417DD1
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_0241CDDC2_2_0241CDDC
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04901E302_2_04901E30
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_049000702_2_04900070
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04903A972_2_04903A97
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_049026B02_2_049026B0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_049026C02_2_049026C0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04901E212_2_04901E21
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04903C702_2_04903C70
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04903C6F2_2_04903C6F
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_049041D02_2_049041D0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_049041C12_2_049041C1
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_001920502_2_00192050
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02411E9D2_2_02411E9D
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 16_2_015F0CB016_2_015F0CB0
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 16_2_00A3205016_2_00A32050
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054CAD3821_2_054CAD38
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C846821_2_054C8468
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C906821_2_054C9068
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C2FA821_2_054C2FA8
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C23A021_2_054C23A0
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C991021_2_054C9910
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C912F21_2_054C912F
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_054C306F21_2_054C306F
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_00C4205021_2_00C42050
        Source: Invoice#06-11-2021_PDF.vbsInitial sample: Strings found which are bigger than 50
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: security.dllJump to behavior
        Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000015.00000002.479905732.0000000005680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000002.479905732.0000000005680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: Process Memory Space: file1.exe PID: 4076, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: file1.exe PID: 4076, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: file1.exe PID: 5784, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: file1.exe PID: 5784, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.file1.exe.5680000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.5680000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 21.2.file1.exe.32f12e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.32f12e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: file1.exe.0.dr, Util/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: HHyKJahmIz.exe.1.dr, Util/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 1.0.file1.exe.5d0000.0.unpack, Util/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 1.2.file1.exe.5d0000.0.unpack, Util/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 2.0.2name.exe.190000.0.unpack, Util/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 2.2.2name.exe.190000.0.unpack, Util/Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: classification engineClassification label: mal100.troj.evad.winVBS@12/8@5/3
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_051534BA AdjustTokenPrivileges,1_2_051534BA
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_05153483 AdjustTokenPrivileges,1_2_05153483
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04BD271E AdjustTokenPrivileges,2_2_04BD271E
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_04BD26E7 AdjustTokenPrivileges,2_2_04BD26E7
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E0F2A AdjustTokenPrivileges,21_2_055E0F2A
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E0EF3 AdjustTokenPrivileges,21_2_055E0EF3
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile created: C:\Users\user\AppData\Roaming\HHyKJahmIz.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeMutant created: \Sessions\1\BaseNamedObjects\QUEliPPQLXYqEIejkDjxjhpJy
        Source: C:\Users\user\AppData\Local\Temp\file1.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5076:120:WilError_01
        Source: C:\Users\user\AppData\Local\Temp\file1.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c687c38e-2b2d-4d96-b5eb-9a31ccba603d}
        Source: C:\Users\user\AppData\Local\Temp\file1.exeMutant created: \Sessions\1\BaseNamedObjects\XwcfCsvtCuqlwxDKlK
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\file1.exeJump to behavior
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice#06-11-2021_PDF.vbs'
        Source: C:\Users\user\AppData\Local\Temp\file1.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice#06-11-2021_PDF.vbs'
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\file1.exe 'C:\Users\user\AppData\Local\Temp\file1.exe'
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\2name.exe 'C:\Users\user\AppData\Local\Temp\2name.exe'
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess created: C:\Users\user\AppData\Local\Temp\2name.exe {path}
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\HHyKJahmIz' /XML 'C:\Users\user\AppData\Local\Temp\tmpC46.tmp'
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Users\user\AppData\Local\Temp\file1.exe {path}
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\file1.exe 'C:\Users\user\AppData\Local\Temp\file1.exe' Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\2name.exe 'C:\Users\user\AppData\Local\Temp\2name.exe' Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\HHyKJahmIz' /XML 'C:\Users\user\AppData\Local\Temp\tmpC46.tmp'Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Users\user\AppData\Local\Temp\file1.exe {path}Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess created: C:\Users\user\AppData\Local\Temp\2name.exe {path}Jump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: Invoice#06-11-2021_PDF.vbsStatic file information: File size 2064477 > 1048576
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\fHUHYTcyNn\src\obj\Debug\Fojl.pdb source: file1.exe, HHyKJahmIz.exe.1.dr
        Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\BgZPfvXhjX\src\obj\Debug\ybwg.pdb source: 2name.exe, 2name.exe.0.dr
        Source: Binary string: mscorrc.pdb source: file1.exe, 00000001.00000002.306351221.0000000007090000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.301515455.0000000006520000.00000002.00000001.sdmp, 2name.exe, 00000010.00000002.481913869.0000000006450000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.480073860.00000000057B0000.00000002.00000001.sdmp

        Data Obfuscation:

        barindex
        VBScript performs obfuscated calls to suspicious functionsShow sources
        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("C:\Users\user\AppData\Local\Temp\file1.exe");IFileSystem3.GetSpecialFolder("2");IFolder.Path();IFileSystem3.GetSpecialFolder("2");IFolder.Path();IXMLDOMNode._00000029("tmp");IXMLDOMElement.dataType("bin.base64");IXMLDOMElement.text("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAG0PvmAAAAAAAAAAAOAAAgELATAAAIALAAAIAAAAAAAA6p4");IXMLDOMElement.nodeTypedValue();_Stream.Type("1");_Stream.Open();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\file1.exe", "2");IXMLDOMNode._00000029("tmp");IXMLDOMElement.dataType("bin.base64");IXMLDOMElement.text("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAOUQvmAAAAAAAAAAAOAAAgELATAAAAoLAAAIAAAAAAAAwig");IXMLDOMElement.nodeTypedValue();_Stream.Type("1");_Stream.Open();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\2name.exe", "2");IWshShell3.Run("C:\Users\user\AppData\Local\Temp\file1.exe");IWshShell3.Run("C:\Users\user\AppData\Local\Temp\2name.exe")
        .NET source code contains method to dynamically call methods (often used by packers)Show sources
        Source: file1.exe.0.dr, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: HHyKJahmIz.exe.1.dr, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 1.0.file1.exe.5d0000.0.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 1.2.file1.exe.5d0000.0.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 2.0.2name.exe.190000.0.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 2.2.2name.exe.190000.0.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 16.0.2name.exe.a30000.2.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 16.2.2name.exe.a30000.1.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        Source: 16.0.2name.exe.a30000.0.unpack, Util/Form1.cs.Net Code: LateBinding.LateCall(V_1, null, "Invoke", new object[] { 0, V_0 }, null, null)
        .NET source code contains potential unpackerShow sources
        Source: file1.exe.0.dr, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: HHyKJahmIz.exe.1.dr, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 1.0.file1.exe.5d0000.0.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 1.2.file1.exe.5d0000.0.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 2.0.2name.exe.190000.0.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 2.2.2name.exe.190000.0.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 16.0.2name.exe.a30000.2.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 16.2.2name.exe.a30000.1.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 16.0.2name.exe.a30000.0.unpack, Util/Form1.cs.Net Code: I_ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_010C7ACB push 5C010C7Eh; ret 1_2_010C7AD1
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A312A2 push esp; iretd 1_2_02A312A3
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_02A93B49 pushad ; retf 1_2_02A93B4A
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 2_2_02418AAE push esi; iretd 2_2_02418AAF
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 16_2_05CD41E8 push cs; retf 16_2_05CD41FF
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 16_2_05CD4175 push cs; retf 16_2_05CD418B
        Source: C:\Users\user\AppData\Local\Temp\2name.exeCode function: 16_2_05CD425C push cs; retf 16_2_05CD4273
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_015EABD8 push cs; retf 21_2_015EABEF
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_015EAAEF push cs; retf 21_2_015EAB07
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_015EAB63 push cs; retf 21_2_015EAB7B
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_015E9D30 pushad ; retf 21_2_015E9D31
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_015E9D2C push eax; retf 21_2_015E9D2D
        Source: initial sampleStatic PE information: section name: .text entropy: 7.50207459163
        Source: initial sampleStatic PE information: section name: .text entropy: 7.50207459163
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\file1.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile created: C:\Users\user\AppData\Roaming\HHyKJahmIz.exeJump to dropped file
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\2name.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\HHyKJahmIz' /XML 'C:\Users\user\AppData\Local\Temp\tmpC46.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile opened: C:\Users\user\AppData\Local\Temp\file1.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Windows\System32\wscript.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM3Show sources
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 5784, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 2name.exe PID: 5828, type: MEMORY
        Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
        Source: C:\Users\user\AppData\Local\Temp\2name.exeFunction Chain: threadDelayed,memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,systemQueried,threadDelayed,threadDelayed,threadAPCQueued,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,processSet,processSet,memAlloc
        Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
        Source: C:\Users\user\AppData\Local\Temp\file1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: file1.exe, 00000001.00000002.295261844.0000000002F51000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: file1.exe, 00000001.00000002.295499001.0000000002FA5000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.293280762.0000000002905000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: C:\Users\user\AppData\Local\Temp\2name.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWindow / User API: threadDelayed 358Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeWindow / User API: threadDelayed 358Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeWindow / User API: foregroundWindowGot 696Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exe TID: 5812Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exe TID: 5272Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exe TID: 5272Thread sleep count: 358 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exe TID: 5272Thread sleep time: -10740000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exe TID: 5272Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exe TID: 4620Thread sleep count: 114 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exe TID: 5272Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exe TID: 1872Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exe TID: 1872Thread sleep count: 97 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exe TID: 1872Thread sleep count: 180 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exe TID: 1632Thread sleep count: 358 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exe TID: 4144Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
        Source: C:\Users\user\AppData\Local\Temp\2name.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
        Source: C:\Users\user\AppData\Local\Temp\2name.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Local\Temp\2name.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E0BB6 GetSystemInfo,21_2_055E0BB6
        Source: C:\Users\user\AppData\Local\Temp\file1.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeThread delayed: delay time: 30000Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeThread delayed: delay time: 30000Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeThread delayed: delay time: 30000Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: 2name.exe, 00000002.00000002.291497957.0000000000932000.00000004.00000020.sdmpBinary or memory string: VMware
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: kr#"SOFTWARE\VMware, Inc.\VMware Tools
        Source: wscript.exe, 00000000.00000002.211623017.0000019EB28A0000.00000002.00000001.sdmp, 2name.exe, 00000010.00000002.480786850.0000000005A40000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.472979252.0000000001390000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: krA"SOFTWARE\VMware, Inc.\VMware Tools
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: file1.exe, 00000001.00000002.293875714.0000000000F40000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}j
        Source: 2name.exe, 00000002.00000002.293280762.0000000002905000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: wscript.exe, 00000000.00000002.211623017.0000019EB28A0000.00000002.00000001.sdmp, 2name.exe, 00000010.00000002.480786850.0000000005A40000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.472979252.0000000001390000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: kr#"SOFTWARE\VMware, Inc.\VMware T
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
        Source: 2name.exe, 00000002.00000002.293280762.0000000002905000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
        Source: 2name.exe, 00000010.00000002.472619291.000000000120A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: wscript.exe, 00000000.00000003.199257789.0000019EB0190000.00000004.00000001.sdmp, Invoice#06-11-2021_PDF.vbsBinary or memory string: 'PywLQqLQJgRpHhwTuIPzMzmJNdILTuqemuOCGvnLgvycNPhSeUypXFXPLnymiAxOqnCMStMzUESRBKvxvpgywAGhXzqTxBcgxkmaNUAkIyUTmFOBsAqsTySpgVpSDtCTbmTRYVkaowqxfnuRkpbwKjMySwtrfhhOwBrAmxcWPPEXIUJtaXiNRFIrZUybcsvHObBevufnNEhufpqxmzRHzUwqsAaSyBuWUwIhTfxfsuANYNLkeBocbnHteKlvUMpMJLaigJdHCmPEUjSepqowMSvgpOCJtCLfFnDMncDVYhZoYCZurGGe
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: kr87HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\.
        Source: 2name.exe, 00000002.00000002.291497957.0000000000932000.00000004.00000020.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareULWRT6SEWin32_VideoControllerR3PNAUW9VideoController120060621000000.000000-000.8355.36display.infMSBDAHH3KYOFKPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsP9_R1FNA
        Source: wscript.exe, 00000000.00000003.208113503.0000019EB0303000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Te
        Source: wscript.exe, 00000000.00000002.211623017.0000019EB28A0000.00000002.00000001.sdmp, 2name.exe, 00000010.00000002.480786850.0000000005A40000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.472979252.0000000001390000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: 2name.exe, 00000002.00000002.293211794.00000000028B1000.00000004.00000001.sdmpBinary or memory string: kr&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: 2name.exe, 00000010.00000002.472266625.00000000011C5000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW\user\AppData
        Source: wscript.exe, 00000000.00000002.211623017.0000019EB28A0000.00000002.00000001.sdmp, 2name.exe, 00000010.00000002.480786850.0000000005A40000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.472979252.0000000001390000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Benign windows process drops PE filesShow sources
        Source: C:\Windows\System32\wscript.exeFile created: file1.exe.0.drJump to dropped file
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\AppData\Local\Temp\file1.exeMemory written: C:\Users\user\AppData\Local\Temp\file1.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeMemory written: C:\Users\user\AppData\Local\Temp\2name.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\file1.exe 'C:\Users\user\AppData\Local\Temp\file1.exe' Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\2name.exe 'C:\Users\user\AppData\Local\Temp\2name.exe' Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\HHyKJahmIz' /XML 'C:\Users\user\AppData\Local\Temp\tmpC46.tmp'Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeProcess created: C:\Users\user\AppData\Local\Temp\file1.exe {path}Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeProcess created: C:\Users\user\AppData\Local\Temp\2name.exe {path}Jump to behavior
        Source: 2name.exe, 00000010.00000002.473284128.00000000019A0000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.478984114.000000000345E000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: 2name.exe, 00000010.00000002.473284128.00000000019A0000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.473894557.00000000019F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: 2name.exe, 00000010.00000002.473284128.00000000019A0000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.473894557.00000000019F0000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: 2name.exe, 00000010.00000002.473284128.00000000019A0000.00000002.00000001.sdmp, file1.exe, 00000015.00000002.473894557.00000000019F0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: file1.exe, 00000015.00000002.478915985.0000000003400000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\2name.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 1_2_05152102 GetUserNameA,1_2_05152102
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected AgentTeslaShow sources
        Source: Yara matchFile source: 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.294907318.00000000038B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.288308557.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.2name.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.2name.exe.400000.1.unpack, type: UNPACKEDPE
        Yara detected AgentTeslaShow sources
        Source: Yara matchFile source: 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.294907318.00000000038B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.288308557.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 2name.exe PID: 5828, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 2name.exe PID: 5004, type: MEMORY
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.2name.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.2name.exe.400000.1.unpack, type: UNPACKEDPE
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 4076, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 5784, type: MEMORY
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 2name.exe PID: 5004, type: MEMORY

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: file1.exe, 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: file1.exe, 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: file1.exe, 00000015.00000002.479905732.0000000005680000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected AgentTeslaShow sources
        Source: Yara matchFile source: 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.294907318.00000000038B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.288308557.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.2name.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.2name.exe.400000.1.unpack, type: UNPACKEDPE
        Yara detected AgentTeslaShow sources
        Source: Yara matchFile source: 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.294907318.00000000038B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.288308557.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 2name.exe PID: 5828, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 2name.exe PID: 5004, type: MEMORY
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.2name.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.2name.exe.ce83cb8.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.2name.exe.400000.1.unpack, type: UNPACKEDPE
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 4076, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: file1.exe PID: 5784, type: MEMORY
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.4346f00.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.434b529.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.0.file1.exe.400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c04629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.d3e8eb8.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.file1.exe.3fbb588.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.file1.exe.5c00000.11.unpack, type: UNPACKEDPE
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E247A bind,21_2_055E247A
        Source: C:\Users\user\AppData\Local\Temp\file1.exeCode function: 21_2_055E2428 bind,21_2_055E2428

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation311DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11Input Capture21Account Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScripting121Scheduled Task/Job1Access Token Manipulation1Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsNative API1Logon Script (Windows)Process Injection112Scripting121Security Account ManagerSystem Information Discovery114SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsExploitation for Client Execution1Logon Script (Mac)Scheduled Task/Job1Obfuscated Files or Information3NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsScheduled Task/Job1Network Logon ScriptNetwork Logon ScriptSoftware Packing22LSA SecretsSecurity Software Discovery321SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol111Jamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncVirtualization/Sandbox Evasion241Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion241Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection112Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
        Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronHidden Files and Directories1Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 433519 Sample: Invoice#06-11-2021_PDF.vbs Startdate: 12/06/2021 Architecture: WINDOWS Score: 100 40 clientconfig.passport.net 2->40 50 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->50 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 13 other signatures 2->56 9 wscript.exe 3 2->9         started        signatures3 process4 file5 32 C:\Users\user\AppData\Local\Temp\file1.exe, PE32 9->32 dropped 34 C:\Users\user\AppData\Local\Temp\2name.exe, PE32 9->34 dropped 60 Benign windows process drops PE files 9->60 62 VBScript performs obfuscated calls to suspicious functions 9->62 13 file1.exe 6 9->13         started        17 2name.exe 3 9->17         started        signatures6 process7 file8 36 C:\Users\user\AppData\...\HHyKJahmIz.exe, PE32 13->36 dropped 38 C:\Users\user\AppData\Local\Temp\tmpC46.tmp, XML 13->38 dropped 64 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->64 66 Machine Learning detection for dropped file 13->66 68 Uses schtasks.exe or at.exe to add and modify task schedules 13->68 19 file1.exe 9 13->19         started        24 schtasks.exe 1 13->24         started        70 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 17->70 72 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 17->72 74 Injects a PE file into a foreign processes 17->74 76 Found evasive API chain (trying to detect sleep duration tampering with parallel thread) 17->76 26 2name.exe 4 17->26         started        signatures9 process10 dnsIp11 42 191.96.25.26, 11940, 49731, 49735 AS40676US Chile 19->42 44 sys2021.linkpc.net 52.39.28.134, 11940 AMAZON-02US United States 19->44 30 C:\Users\user\AppData\Roaming\...\run.dat, ISO-8859 19->30 dropped 58 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->58 28 conhost.exe 24->28         started        46 jetport-aero.com 217.182.175.206, 49736, 49744, 49745 OVHFR France 26->46 48 mail.jetport-aero.com 26->48 file12 signatures13 process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\HHyKJahmIz.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\file1.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\2name.exe100%Joe Sandbox ML

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        21.2.file1.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        21.2.file1.exe.4346f00.5.unpack100%AviraTR/NanoCore.fadteDownload File
        21.0.file1.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        21.0.file1.exe.400000.3.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.2.2name.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
        21.2.file1.exe.5c00000.11.unpack100%AviraTR/NanoCore.fadteDownload File
        16.0.2name.exe.400000.1.unpack100%AviraTR/Spy.Gen8Download File

        Domains

        SourceDetectionScannerLabelLink
        clientconfig.passport.net0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        0%Avira URL Cloudsafe
        http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
        http://www.carterandcone.comn-u0%URL Reputationsafe
        http://www.carterandcone.comn-u0%URL Reputationsafe
        http://www.carterandcone.comn-u0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.sajatypeworks.com40%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/Y0/X0%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://r3.i.lencr.org/0/0%Avira URL Cloudsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.fonts.comic0%URL Reputationsafe
        http://www.fonts.comic0%URL Reputationsafe
        http://www.fonts.comic0%URL Reputationsafe
        http://www.founder.com.cn/cnk0%Avira URL Cloudsafe
        http://www.carterandcone.comC0%URL Reputationsafe
        http://www.carterandcone.comC0%URL Reputationsafe
        http://www.carterandcone.comC0%URL Reputationsafe
        http://x1.c.lencr.org/00%URL Reputationsafe
        http://x1.c.lencr.org/00%URL Reputationsafe
        http://x1.c.lencr.org/00%URL Reputationsafe
        http://x1.i.lencr.org/00%URL Reputationsafe
        http://x1.i.lencr.org/00%URL Reputationsafe
        http://x1.i.lencr.org/00%URL Reputationsafe
        http://gKSfZA.com0%Avira URL Cloudsafe
        http://r3.o.lencr.org00%URL Reputationsafe
        http://r3.o.lencr.org00%URL Reputationsafe
        http://r3.o.lencr.org00%URL Reputationsafe
        http://www.fonts.comn0%URL Reputationsafe
        http://www.fonts.comn0%URL Reputationsafe
        http://www.fonts.comn0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.fontbureau.comgrito0%URL Reputationsafe
        http://www.fontbureau.comgrito0%URL Reputationsafe
        http://www.fontbureau.comgrito0%URL Reputationsafe
        https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
        https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
        https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.galapagosdesign.com/c0%Avira URL Cloudsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
        http://x1.i.len0%Avira URL Cloudsafe
        http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
        http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
        http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://DynDns.comDynDNS0%URL Reputationsafe
        http://DynDns.comDynDNS0%URL Reputationsafe
        http://DynDns.comDynDNS0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.agfamonotype.0%URL Reputationsafe
        http://www.agfamonotype.0%URL Reputationsafe
        http://www.agfamonotype.0%URL Reputationsafe
        http://cps.letsencrypt.org00%URL Reputationsafe
        http://cps.letsencrypt.org00%URL Reputationsafe
        http://cps.letsencrypt.org00%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        sys2021.linkpc.net
        		52.39.28.134
        		truefalse
          		high
          jetport-aero.com
          		217.182.175.206
          		truetrue
            		unknown
            mail.jetport-aero.com
            		unknown
            		unknowntrue
              		unknown
              clientconfig.passport.net
              		unknown
              		unknownfalseunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              true
              • Avira URL Cloud: safe
              		low
              sys2021.linkpc.netfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://127.0.0.1:HTTP/1.12name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://www.fontbureau.com/designersGfile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                  		high
                  http://www.carterandcone.comn-u2name.exe, 00000002.00000003.210776108.0000000000D3D000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/?file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                    		high
                    http://www.founder.com.cn/cn/bThefile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.sajatypeworks.com4file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designers?file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                      		high
                      http://www.tiro.com2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                        		high
                        http://www.goodfont.co.krfile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.com2name.exe, 00000002.00000003.210776108.0000000000D3D000.00000004.00000001.sdmp, 2name.exe, 00000002.00000003.211318733.0000000004D03000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/Y0/X2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sajatypeworks.comfile1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmp, file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://r3.i.lencr.org/0/2name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.typography.netDfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cn/cThefile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.galapagosdesign.com/staff/dennis.htmfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, file1.exe, 00000001.00000003.213754536.00000000052A4000.00000004.00000001.sdmp, 2name.exe, 00000002.00000003.214409435.0000000004D19000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://fontfabrik.comfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, file1.exe, 00000001.00000003.208580143.00000000052BB000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fonts.comicfile1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cnkfile1.exe, 00000001.00000003.209781217.00000000052A4000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.carterandcone.comC2name.exe, 00000002.00000003.211273379.0000000004D0D000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://x1.c.lencr.org/02name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://x1.i.lencr.org/02name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://gKSfZA.com2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://r3.o.lencr.org02name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fonts.comnfile1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.galapagosdesign.com/DPleasefile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.comgritofile1.exe, 00000001.00000002.294083787.0000000001147000.00000004.00000040.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://api.ipify.org%GETMozilla/5.02name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        http://www.fonts.comfile1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpfalse
                          		high
                          http://www.sandoll.co.krfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.galapagosdesign.com/cfile1.exe, 00000001.00000003.213306168.00000000052DD000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.urwpp.deDPleasefile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.zhongyicts.com.cnfile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.sakkal.comfile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000003.211690154.0000000004D17000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip2name.exe, 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, 2name.exe, 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://x1.i.len2name.exe, 00000010.00000002.482412718.000000000760F000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://cps.root-x1.letsencrypt.org02name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.apache.org/licenses/LICENSE-2.0file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.298084668.0000000004E70000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.comfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/file1.exe, 00000001.00000003.213306168.00000000052DD000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://DynDns.comDynDNS2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fonts.comcfile1.exe, 00000001.00000003.208373034.00000000052BB000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.agfamonotype.2name.exe, 00000002.00000003.215138787.0000000004D1E000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://cps.letsencrypt.org02name.exe, 00000010.00000002.482353717.00000000075D0000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://api.ipify.org%(2name.exe, 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://www.jiyu-kobo.co.jp/A2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/jp/2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frer2name.exe, 00000002.00000003.212658288.0000000004D15000.00000004.00000001.sdmpfalse
                                		high
                                http://www.carterandcone.comlfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNfile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cnfile1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/frere-jones.htmlfile1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                                    		high
                                    http://r3.i.lencr.org/0m2name.exe, 00000010.00000002.482412718.000000000760F000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/s2name.exe, 00000002.00000003.211507950.0000000004D03000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/r2name.exe, 00000002.00000003.211318733.0000000004D03000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.monotype.2name.exe, 00000002.00000003.214932192.0000000004D0E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/file1.exe, 00000001.00000002.303254144.0000000006532000.00000004.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8file1.exe, 00000001.00000002.298962464.0000000005410000.00000002.00000001.sdmp, 2name.exe, 00000002.00000002.299542442.0000000005F02000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.comionu2name.exe, 00000002.00000002.297889020.0000000004D00000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://w5tNnUBgMNAftBN.net2name.exe, 00000010.00000002.478136134.00000000033C3000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fonts.com8file1.exe, 00000001.00000003.208338149.00000000052BB000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown

                                      Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public

                                      IPDomainCountryFlagASNASN NameMalicious
                                      191.96.25.26
                                      		unknownChile
                                      		40676AS40676UStrue
                                      52.39.28.134
                                      		sys2021.linkpc.netUnited States
                                      		16509AMAZON-02USfalse
                                      217.182.175.206
                                      		jetport-aero.comFrance
                                      		16276OVHFRtrue

                                      General Information

                                      Joe Sandbox Version:32.0.0 Black Diamond
                                      Analysis ID:433519
                                      Start date:12.06.2021
                                      Start time:08:07:21
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 11m 54s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Sample file name:Invoice#06-11-2021_PDF.vbs
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Number of analysed new started processes analysed:37
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winVBS@12/8@5/3
                                      EGA Information:Failed
                                      HDC Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 99%
                                      • Number of executed functions: 503
                                      • Number of non-executed functions: 21
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Found application associated with file extension: .vbs
                                      Warnings:
                                      Show All
                                      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, wermgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 13.64.90.137, 84.53.167.113, 2.17.179.193, 20.190.160.129, 20.190.160.132, 20.190.160.69, 20.190.160.134, 20.190.160.2, 20.190.160.4, 20.190.160.67, 20.190.160.73, 93.184.220.29, 88.221.62.148, 92.123.150.225, 23.218.209.198, 204.79.197.200, 13.107.21.200, 20.50.102.62, 23.218.208.56, 92.122.145.220, 13.107.42.23, 13.107.5.88, 20.82.210.154, 92.122.213.194, 92.122.213.247
                                      • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, www.tm.lg.prod.aadmsa.akadns.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, cdn.onenote.net.edgekey.net, e11290.dspg.akamaiedge.net, e13551.dscg.akamaiedge.net, ocsp.digicert.com, wildcard.weather.microsoft.com.edgekey.net, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, www.bing.com, fs.microsoft.com, afdo-tas-offload.trafficmanager.net, dual-a-0001.a-msedge.net, www.tm.a.prd.aadg.akadns.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, e1553.dspg.akamaiedge.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, e15275.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, l-0014.config.skype.com, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, msagfx.live.com-6.edgekey.net, e12564.dspb.akamaiedge.net, authgfx.msa.akadns6.net, go.microsoft.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, cdn.onenote.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, storeedgefd.dsx.mp.microsoft.com, skypedataprdcolwus17.cloudapp.net, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, e16646.dscg.akamaiedge.net, l-0014.l-msedge.net
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      08:08:52API Interceptor662x Sleep call for process: file1.exe modified
                                      08:08:56API Interceptor658x Sleep call for process: 2name.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      191.96.25.26Invoice Payment_PDF.vbsGet hashmaliciousBrowse
                                        Invoice for B1019855_PDF.vbsGet hashmaliciousBrowse
                                          02_extracted.exeGet hashmaliciousBrowse
                                            Invoice No B1019855_PDF.vbsGet hashmaliciousBrowse
                                              02_extracted.exeGet hashmaliciousBrowse
                                                03_extracted.exeGet hashmaliciousBrowse
                                                  Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                    Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                      Spec_PDF.vbsGet hashmaliciousBrowse
                                                        SpecPDF.vbsGet hashmaliciousBrowse
                                                          52.39.28.13402_extracted.exeGet hashmaliciousBrowse
                                                            217.182.175.206Invoice Payment_PDF.vbsGet hashmaliciousBrowse
                                                              Invoice for B1019855_PDF.vbsGet hashmaliciousBrowse
                                                                01_extracted.exeGet hashmaliciousBrowse
                                                                  Invoice No B1019855_PDF.vbsGet hashmaliciousBrowse
                                                                    9e7d034c_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.VB.Trojan.Valyria.4579.10155.xlsmGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.VB.Trojan.Valyria.4579.10155.xlsmGet hashmaliciousBrowse

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          sys2021.linkpc.netInvoice Payment_PDF.vbsGet hashmaliciousBrowse
                                                                          • 51.178.229.162
                                                                          Invoice for B1019855_PDF.vbsGet hashmaliciousBrowse
                                                                          • 51.178.229.162
                                                                          02_extracted.exeGet hashmaliciousBrowse
                                                                          • 52.39.28.134
                                                                          Invoice No B1019855_PDF.vbsGet hashmaliciousBrowse
                                                                          • 51.210.201.99
                                                                          01_extracted.exeGet hashmaliciousBrowse
                                                                          • 46.105.77.230
                                                                          02_extracted.exeGet hashmaliciousBrowse
                                                                          • 46.105.77.230
                                                                          02_extracted.exeGet hashmaliciousBrowse
                                                                          • 79.137.109.121
                                                                          03_extracted.exeGet hashmaliciousBrowse
                                                                          • 79.137.109.121
                                                                          Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                                          • 87.98.245.48
                                                                          Invoice No F1019855_PDF.vbsGet hashmaliciousBrowse
                                                                          • 79.137.109.121
                                                                          Spec_PDF.vbsGet hashmaliciousBrowse
                                                                          • 105.112.11.245
                                                                          SpecPDF.vbsGet hashmaliciousBrowse
                                                                          • 179.43.166.32

                                                                          ASN

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          OVHFRJHSkaPIXXA.exeGet hashmaliciousBrowse
                                                                          • 51.254.187.177
                                                                          CBI8Rv3xZ7.dllGet hashmaliciousBrowse
                                                                          • 51.77.82.110
                                                                          hcTYYoyYOS.dllGet hashmaliciousBrowse
                                                                          • 51.77.82.110
                                                                          CBI8Rv3xZ7.dllGet hashmaliciousBrowse
                                                                          • 51.77.82.110
                                                                          hcTYYoyYOS.dllGet hashmaliciousBrowse
                                                                          • 51.77.82.110
                                                                          Purchase_Order.exeGet hashmaliciousBrowse
                                                                          • 213.186.33.5
                                                                          ORDER-21611docx.exeGet hashmaliciousBrowse
                                                                          • 87.98.245.48
                                                                          s6ljEIsdF3.exeGet hashmaliciousBrowse
                                                                          • 176.31.95.228
                                                                          hb5swSGLBT.exeGet hashmaliciousBrowse
                                                                          • 176.31.95.228
                                                                          CM0Q30sK3K.exeGet hashmaliciousBrowse
                                                                          • 176.31.95.228
                                                                          zIrx1wUddJ.exeGet hashmaliciousBrowse
                                                                          • 144.217.14.109
                                                                          8qdfmqz1PN.exeGet hashmaliciousBrowse
                                                                          • 51.222.56.151
                                                                          New Order PO2193570O1.docGet hashmaliciousBrowse
                                                                          • 51.222.56.151
                                                                          New Order PO2193570O1.pdf.exeGet hashmaliciousBrowse
                                                                          • 51.222.56.151
                                                                          Request For Quote.exeGet hashmaliciousBrowse
                                                                          • 158.69.138.23
                                                                          payload.htmlGet hashmaliciousBrowse
                                                                          • 145.239.131.60
                                                                          6VYNUalwUt.exeGet hashmaliciousBrowse
                                                                          • 178.33.222.241
                                                                          New Inquiry.exeGet hashmaliciousBrowse
                                                                          • 158.69.138.23
                                                                          New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                                                          • 51.222.56.151
                                                                          Requestforquote.exeGet hashmaliciousBrowse
                                                                          • 158.69.138.23
                                                                          AMAZON-02USCIGi9PIHbu.exeGet hashmaliciousBrowse
                                                                          • 3.18.3.168
                                                                          research-1234799369.xlsbGet hashmaliciousBrowse
                                                                          • 52.220.160.98
                                                                          microsoft office 2007 service pack 2.exeGet hashmaliciousBrowse
                                                                          • 13.248.148.254
                                                                          ws8W4yPAvg.exeGet hashmaliciousBrowse
                                                                          • 3.22.15.135
                                                                          UOMp9cDcqZ.exeGet hashmaliciousBrowse
                                                                          • 52.58.78.16
                                                                          OrderKLB210568.exeGet hashmaliciousBrowse
                                                                          • 34.215.126.147
                                                                          q7jxy6gZMb.exeGet hashmaliciousBrowse
                                                                          • 104.192.141.1
                                                                          b9f5bca9a22f08aad48674bc42e4eaf72ab8aa3d652ba.exeGet hashmaliciousBrowse
                                                                          • 52.219.158.14
                                                                          8BDBD0yy0q.apkGet hashmaliciousBrowse
                                                                          • 52.17.153.103
                                                                          8BDBD0yy0q.apkGet hashmaliciousBrowse
                                                                          • 13.224.195.88
                                                                          ehDnx4Ke5d.exeGet hashmaliciousBrowse
                                                                          • 3.22.15.135
                                                                          KY4cmAI0jU.exeGet hashmaliciousBrowse
                                                                          • 3.34.12.41
                                                                          c71fd2gJus.exeGet hashmaliciousBrowse
                                                                          • 52.219.64.3
                                                                          XQehPgTn35.exeGet hashmaliciousBrowse
                                                                          • 3.136.65.236
                                                                          E1a92ARmPw.exeGet hashmaliciousBrowse
                                                                          • 35.157.179.180
                                                                          crt9O3URua.exeGet hashmaliciousBrowse
                                                                          • 35.157.179.180
                                                                          E1a92ARmPw.exeGet hashmaliciousBrowse
                                                                          • 52.218.105.219
                                                                          DNPr7t0GMY.exeGet hashmaliciousBrowse
                                                                          • 13.59.53.244
                                                                          lTAPQJikGw.exeGet hashmaliciousBrowse
                                                                          • 99.83.154.118
                                                                          SKlGhwkzTi.exeGet hashmaliciousBrowse
                                                                          • 44.227.65.245
                                                                          AS40676USlTAPQJikGw.exeGet hashmaliciousBrowse
                                                                          • 172.107.55.6
                                                                          KI91QtYDef.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.109
                                                                          quotation zip.exeGet hashmaliciousBrowse
                                                                          • 185.215.224.53
                                                                          template-jn02b3.dotGet hashmaliciousBrowse
                                                                          • 207.231.106.130
                                                                          y31Lwif2sE.lnkGet hashmaliciousBrowse
                                                                          • 45.61.138.207
                                                                          MJH.exeGet hashmaliciousBrowse
                                                                          • 46.243.207.43
                                                                          Swift copy_9808.exeGet hashmaliciousBrowse
                                                                          • 104.217.141.243
                                                                          Document_46161561.xlsGet hashmaliciousBrowse
                                                                          • 107.160.244.54
                                                                          ICNdIx3GY1.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          SecuriteInfo.com.WinGo.GoCLR.A.24820.exeGet hashmaliciousBrowse
                                                                          • 45.61.136.223
                                                                          cb5b3ec1be5f432cec70fbea8d525210ef25570b56fba.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          1VdxXmBPdY.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          62lNIwplP8.exeGet hashmaliciousBrowse
                                                                          • 45.61.136.223
                                                                          iBpCEHz2q4.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          Invoice Payment_PDF.vbsGet hashmaliciousBrowse
                                                                          • 191.96.25.26
                                                                          Y8bZnrFXSo.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          ZqdsbHIY5d.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          wfIHlX06iC.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          ftl1MRlCZu.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122
                                                                          Fki4Q91Cvm.exeGet hashmaliciousBrowse
                                                                          • 104.217.8.122

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\2name.exe.log
                                                                          Process:C:\Users\user\AppData\Local\Temp\2name.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):655
                                                                          Entropy (8bit):5.273171405160065
                                                                          Encrypted:false
                                                                          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
                                                                          MD5:2703120C370FBB4A8BA08C6D1754039E
                                                                          SHA1:EC0DB47BF00A4A828F796147619386C0BBEA66A1
                                                                          SHA-256:F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
                                                                          SHA-512:BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..
                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\file1.exe.log
                                                                          Process:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):655
                                                                          Entropy (8bit):5.273171405160065
                                                                          Encrypted:false
                                                                          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
                                                                          MD5:2703120C370FBB4A8BA08C6D1754039E
                                                                          SHA1:EC0DB47BF00A4A828F796147619386C0BBEA66A1
                                                                          SHA-256:F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
                                                                          SHA-512:BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..
                                                                          C:\Users\user\AppData\Local\Temp\2name.exe
                                                                          Process:C:\Windows\System32\wscript.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):726016
                                                                          Entropy (8bit):7.460683048230593
                                                                          Encrypted:false
                                                                          SSDEEP:12288:s4Vk+Co34f3xqyPOdN7CEd6ytjAzYhoWtaGiVXRwO:sUCo34gyWdN7H6SDzAjJRwO
                                                                          MD5:CF4CD927CCC626FB016D0E91CF6BD456
                                                                          SHA1:16C9EA9C6050EC976537ADE42C5C049F7AF2599B
                                                                          SHA-256:03D512E79C0748CC83D5BCB4B8847534D7E81D929DAB496727ACBEEC1A5FD694
                                                                          SHA-512:422F85A2D020E87D9936668C3D4863C49503FD62070BD6A80B5334FBAA77A55C4095FB53AAB2015498133FAD3FF65CC98090A6C012D9B2F325702016BB51D215
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          Reputation:low
                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............0..............(... ...@....@.. ....................................@.................................p(..O....@.......................`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......D...,)..........p,................................................r...p}......}.....(.......(.....*..0............{....o....r[..p(....-\.{....o....r[..p(....-E.{....o....r[..p(....-..{....o....r[..p(....-..{....o....r[..p(....+....,..r]..p(....&+.**...(.....*..*...0..+.........,..{.......+....,...{....o........(.....*..0..N.............(....s......s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s
                                                                          C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          Process:C:\Windows\System32\wscript.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):756224
                                                                          Entropy (8bit):7.493608714130465
                                                                          Encrypted:false
                                                                          SSDEEP:12288:S42kl8+drZTnwWp/OdrFYU+8hs3pVo1f9majwN9DLHvBYWSsVWSy:SY8+drZrp2d6P3pVo1vydrvBYeV9
                                                                          MD5:07C82C84BAEC92953A270419C72D7F10
                                                                          SHA1:DB68FCB828195BC4556E8A4725BA1BF5057A7C56
                                                                          SHA-256:074EE7EF8958EA94C8E5B35D87DAE1B8CFBA9FAF46FB15D61C740FBFD600D758
                                                                          SHA-512:C70D0AE16A4BDF285DF963B3E80A0737DD7AD9D5B5A82EFFCBA5CF274E1CC96C3B2607D1AFE26AB8E86788C0FA5E7AE903743D70EDDA7F2DFE8EA8DCCEFE5F2F
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          Reputation:low
                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m..`..............0................. ........@.. ....................................@.....................................O...................................`................................................ ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......D...4)..........x,...p............................................r...p}......}.....(.......(.....*..0............{....o....r[..p(....-\.{....o....r[..p(....-E.{....o....r[..p(....-..{....o....r[..p(....-..{....o....r[..p(....+....,..r]..p(....&+.**...(.....*..*...0..+.........,..{.......+....,...{....o........(.....*..0..N.............(....s......s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s
                                                                          C:\Users\user\AppData\Local\Temp\tmpC46.tmp
                                                                          Process:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1643
                                                                          Entropy (8bit):5.193758749843159
                                                                          Encrypted:false
                                                                          SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBgtn:cbh47TlNQ//rydbz9I3YODOLNdq3c
                                                                          MD5:65835A3FDB40FADC683FF7C737DD45B8
                                                                          SHA1:B4F8BAC9E41E723EB171ABC7395CC19A318BE781
                                                                          SHA-256:5732AC8EE9ECD64FAE6A998D5BBEB68E9B06309DE048562B5394AAAF49131B76
                                                                          SHA-512:18A61873F4520F2C61A1289C23797D9DD5BFC4481E4F89016AC77981FA3DA6D90DAF821DB2154607B9444DF3D15919E442798DB15F5A2DB5F8B921928D51D97B
                                                                          Malicious:true
                                                                          Reputation:low
                                                                          Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                                          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                                          Process:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):696
                                                                          Entropy (8bit):7.089541637477408
                                                                          Encrypted:false
                                                                          SSDEEP:12:X4LEnybgCF0uCYKZr+dLEnybgCF0uCYKZr+dLEnybgCF0uCYKZr+K:IQnybgC4jh+dQnybgC4jh+dQnybgC4jp
                                                                          MD5:AF6AA7C823112E2342E8D98BE5EDE0A9
                                                                          SHA1:D48CA92F4FA11CC9619185563F2D57A6099D21D0
                                                                          SHA-256:8D2ACD0CB78A2C690E2DCA1E9C92D273DAF4804DF0B4AC55E14D120C96F7671D
                                                                          SHA-512:B822403E85339F4FF2D88608D73DA75A149756FF44454386E1EB2451A6CCCE0F65ECA596F95BBBAD942C963F8C4CA2ADE582D6E50750596DB263BA879FB3ECE1
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&
                                                                          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                                          Process:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          File Type:ISO-8859 text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):8
                                                                          Entropy (8bit):3.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:bs8t:5t
                                                                          MD5:40198B97616273D9646AB6202B43D7C2
                                                                          SHA1:873C0C9A032CA79138FEE4AC197D6C360185D6BC
                                                                          SHA-256:43F580A134F143DE82F8BA52CEB9736322D918D3C987B56643DC64308B992B6A
                                                                          SHA-512:2CB67B647EA406E4E68BDE03B742CEE25CF88B27EB3D9610B5666B836D4BD4579D5D7FB9F4BB41FBB9751F56D0F4405C4A625ADA36E72D6447ED9F73C09309BA
                                                                          Malicious:true
                                                                          Reputation:low
                                                                          Preview: 6."..-.H
                                                                          C:\Users\user\AppData\Roaming\HHyKJahmIz.exe
                                                                          Process:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):756224
                                                                          Entropy (8bit):7.493608714130465
                                                                          Encrypted:false
                                                                          SSDEEP:12288:S42kl8+drZTnwWp/OdrFYU+8hs3pVo1f9majwN9DLHvBYWSsVWSy:SY8+drZrp2d6P3pVo1vydrvBYeV9
                                                                          MD5:07C82C84BAEC92953A270419C72D7F10
                                                                          SHA1:DB68FCB828195BC4556E8A4725BA1BF5057A7C56
                                                                          SHA-256:074EE7EF8958EA94C8E5B35D87DAE1B8CFBA9FAF46FB15D61C740FBFD600D758
                                                                          SHA-512:C70D0AE16A4BDF285DF963B3E80A0737DD7AD9D5B5A82EFFCBA5CF274E1CC96C3B2607D1AFE26AB8E86788C0FA5E7AE903743D70EDDA7F2DFE8EA8DCCEFE5F2F
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          Reputation:low
                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m..`..............0................. ........@.. ....................................@.....................................O...................................`................................................ ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......D...4)..........x,...p............................................r...p}......}.....(.......(.....*..0............{....o....r[..p(....-\.{....o....r[..p(....-E.{....o....r[..p(....-..{....o....r[..p(....-..{....o....r[..p(....+....,..r]..p(....&+.**...(.....*..*...0..+.........,..{.......+....,...{....o........(.....*..0..N.............(....s......s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s

                                                                          Static File Info

                                                                          General

                                                                          File type:ASCII text, with very long lines, with CRLF line terminators
                                                                          Entropy (8bit):5.799622098272767
                                                                          TrID:
                                                                          • Visual Basic Script (13500/0) 87.10%
                                                                          • Disk Image (Macintosh), GPT (2000/0) 12.90%
                                                                          File name:Invoice#06-11-2021_PDF.vbs
                                                                          File size:2064477
                                                                          MD5:fcc6014f7ee0539aead5f38b4fe5245e
                                                                          SHA1:2f006d44ad82ca71319a5bf615677016ff7e918b
                                                                          SHA256:699d670809bccdbbdb2ae85d80be86d6fd00586c56e0375df34527d4ec6045cf
                                                                          SHA512:a9dd70d2b62ca41c9704379d57011a71cb661e9d8260cce95226f7dc357a91b59f3f99f6cd6d2d6563aaaa05cb84cf3c0284e3e1de72001eb9d6ab816e4fe208
                                                                          SSDEEP:24576:Xb14lK6ARrnCSZv3nc/4Y6FmALwmZz2nI/lks167U29/nwGNEaRr8I+TaCinTtKl:HrFm0wfIdkv7KGtmwkDtKW
                                                                          File Content Preview:on error resume next..Dim oJKUEaQXRjwWohJKfxRBprCcdayyKzcHoIONamdeSvgNYPTakLyerbyxGiqdcSNSHohfTwksTmitKpDOGYNzAxPNKQGsvzCziOGjhoGobFLFsEmRfcXDFNSJYUVCqsxTkjLwiTgSRZYumKUFdoMTcyuUwwKMSDxjIrUJsqjLvFlfpXWOAQYBfermorAlITzObplvqKMnFBXW..'MOeYawMCewDezhUBqxCcFX

                                                                          File Icon

                                                                          Icon Hash:e8d69ece869a9ec4

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          06/12/21-08:09:51.251566TCP2025019ET TROJAN Possible NanoCore C2 60B4973111940192.168.2.3191.96.25.26
                                                                          06/12/21-08:09:57.374510TCP2025019ET TROJAN Possible NanoCore C2 60B4973511940192.168.2.3191.96.25.26
                                                                          06/12/21-08:10:03.567163TCP2025019ET TROJAN Possible NanoCore C2 60B4974211940192.168.2.3191.96.25.26
                                                                          06/12/21-08:10:09.685092TCP2025019ET TROJAN Possible NanoCore C2 60B4974311940192.168.2.3191.96.25.26
                                                                          06/12/21-08:10:20.008499TCP2025019ET TROJAN Possible NanoCore C2 60B4974711940192.168.2.3191.96.25.26

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jun 12, 2021 08:08:54.517092943 CEST4972311940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:08:57.526808977 CEST4972311940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:03.624458075 CEST4972311940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:15.772313118 CEST4972911940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:18.797601938 CEST4972911940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:24.798130989 CEST4972911940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:34.077712059 CEST4973011940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:37.080526114 CEST4973011940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:43.080950022 CEST4973011940192.168.2.352.39.28.134
                                                                          Jun 12, 2021 08:09:50.911637068 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:51.090446949 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:51.090775967 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:51.251565933 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:51.443285942 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:51.443367958 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:51.676435947 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:51.676532984 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:51.856012106 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:51.856105089 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.085388899 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.085504055 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.319720984 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.319824934 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.320794106 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.320816040 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.320833921 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.320849895 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.320895910 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.320954084 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.499878883 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.499907017 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.499921083 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.499936104 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.499950886 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.499965906 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.500056982 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.500143051 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.500155926 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.500160933 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.500231028 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678024054 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678085089 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678123951 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678163052 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678204060 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678251028 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678263903 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678293943 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678298950 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678333044 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678337097 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678373098 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678385019 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678411961 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678421974 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678450108 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678488970 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678525925 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678540945 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678570986 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.678574085 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678617001 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678653955 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.678714991 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856555939 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856616020 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856647968 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856678009 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856718063 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856735945 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856758118 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856790066 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856796980 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856812954 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856847048 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856852055 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856892109 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856904030 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856930971 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856941938 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.856971979 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.856981993 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857012033 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857017994 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857049942 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857060909 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857089043 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857101917 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857126951 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857137918 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857177973 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857183933 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857223988 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857228041 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857261896 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857274055 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857301950 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857312918 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857343912 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857355118 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857383013 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857393980 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857424021 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857450008 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857464075 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857475042 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857515097 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857516050 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857558966 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857597113 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857608080 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857636929 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857642889 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857676983 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857713938 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857753992 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857772112 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857794046 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857805967 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857841015 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:52.857845068 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:52.857893944 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036027908 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036068916 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036108017 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036134005 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036160946 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036194086 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036195993 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036226034 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036226988 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036256075 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036283970 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036287069 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036313057 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036318064 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036340952 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036360979 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036375046 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036401033 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036402941 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036432981 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036454916 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036474943 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036503077 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036518097 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036529064 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036541939 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036556959 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036566973 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036586046 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036600113 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036612988 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036624908 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036648989 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036659002 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036680937 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036693096 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036709070 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036722898 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036736965 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036748886 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036762953 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036777020 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036789894 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036799908 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036818027 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036828041 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036844969 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036856890 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036880016 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036885023 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036909103 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036923885 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036935091 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036947966 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036962986 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.036973953 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.036992073 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037004948 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037018061 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037039995 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037045002 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037060976 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037072897 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037094116 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037106037 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037115097 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037137032 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037147999 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037164927 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037179947 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037194014 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037221909 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037236929 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037247896 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037266970 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037276983 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037287951 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037303925 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037314892 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037337065 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037348986 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037367105 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037375927 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037394047 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037409067 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037421942 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037431955 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037450075 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037463903 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037477970 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.037489891 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.037512064 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.144699097 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.215996981 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216068029 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216108084 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216125011 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216151953 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216169119 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216193914 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216202974 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216233969 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216247082 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216289043 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216347933 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216388941 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216394901 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216428995 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216430902 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216476917 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216485977 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216542006 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216563940 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216577053 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216583014 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216622114 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216639996 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216681957 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216825008 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216871977 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216897964 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216941118 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.216947079 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.216999054 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217009068 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217057943 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217097044 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217147112 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217170000 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217221975 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217267990 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217308998 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217319965 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217360020 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217375040 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217415094 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217426062 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217458963 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217540979 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217581987 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217595100 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217626095 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217647076 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217694998 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217749119 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217787981 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217803955 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217829943 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217843056 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217874050 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.217941999 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217993021 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.217993975 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218034983 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218041897 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218075037 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218092918 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218132973 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218168020 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218209028 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218220949 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218254089 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218312025 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218350887 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218363047 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218391895 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218482971 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218523026 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218534946 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218569040 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218573093 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218615055 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218616009 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218653917 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218662977 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218702078 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218746901 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218800068 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218811035 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218857050 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218858957 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218905926 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.218929052 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218970060 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.218975067 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.219013929 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:53.219057083 CEST1194049731191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:53.219100952 CEST4973111940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:57.192779064 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:57.370877981 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:57.370990992 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:57.374510050 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:57.562432051 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:57.562526941 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:57.795257092 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:57.795334101 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:57.833784103 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:57.886898994 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:57.887027979 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:57.975799084 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:57.975919008 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.023027897 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.027066946 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.078576088 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.079933882 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.133795977 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.175956964 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.189438105 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.201695919 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.202476978 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.250031948 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.250066042 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.250081062 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.250097036 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.250174046 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.250200987 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.251328945 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.260552883 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.312680006 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.353782892 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.433604002 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.433634043 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.433650017 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.433666945 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.433743954 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.433780909 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.485795975 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.537427902 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.538043022 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.590426922 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.591142893 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.611509085 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611546040 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611569881 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611592054 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611614943 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611625910 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.611637115 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611660957 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611691952 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.611716032 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.611727953 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.611762047 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.653824091 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.656511068 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.709640026 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.710171938 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.775940895 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.777301073 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.791312933 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791348934 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791368961 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791389942 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791409969 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791429996 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791433096 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791455030 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791477919 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791480064 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791501999 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791512966 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791523933 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791528940 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791544914 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791557074 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791565895 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791587114 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791594028 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791605949 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791630983 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791635036 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791659117 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.791670084 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791687012 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.791722059 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.830022097 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.831264019 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.883198977 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.883718967 CEST58749736217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:09:58.883835077 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.883894920 CEST49736587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:09:58.969661951 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969696045 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969717026 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969739914 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969755888 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969769001 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969775915 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969796896 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969820976 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969824076 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969847918 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969849110 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969871998 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969882011 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969894886 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969912052 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969921112 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969944954 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969944954 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969966888 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969968081 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.969990015 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.969990969 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970011950 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970017910 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970036030 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970041990 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970053911 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970063925 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970079899 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970086098 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970098019 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970109940 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970129967 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970132113 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970154047 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970155001 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970168114 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970177889 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970204115 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970211983 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970227957 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970232010 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970252037 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970253944 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970274925 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970279932 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970294952 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970304966 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970316887 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970329046 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970349073 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970354080 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970375061 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970376968 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970390081 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970400095 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970422029 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970442057 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:58.970747948 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:58.970798016 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150027990 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150054932 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150072098 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150089979 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150105953 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150122881 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150141954 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150161028 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150177002 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150194883 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150211096 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150227070 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150243044 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150258064 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150270939 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150286913 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150301933 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150324106 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150327921 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150335073 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150347948 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150360107 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150369883 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150372982 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150381088 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150388002 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150392056 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150393963 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150401115 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150407076 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150413036 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150429964 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150430918 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150448084 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150449038 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150465965 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150485039 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150496960 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150500059 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150516987 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150520086 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150532961 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150543928 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150552034 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150569916 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150583982 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150585890 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150597095 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150604010 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150620937 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150636911 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150636911 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150652885 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150667906 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150671005 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150686979 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150696039 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150700092 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150717020 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150722027 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150739908 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150757074 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150764942 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150773048 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150793076 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150810957 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150818110 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150831938 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150841951 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150856018 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150866985 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.150875092 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150902033 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.150918007 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.328798056 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.328893900 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.328953981 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.328970909 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.328993082 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329037905 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329047918 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329102039 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329114914 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329173088 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329179049 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329236984 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329255104 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329349041 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329358101 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329421997 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329443932 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329497099 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329507113 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329560995 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329572916 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329627037 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329643011 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329700947 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329747915 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329809904 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329822063 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329880953 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329895020 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.329953909 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.329967976 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330023050 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330030918 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330082893 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330094099 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330144882 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330156088 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330213070 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330216885 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330277920 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330280066 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330334902 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330343008 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330399990 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330415964 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330471992 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330487013 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330538988 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330550909 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330606937 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330614090 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330670118 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330677032 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330729961 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330739021 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330792904 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330807924 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330859900 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330872059 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.330928087 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.330943108 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331012011 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331023932 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331079006 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331087112 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331142902 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331212997 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331285954 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331315994 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331372023 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331398964 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331460953 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331478119 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331532955 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331542969 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331604958 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331612110 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331671000 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331674099 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331739902 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331749916 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331810951 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331815004 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331870079 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331877947 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331942081 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.331942081 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.331999063 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.332003117 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.332057953 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.332066059 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.332123041 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.332130909 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.332192898 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.332206011 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.332268953 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.332813978 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510247946 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510305882 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510343075 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510380983 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510407925 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510420084 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510458946 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510458946 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510467052 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510472059 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510499001 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510500908 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510521889 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510538101 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510571003 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510585070 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510628939 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510646105 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510668039 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510683060 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510709047 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510723114 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510747910 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510765076 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510798931 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.510802984 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.510859966 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511205912 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511245966 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511269093 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511285067 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511292934 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511324883 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511331081 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511363983 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511373997 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511404037 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511408091 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511441946 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511456966 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511487007 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511491060 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511534929 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511539936 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511574030 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511586905 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511615992 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511615992 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511657000 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511666059 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511696100 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511704922 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511735916 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511740923 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511774063 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511790037 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511818886 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511826038 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511868000 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511874914 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511907101 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511915922 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511945963 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511951923 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.511986971 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.511993885 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512026072 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512056112 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512065887 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512072086 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512104988 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512118101 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512152910 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512161016 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512195110 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512202024 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512233019 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512245893 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512270927 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512284040 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512310028 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512324095 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512347937 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512355089 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512387037 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512399912 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512425900 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512437105 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512473106 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512475014 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512518883 CEST1194049735191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:09:59.512523890 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:09:59.512571096 CEST4973511940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:03.349809885 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:03.529597044 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:03.531328917 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:03.567162991 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:03.759998083 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:03.760571003 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.000669956 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.000763893 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.178977013 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.179071903 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.427871943 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.427953959 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.659552097 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.659603119 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.659641981 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.659682035 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.659708977 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.659753084 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839611053 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839673042 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839709997 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839749098 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839788914 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839802980 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839828014 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839839935 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839848042 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839852095 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839868069 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839907885 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:04.839948893 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839956999 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:04.839962006 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018104076 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018160105 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018198013 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018237114 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018277884 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018315077 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018362045 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018404007 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018410921 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018440962 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018448114 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018454075 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018459082 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018481016 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018518925 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018523932 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018556118 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018563986 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018595934 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018616915 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018625021 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018635035 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018682957 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018724918 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.018744946 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.018759012 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.019005060 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.199724913 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.199786901 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.199826002 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.199863911 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.199903011 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.199939966 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.199989080 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200026035 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200031996 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200052977 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200057030 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200069904 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200109005 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200126886 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200131893 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200146914 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200184107 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200217962 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200222015 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200227022 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200258970 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200294018 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200299025 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200309038 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200351000 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200356007 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200390100 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200407982 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200431108 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200448036 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200470924 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200509071 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200525999 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200547934 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200551987 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200587034 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200634003 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200678110 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200685024 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200726032 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200731039 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200745106 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200786114 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200822115 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200825930 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200825930 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200862885 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200901031 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200906038 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200939894 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.200977087 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200985909 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.200987101 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.201030016 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.201033115 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.201153040 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.201159954 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379292011 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379343987 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379383087 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379420996 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379460096 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379509926 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379554987 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379565954 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379594088 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379606962 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379612923 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379633904 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379674911 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379695892 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379713058 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379751921 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379754066 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379760027 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379790068 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379811049 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379837990 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379842997 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379879951 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379919052 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379939079 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.379959106 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.379997015 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380033970 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380044937 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380074024 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380110979 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380160093 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380203009 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380242109 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380269051 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380280972 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380300045 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380321026 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380357027 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380395889 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380399942 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380439043 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380487919 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380531073 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380544901 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380570889 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380609989 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380649090 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380664110 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380686998 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380723953 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380762100 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380774021 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380810976 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380852938 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380889893 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380922079 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.380929947 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.380968094 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381005049 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381023884 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.381042957 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381081104 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381133080 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381153107 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.381175041 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381212950 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.381280899 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.381371021 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.489836931 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.558952093 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559015036 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559053898 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559092999 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559165955 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559210062 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559215069 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559258938 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559258938 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559303045 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559319973 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559343100 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559345007 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559382915 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559422016 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559459925 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559477091 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559499025 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559509993 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559520960 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559541941 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559585094 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559588909 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559632063 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559669018 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559710026 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559714079 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559722900 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559731007 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559748888 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559786081 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559823036 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559824944 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559860945 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559861898 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559910059 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559948921 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559951067 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.559957027 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.559988976 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560026884 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560062885 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560065031 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560101986 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560106039 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560141087 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560178041 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560218096 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560225010 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560226917 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560266972 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560305119 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560326099 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560332060 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560347080 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560386896 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560389042 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560424089 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560461998 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560461998 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560471058 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560503960 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560547113 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560551882 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560595036 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560631037 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560632944 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560672045 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560708046 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560709953 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560746908 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560785055 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560822964 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560861111 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560869932 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.560908079 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:05.560911894 CEST1194049742191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:05.561150074 CEST4974211940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:09.506308079 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:09.684462070 CEST1194049743191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:09.684596062 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:09.685091972 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:09.868089914 CEST1194049743191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:09.868204117 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:10.047427893 CEST1194049743191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:10.047524929 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:10.178241014 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:10.284249067 CEST1194049743191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:10.284418106 CEST4974311940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:13.619146109 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:13.670972109 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:13.671109915 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.266299009 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.267148972 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.320889950 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.323684931 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.379235983 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.379755974 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.439230919 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.439296007 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.439343929 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.439376116 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.439446926 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.439488888 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.441139936 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.445427895 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.497786045 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.499191046 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.552304029 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.552793980 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.604564905 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.604893923 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.657186985 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.657464981 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.708842993 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.710318089 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.767663002 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.769634962 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821091890 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.821497917 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821619034 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821690083 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821717024 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821779013 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821788073 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821891069 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821897030 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821899891 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821923018 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821927071 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821970940 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.821999073 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.822021961 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.822025061 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.822114944 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.876821041 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876842022 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876848936 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876861095 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876899958 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876912117 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876924992 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876936913 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876950979 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876965046 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.876975060 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.877005100 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877047062 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877051115 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.877078056 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877105951 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877110004 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.877123117 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.877125978 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877135038 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.877147913 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.877177000 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877185106 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877232075 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.877475023 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.928937912 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.929079056 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.929209948 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.929254055 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.929301977 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.929486036 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.929546118 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.929575920 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.929714918 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.929826975 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.930002928 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.930104971 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.930115938 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.930232048 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.930299997 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:14.930449009 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.981656075 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.982131958 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.982146025 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.982569933 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.982857943 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.983150005 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.983421087 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:14.985528946 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:15.193914890 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:15.239947081 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:17.886759043 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:17.887099981 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:17.940721035 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:17.940850019 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:17.940970898 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:17.941335917 CEST58749744217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:17.941571951 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:17.941616058 CEST49744587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.012880087 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.013842106 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.072870970 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.073750973 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.127690077 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.128065109 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.187407970 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.187459946 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.187496901 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.187521935 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.187542915 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.187592030 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.189383984 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.191705942 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.246341944 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.247536898 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.301090956 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.301490068 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.355942965 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.356159925 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.411971092 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.412252903 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.467032909 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.467349052 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.527688026 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.527947903 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.581650019 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.581989050 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.582015038 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.582048893 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.582077026 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.582093000 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.582107067 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.582122087 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.633810997 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.633860111 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.634032965 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.634263039 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.634506941 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.634742975 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.634949923 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.789556980 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.831541061 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.832506895 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.883507013 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.883671999 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.884313107 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.884514093 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.885090113 CEST58749745217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.885231972 CEST49745587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.944071054 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.944447041 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:18.995879889 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:18.996215105 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.050832033 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.051285028 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.114953995 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.115010023 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.115047932 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.115077972 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.115135908 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.115592003 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.117700100 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.128045082 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.179442883 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.181207895 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.232295036 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.232676029 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.285613060 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.285881042 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.339556932 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.339899063 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.392571926 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.392874002 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.451399088 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.451656103 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503217936 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.503652096 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503732920 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503739119 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503782988 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503869057 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503879070 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503892899 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503942013 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503945112 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.503983974 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.559144020 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559175014 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559191942 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559207916 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559223890 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559237957 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559253931 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559268951 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559287071 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.559735060 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.695832014 CEST58749746217.182.175.206192.168.2.3
                                                                          Jun 12, 2021 08:10:19.740396976 CEST49746587192.168.2.3217.182.175.206
                                                                          Jun 12, 2021 08:10:19.828552008 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.007852077 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.007993937 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.008498907 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.196198940 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.196458101 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.374671936 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.375657082 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.606169939 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.613665104 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.613696098 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.613713980 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.613730907 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.613776922 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.613830090 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.791661024 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.791688919 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.791704893 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.791718006 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.791774035 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.791805983 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.792216063 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.792233944 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.792247057 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.792259932 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.792289972 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.792320967 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.969655991 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969685078 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969702959 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969718933 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969737053 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969753981 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969772100 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969784975 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.969789982 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.969811916 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.969835997 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.970150948 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970172882 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970190048 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970206976 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970221043 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.970226049 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970244884 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970244884 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.970263004 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970280886 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:20.970309973 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:20.970350027 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.149926901 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.149966002 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.149982929 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.149997950 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150015116 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150031090 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150046110 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150063038 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150063992 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150080919 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150101900 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150115013 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150119066 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150135040 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150146961 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150151968 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150171041 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150181055 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150187016 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150202990 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150212049 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150250912 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150566101 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150589943 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150609016 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150628090 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150640965 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150646925 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150667906 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150672913 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150688887 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150706053 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150722980 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150743008 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150751114 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150762081 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150778055 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150793076 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150794983 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150814056 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150825977 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150830030 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150847912 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.150860071 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.150893927 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.327918053 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.327974081 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328015089 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328052998 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328089952 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328128099 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328129053 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328167915 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328191996 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328217030 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328260899 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328298092 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328299046 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328337908 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328347921 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328378916 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328417063 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328457117 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328494072 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328509092 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328541994 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328584909 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328591108 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328624010 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328663111 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328677893 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328706980 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328749895 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328790903 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328793049 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328830004 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328830957 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328879118 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328922033 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328959942 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.328974009 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.328999043 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329021931 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329037905 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329075098 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329113007 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329118967 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329153061 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329160929 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329201937 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329246044 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329287052 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329328060 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329339027 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329366922 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329405069 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329412937 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329443932 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329482079 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329484940 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329530954 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329575062 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329593897 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329613924 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329653025 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329665899 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329694986 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329732895 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329771042 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329782963 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329809904 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.329830885 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.329858065 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.330509901 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509135962 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509203911 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509243965 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509283066 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509322882 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509325981 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509351969 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509362936 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509402037 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509442091 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509452105 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509480953 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509491920 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509536028 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509573936 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509587049 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509613991 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509651899 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509664059 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509690046 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509735107 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509735107 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509773016 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509816885 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509823084 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509866953 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509903908 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509907961 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.509944916 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509984016 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.509987116 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510021925 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510061979 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510066032 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510102034 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510148048 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510150909 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510195017 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510232925 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510242939 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510273933 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510313988 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510318995 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510351896 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510391951 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510395050 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510431051 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510473967 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510478973 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510523081 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510560989 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510571003 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510601044 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510638952 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510649920 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510677099 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510719061 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510729074 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510757923 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510803938 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510807037 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510850906 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510890961 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510896921 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.510931969 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510971069 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.510993958 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.511009932 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.511049032 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.511059046 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.511087894 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.511140108 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689284086 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689338923 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689388037 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689431906 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689466000 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689471006 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689491034 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689512014 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689553022 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689589977 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689593077 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689630032 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689630032 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689670086 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689718962 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689764023 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689775944 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689802885 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689807892 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689843893 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689883947 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689922094 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689923048 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689960003 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.689980984 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.689999104 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690042973 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690046072 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690088987 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690124989 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690135002 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690165997 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690205097 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690207958 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690243006 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690284014 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690321922 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690332890 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690370083 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690383911 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690412998 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690450907 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690489054 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690502882 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690527916 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690546989 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690565109 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690603971 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690617085 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690642118 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690689087 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690690041 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690735102 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690772057 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690793037 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690812111 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690850019 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690865993 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.690887928 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690927029 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690963984 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.690989971 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.691013098 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.691020012 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.691056013 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.691092968 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.691134930 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.691163063 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.691203117 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.691226959 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.691241980 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.691297054 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869096041 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869154930 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869195938 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869235039 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869275093 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869281054 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869322062 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869337082 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869395018 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869404078 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869472980 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869513988 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869550943 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869561911 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869590998 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869612932 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869630098 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869667053 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869704962 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869710922 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869746923 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869760990 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869795084 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869837046 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869874954 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869916916 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869923115 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.869956970 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869992971 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.869998932 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870033979 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870073080 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870100021 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870120049 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870161057 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870198011 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870237112 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870246887 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870275974 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870311975 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870321989 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870352030 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870389938 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870393991 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870436907 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870480061 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870517015 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870527983 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870557070 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870572090 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870596886 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870632887 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870671034 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870681047 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870709896 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870743990 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870771885 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870814085 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870851994 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870865107 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870892048 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870906115 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.870929956 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.870966911 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871005058 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871042013 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871054888 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871090889 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871156931 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871186972 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871229887 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871267080 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871299982 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871304989 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871345043 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871381998 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871382952 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871419907 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871436119 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871464014 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871511936 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871553898 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871591091 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871617079 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871629953 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871668100 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871681929 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:21.871705055 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871745110 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871782064 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:21.871845961 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:22.026427984 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:22.253797054 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:22.365710020 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:22.386893988 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:22.564716101 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:22.573075056 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:22.751143932 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:22.751351118 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:22.929374933 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:22.929492950 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:23.166362047 CEST1194049747191.96.25.26192.168.2.3
                                                                          Jun 12, 2021 08:10:23.166435957 CEST4974711940192.168.2.3191.96.25.26
                                                                          Jun 12, 2021 08:10:23.400614977 CEST1194049747191.96.25.26192.168.2.3

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jun 12, 2021 08:08:01.074426889 CEST5696153192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:01.136773109 CEST53569618.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:02.388601065 CEST5935353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:02.440125942 CEST53593538.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:03.754650116 CEST5223853192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:03.808229923 CEST53522388.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:05.060157061 CEST4987353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:05.110476017 CEST53498738.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:06.462075949 CEST5319653192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:06.520953894 CEST53531968.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:07.770997047 CEST5677753192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:07.826273918 CEST53567778.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:09.045250893 CEST5864353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:09.096327066 CEST53586438.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:10.177845955 CEST6098553192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:10.228283882 CEST53609858.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:11.472265959 CEST5020053192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:11.524274111 CEST53502008.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:12.718384027 CEST5128153192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:12.771251917 CEST53512818.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:14.064028025 CEST4919953192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:14.118029118 CEST53491998.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:15.772988081 CEST5062053192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:15.832031012 CEST53506208.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:16.893745899 CEST6493853192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:16.948960066 CEST53649388.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:18.108439922 CEST6015253192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:18.161818027 CEST53601528.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:19.307070971 CEST5754453192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:19.357834101 CEST53575448.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:20.863699913 CEST5598453192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:20.913671970 CEST53559848.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:24.887376070 CEST6418553192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:24.890654087 CEST6511053192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:24.947530031 CEST53641858.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:24.953819036 CEST53651108.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:25.409041882 CEST5836153192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:25.470307112 CEST53583618.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:25.595859051 CEST6349253192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:25.659822941 CEST53634928.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:28.110452890 CEST6083153192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:28.172091007 CEST53608318.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:28.403188944 CEST6010053192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:28.467664003 CEST53601008.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:28.884452105 CEST5319553192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:28.978724003 CEST53531958.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:31.299772024 CEST5014153192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:31.324022055 CEST5302353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:31.359038115 CEST53501418.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:31.384054899 CEST53530238.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:38.726635933 CEST4956353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:38.787091017 CEST53495638.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:44.617669106 CEST5135253192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:44.679912090 CEST53513528.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:08:54.326776028 CEST5934953192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:08:54.503034115 CEST53593498.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:09.557229996 CEST5708453192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:09.574312925 CEST5882353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:09.575066090 CEST5756853192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:09.607495070 CEST53570848.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:09.624795914 CEST53588238.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:09.633641005 CEST53575688.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:09.961182117 CEST5054053192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:10.023971081 CEST53505408.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:15.375874996 CEST5436653192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:15.551716089 CEST53543668.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:33.977591038 CEST5303453192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:34.038955927 CEST53530348.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:54.043296099 CEST5776253192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:54.111274958 CEST53577628.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:09:57.715130091 CEST5543553192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:09:57.793838978 CEST53554358.8.8.8192.168.2.3
                                                                          Jun 12, 2021 08:10:02.387377977 CEST5071353192.168.2.38.8.8.8
                                                                          Jun 12, 2021 08:10:02.450416088 CEST53507138.8.8.8192.168.2.3

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                          Jun 12, 2021 08:08:28.403188944 CEST192.168.2.38.8.8.80xae51Standard query (0)clientconfig.passport.netA (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:08:54.326776028 CEST192.168.2.38.8.8.80xdd02Standard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:09:15.375874996 CEST192.168.2.38.8.8.80xc79aStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:09:33.977591038 CEST192.168.2.38.8.8.80x2cccStandard query (0)sys2021.linkpc.netA (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:09:57.715130091 CEST192.168.2.38.8.8.80xb4eeStandard query (0)mail.jetport-aero.comA (IP address)IN (0x0001)

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                          Jun 12, 2021 08:08:25.470307112 CEST8.8.8.8192.168.2.30x5e14No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                          Jun 12, 2021 08:08:28.467664003 CEST8.8.8.8192.168.2.30xae51No error (0)clientconfig.passport.netauthgfx.msa.akadns6.netCNAME (Canonical name)IN (0x0001)
                                                                          Jun 12, 2021 08:08:54.503034115 CEST8.8.8.8192.168.2.30xdd02No error (0)sys2021.linkpc.net52.39.28.134A (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:09:15.551716089 CEST8.8.8.8192.168.2.30xc79aNo error (0)sys2021.linkpc.net52.39.28.134A (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:09:34.038955927 CEST8.8.8.8192.168.2.30x2cccNo error (0)sys2021.linkpc.net52.39.28.134A (IP address)IN (0x0001)
                                                                          Jun 12, 2021 08:09:57.793838978 CEST8.8.8.8192.168.2.30xb4eeNo error (0)mail.jetport-aero.comjetport-aero.comCNAME (Canonical name)IN (0x0001)
                                                                          Jun 12, 2021 08:09:57.793838978 CEST8.8.8.8192.168.2.30xb4eeNo error (0)jetport-aero.com217.182.175.206A (IP address)IN (0x0001)

                                                                          SMTP Packets

                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                          Jun 12, 2021 08:09:58.023027897 CEST58749736217.182.175.206192.168.2.3220-ns3819423.ip-217-182-175.eu ESMTP Exim 4.93 #2 Sat, 12 Jun 2021 11:39:58 +0530
                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                          220 and/or bulk e-mail.
                                                                          Jun 12, 2021 08:09:58.027066946 CEST49736587192.168.2.3217.182.175.206EHLO 639509
                                                                          Jun 12, 2021 08:09:58.078576088 CEST58749736217.182.175.206192.168.2.3250-ns3819423.ip-217-182-175.eu Hello 639509 [84.17.52.18]
                                                                          250-SIZE 52428800
                                                                          250-8BITMIME
                                                                          250-PIPELINING
                                                                          250-AUTH PLAIN LOGIN
                                                                          250-STARTTLS
                                                                          250 HELP
                                                                          Jun 12, 2021 08:09:58.079933882 CEST49736587192.168.2.3217.182.175.206STARTTLS
                                                                          Jun 12, 2021 08:09:58.133795977 CEST58749736217.182.175.206192.168.2.3220 TLS go ahead
                                                                          Jun 12, 2021 08:09:58.883198977 CEST58749736217.182.175.206192.168.2.3421 Lost incoming connection
                                                                          Jun 12, 2021 08:10:14.266299009 CEST58749744217.182.175.206192.168.2.3220-ns3819423.ip-217-182-175.eu ESMTP Exim 4.93 #2 Sat, 12 Jun 2021 11:40:14 +0530
                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                          220 and/or bulk e-mail.
                                                                          Jun 12, 2021 08:10:14.267148972 CEST49744587192.168.2.3217.182.175.206EHLO 639509
                                                                          Jun 12, 2021 08:10:14.320889950 CEST58749744217.182.175.206192.168.2.3250-ns3819423.ip-217-182-175.eu Hello 639509 [84.17.52.18]
                                                                          250-SIZE 52428800
                                                                          250-8BITMIME
                                                                          250-PIPELINING
                                                                          250-AUTH PLAIN LOGIN
                                                                          250-STARTTLS
                                                                          250 HELP
                                                                          Jun 12, 2021 08:10:14.323684931 CEST49744587192.168.2.3217.182.175.206STARTTLS
                                                                          Jun 12, 2021 08:10:14.379235983 CEST58749744217.182.175.206192.168.2.3220 TLS go ahead
                                                                          Jun 12, 2021 08:10:17.940721035 CEST58749744217.182.175.206192.168.2.3421 ns3819423.ip-217-182-175.eu lost input connection
                                                                          Jun 12, 2021 08:10:18.012880087 CEST58749745217.182.175.206192.168.2.3220-ns3819423.ip-217-182-175.eu ESMTP Exim 4.93 #2 Sat, 12 Jun 2021 11:40:18 +0530
                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                          220 and/or bulk e-mail.
                                                                          Jun 12, 2021 08:10:18.013842106 CEST49745587192.168.2.3217.182.175.206EHLO 639509
                                                                          Jun 12, 2021 08:10:18.072870970 CEST58749745217.182.175.206192.168.2.3250-ns3819423.ip-217-182-175.eu Hello 639509 [84.17.52.18]
                                                                          250-SIZE 52428800
                                                                          250-8BITMIME
                                                                          250-PIPELINING
                                                                          250-AUTH PLAIN LOGIN
                                                                          250-STARTTLS
                                                                          250 HELP
                                                                          Jun 12, 2021 08:10:18.073750973 CEST49745587192.168.2.3217.182.175.206STARTTLS
                                                                          Jun 12, 2021 08:10:18.127690077 CEST58749745217.182.175.206192.168.2.3220 TLS go ahead
                                                                          Jun 12, 2021 08:10:18.884313107 CEST58749745217.182.175.206192.168.2.3421 ns3819423.ip-217-182-175.eu lost input connection
                                                                          Jun 12, 2021 08:10:18.944071054 CEST58749746217.182.175.206192.168.2.3220-ns3819423.ip-217-182-175.eu ESMTP Exim 4.93 #2 Sat, 12 Jun 2021 11:40:18 +0530
                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                          220 and/or bulk e-mail.
                                                                          Jun 12, 2021 08:10:18.944447041 CEST49746587192.168.2.3217.182.175.206EHLO 639509
                                                                          Jun 12, 2021 08:10:18.995879889 CEST58749746217.182.175.206192.168.2.3250-ns3819423.ip-217-182-175.eu Hello 639509 [84.17.52.18]
                                                                          250-SIZE 52428800
                                                                          250-8BITMIME
                                                                          250-PIPELINING
                                                                          250-AUTH PLAIN LOGIN
                                                                          250-STARTTLS
                                                                          250 HELP
                                                                          Jun 12, 2021 08:10:18.996215105 CEST49746587192.168.2.3217.182.175.206STARTTLS
                                                                          Jun 12, 2021 08:10:19.050832033 CEST58749746217.182.175.206192.168.2.3220 TLS go ahead

                                                                          Code Manipulations

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          Analysis Process: wscript.exe PID: 4804 Parent PID: 3388

                                                                          General

                                                                          Start time:08:08:06
                                                                          Start date:12/06/2021
                                                                          Path:C:\Windows\System32\wscript.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Invoice#06-11-2021_PDF.vbs'
                                                                          Imagebase:0x7ff679cd0000
                                                                          File size:163840 bytes
                                                                          MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: file1.exe PID: 5784 Parent PID: 4804

                                                                          General

                                                                          Start time:08:08:10
                                                                          Start date:12/06/2021
                                                                          Path:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\AppData\Local\Temp\file1.exe'
                                                                          Imagebase:0x5d0000
                                                                          File size:756224 bytes
                                                                          MD5 hash:07C82C84BAEC92953A270419C72D7F10
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.297937965.0000000003F51000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.307230936.000000000D351000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: 2name.exe PID: 5828 Parent PID: 4804

                                                                          General

                                                                          Start time:08:08:10
                                                                          Start date:12/06/2021
                                                                          Path:C:\Users\user\AppData\Local\Temp\2name.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\AppData\Local\Temp\2name.exe'
                                                                          Imagebase:0x190000
                                                                          File size:726016 bytes
                                                                          MD5 hash:CF4CD927CCC626FB016D0E91CF6BD456
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000002.311010210.000000000CDE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.294907318.00000000038B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000002.294907318.00000000038B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: 2name.exe PID: 5004 Parent PID: 5828

                                                                          General

                                                                          Start time:08:08:47
                                                                          Start date:12/06/2021
                                                                          Path:C:\Users\user\AppData\Local\Temp\2name.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:{path}
                                                                          Imagebase:0xa30000
                                                                          File size:726016 bytes
                                                                          MD5 hash:CF4CD927CCC626FB016D0E91CF6BD456
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000010.00000002.468518858.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.477741518.0000000003301000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000000.288308557.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000010.00000000.288308557.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: schtasks.exe PID: 5412 Parent PID: 5784

                                                                          General

                                                                          Start time:08:08:48
                                                                          Start date:12/06/2021
                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\HHyKJahmIz' /XML 'C:\Users\user\AppData\Local\Temp\tmpC46.tmp'
                                                                          Imagebase:0x930000
                                                                          File size:185856 bytes
                                                                          MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: conhost.exe PID: 5076 Parent PID: 5412

                                                                          General

                                                                          Start time:08:08:49
                                                                          Start date:12/06/2021
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6b2800000
                                                                          File size:625664 bytes
                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: file1.exe PID: 4076 Parent PID: 5784

                                                                          General

                                                                          Start time:08:08:49
                                                                          Start date:12/06/2021
                                                                          Path:C:\Users\user\AppData\Local\Temp\file1.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:{path}
                                                                          Imagebase:0xc40000
                                                                          File size:756224 bytes
                                                                          MD5 hash:07C82C84BAEC92953A270419C72D7F10
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000002.479174515.0000000004334000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000015.00000000.291952352.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000015.00000002.468642288.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000002.479905732.0000000005680000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000015.00000002.479905732.0000000005680000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000015.00000000.292645242.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000015.00000002.480599769.0000000005C00000.00000004.00000001.sdmp, Author: Joe Security
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Disassembly

                                                                          Code Analysis

                                                                          Reset < >

                                                                            Analysis Process: file1.exe PID: 5784 Parent PID: 4804 file1.exeCOMMON

                                                                            Executed Functions

                                                                            Function 02B40118, Relevance: 13.3, Strings: 7, Instructions: 4519COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TD1q$TD1q$`-/q$w/q$w/q$w/q$w/q
                                                                            • API String ID: 0-3896388975
                                                                            • Opcode ID: 7015c337b850596555b29d77ede4c30e81a5fb8f4c60d80033daa52247d7ff90
                                                                            • Instruction ID: 0d13c68c4c75398e9b10154f0585f52ef9dfad55343bb45940310a36fd816c5f
                                                                            • Opcode Fuzzy Hash: 7015c337b850596555b29d77ede4c30e81a5fb8f4c60d80033daa52247d7ff90
                                                                            • Instruction Fuzzy Hash: BEA3C434A02219CFDB25DB24C994BE9B7B2FF89301F5541E8D509AB361CB32AE95CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B40128, Relevance: 13.3, Strings: 7, Instructions: 4515COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TD1q$TD1q$`-/q$w/q$w/q$w/q$w/q
                                                                            • API String ID: 0-3896388975
                                                                            • Opcode ID: 22699858aaa154c5269a2ee13906dbd2d668b08f9cca6796e456e0a7d53c51ea
                                                                            • Instruction ID: a50314ea765e000aaab50a8d2fcef1affa563c99855997e4d51fad453eabb441
                                                                            • Opcode Fuzzy Hash: 22699858aaa154c5269a2ee13906dbd2d668b08f9cca6796e456e0a7d53c51ea
                                                                            • Instruction Fuzzy Hash: 6EA3C434A02219CFDB25DB24C994BE9B7B2FF89301F5541E8D509AB361CB32AE95CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46138, Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
                                                                            • API String ID: 0-2582972406
                                                                            • Opcode ID: 415e7e27ac9043c107d0b113800e8aa5f22c35fd0280ef81bb6258dba0de00be
                                                                            • Instruction ID: 04ab8ef918b929f52fbcdc3fc57f6e1cfc43e4d4b5b3583a35eacff308526fb1
                                                                            • Opcode Fuzzy Hash: 415e7e27ac9043c107d0b113800e8aa5f22c35fd0280ef81bb6258dba0de00be
                                                                            • Instruction Fuzzy Hash: BF91C3B4E002589FDB54DFA9C884A9EBBF2FF99300F24C06AD508AB355DB75A941CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46148, Relevance: 6.4, Strings: 5, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
                                                                            • API String ID: 0-2582972406
                                                                            • Opcode ID: 803d7c69556c2fbfdaac50322c2fbdc1dece1b23b144ed6226223692dffdb00e
                                                                            • Instruction ID: a01b26f92fcf18f464eee29fdce9ce6a0be76a1925bdc996633111e81da5c365
                                                                            • Opcode Fuzzy Hash: 803d7c69556c2fbfdaac50322c2fbdc1dece1b23b144ed6226223692dffdb00e
                                                                            • Instruction Fuzzy Hash: 8991B1B4E002189FDB54DFA9C884A9EBBF2FF88300F24C06AD518AB354DB75A941CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46C00, Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: dm$f]Ir$UXq^
                                                                            • API String ID: 0-934423781
                                                                            • Opcode ID: 33b151cb3782854f478d652df9e246b38e0a533a397324a39d66b139c2f3ba74
                                                                            • Instruction ID: 1bbdf1179810f77fd49dfad91706ddab9c1e49a8b428cf0b20a7d0407bea3de9
                                                                            • Opcode Fuzzy Hash: 33b151cb3782854f478d652df9e246b38e0a533a397324a39d66b139c2f3ba74
                                                                            • Instruction Fuzzy Hash: A0510870E012189FEB18CF66C984B9EFBB3AF89300F15D5AAD448AB255DB309A45CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B476A6, Relevance: 2.7, Strings: 2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: K/^Y$zO>
                                                                            • API String ID: 0-2663914414
                                                                            • Opcode ID: c32d6f5b0f203d5a5c8f2a610c2b4655adff2bc72a58731c7a5cc0e534c8531e
                                                                            • Instruction ID: 96ed87edc868eb6d7f71ae4cf5e2266a74fe140bf20de2d6f11a9fe065d6aa66
                                                                            • Opcode Fuzzy Hash: c32d6f5b0f203d5a5c8f2a610c2b4655adff2bc72a58731c7a5cc0e534c8531e
                                                                            • Instruction Fuzzy Hash: 72A167B4D05249DFDB08CFA9C494AEEFBB2FF8A300F5485AAD441AB214DB355902DF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B476FE, Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: K/^Y$zO>
                                                                            • API String ID: 0-2663914414
                                                                            • Opcode ID: 0d8e36c21087d6ecc59df89b0e4d3b9bcbd3918a8ca72709e4e133dfd6d39aaf
                                                                            • Instruction ID: 7931d4baf226a045063fb6209cca1ab26aab403b680d87d027928731e5e310c0
                                                                            • Opcode Fuzzy Hash: 0d8e36c21087d6ecc59df89b0e4d3b9bcbd3918a8ca72709e4e133dfd6d39aaf
                                                                            • Instruction Fuzzy Hash: 428104B4D05249DFDB08CFA5C484AAEFBB2FF89300F1085AAD405BB254DB355942DF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B47720, Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: K/^Y$zO>
                                                                            • API String ID: 0-2663914414
                                                                            • Opcode ID: 6aa4cc763222c38c981c400ee78e81fea532486aebcfcac729a564c7da3765e4
                                                                            • Instruction ID: eb2c196c97b0daf384be37e56015a3513266e846feffee4dd114e8235ed3af7a
                                                                            • Opcode Fuzzy Hash: 6aa4cc763222c38c981c400ee78e81fea532486aebcfcac729a564c7da3765e4
                                                                            • Instruction Fuzzy Hash: 9671E2B4D01219DFDB08CFA9C984AAEFBB2FF88300F10856AD506BB254DB345A42DF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B467C0, Relevance: 2.6, Strings: 2, Instructions: 146COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: X1kr$X1kr
                                                                            • API String ID: 0-2397868964
                                                                            • Opcode ID: a399dfc7da3c007935dcb247bfe5bded5f97f2330fe2775ef2cfc01084905b6f
                                                                            • Instruction ID: a9405807f2cefe179ecb5169170e12ed8c384dcfd57ab4765ca8c2d1b4871f7f
                                                                            • Opcode Fuzzy Hash: a399dfc7da3c007935dcb247bfe5bded5f97f2330fe2775ef2cfc01084905b6f
                                                                            • Instruction Fuzzy Hash: 43510774E042589FDB08DFA9C580AAEFBF2FF89304F24D5A6D404AB255DB34AA41DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05153483, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05153503
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: 01d71e7dd23381fc40ba3b02031702b17b98df9c9cc92e4f98eef89605bb4e3e
                                                                            • Instruction ID: 4e283e7da1dc9f97461dd04110241fd893d59ff32d017a9d5f43c1774b5851e2
                                                                            • Opcode Fuzzy Hash: 01d71e7dd23381fc40ba3b02031702b17b98df9c9cc92e4f98eef89605bb4e3e
                                                                            • Instruction Fuzzy Hash: EC219F76509784AFDB238F25DC40B52BFF4AF06220F08859AED858B163D375D908DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152102, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameA.ADVAPI32(?,00000E2C), ref: 05152169
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID:
                                                                            • API String ID: 2645101109-0
                                                                            • Opcode ID: 71ffdef51068227b680a33a16efdcb0bf202f6dd817c9ada01004435df75ce8b
                                                                            • Instruction ID: 7acd85b12044b7c54fc57c8b016da3a9e526222a304fb44c50ea1926bef2dabd
                                                                            • Opcode Fuzzy Hash: 71ffdef51068227b680a33a16efdcb0bf202f6dd817c9ada01004435df75ce8b
                                                                            • Instruction Fuzzy Hash: 7C11B172500204AFE720DB28DC85FABBBACEF45720F14846BEE05DB241D6B4A509CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05153A39, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05153AA5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID:
                                                                            • API String ID: 3562636166-0
                                                                            • Opcode ID: 56f5f4c385270a7a1cac132d812ea6d34b2f55b657d71633faebb6a029afd82b
                                                                            • Instruction ID: 77f5d4592273dc95f61f70aa22102c3fcbdc16934780c457c368862e85ff543f
                                                                            • Opcode Fuzzy Hash: 56f5f4c385270a7a1cac132d812ea6d34b2f55b657d71633faebb6a029afd82b
                                                                            • Instruction Fuzzy Hash: E11190754097C4AFD7228F21DC44A62FFB4EF17220F0984DAED848B263D275A918DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051534BA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05153503
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: e737ab3c1350e808b12ec3f43a71c012059d30b11255a738fdf37c56dd4912b9
                                                                            • Instruction ID: d95c42ddd8e50349e0fd2785cbeb66a5da23423c7e939f0c1c8cc41554d73ddf
                                                                            • Opcode Fuzzy Hash: e737ab3c1350e808b12ec3f43a71c012059d30b11255a738fdf37c56dd4912b9
                                                                            • Instruction Fuzzy Hash: E6115E72504604DFDB21CF55D844B66FBE4EF04221F08896AEE568B611D375E818DB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05153A6A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05153AA5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID:
                                                                            • API String ID: 3562636166-0
                                                                            • Opcode ID: af66ff81731db63509b22767566c8dba003cdeb5476a4f3995d23158510576b8
                                                                            • Instruction ID: fe487d12f57ea61182b25dc4df1f35d0153e3b7c0bf528591de985a3b6f415df
                                                                            • Opcode Fuzzy Hash: af66ff81731db63509b22767566c8dba003cdeb5476a4f3995d23158510576b8
                                                                            • Instruction Fuzzy Hash: D8018B35500644DFDB20CF55D884B26FFA0EF08320F08C89ADE694B212C3B5A418CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A9458F, Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: ee3bd12a270e9ac21dd661ad5bc7f14c0e59bcb0d1289e44f00426bf2e1e820c
                                                                            • Instruction ID: 43e0cffe1bd9fdb2b1aa70dce636d4e92732abe5316c3b7e541253eee8939e6f
                                                                            • Opcode Fuzzy Hash: ee3bd12a270e9ac21dd661ad5bc7f14c0e59bcb0d1289e44f00426bf2e1e820c
                                                                            • Instruction Fuzzy Hash: 4571DEB4E01248DFCB04DFE5D994AADBBB2FF89300F20906AD845AB358DB345A42CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A945A0, Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: dd54f4d2aee612005b69e216f990e14d9ebac6a6966809a29182a61ea5680e60
                                                                            • Instruction ID: 6f3030c8ea61bad2548a37c44fda4ed31160af3da6cd661ffc0aca14317db278
                                                                            • Opcode Fuzzy Hash: dd54f4d2aee612005b69e216f990e14d9ebac6a6966809a29182a61ea5680e60
                                                                            • Instruction Fuzzy Hash: 9571BDB4E01249DFCB04DFE5D9949AEBBB2FF89300F20906AD805AB358DB355A42CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B44EC8, Relevance: .8, Instructions: 822COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 25e141e9d727608cfbc3f50acdd1600ea1f28c1d9fd3909806c8b3274f987279
                                                                            • Instruction ID: dfa46c00ccdcd83dda87456e2e6738689834ccdc85bde75fc2467176da7ac670
                                                                            • Opcode Fuzzy Hash: 25e141e9d727608cfbc3f50acdd1600ea1f28c1d9fd3909806c8b3274f987279
                                                                            • Instruction Fuzzy Hash: FA82B871C05628CFEB24CF96C8883EDFAF5BB59309F5480E9C549A6291DBB50AC9DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C967, Relevance: .3, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ebd2c6b808ec3b9ade6091c3469a527d01290627c7fb9992e8acbfdcbc90e063
                                                                            • Instruction ID: 076adb6d6b6abdfb903d7a9ff1df7ff3b10b57d0223a03582c41893a508b766a
                                                                            • Opcode Fuzzy Hash: ebd2c6b808ec3b9ade6091c3469a527d01290627c7fb9992e8acbfdcbc90e063
                                                                            • Instruction Fuzzy Hash: 43C12574E01218DFDB14DFA9C580AADFBB2BF89304F2481AAD415AB355CB35AA42DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4D130, Relevance: .2, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: debfbd29976595c174153c35042e5ccb07f3d662f4fe8f92fccfdf4c26abb76f
                                                                            • Instruction ID: 9f17c3b7088c385737dc935d17e011d344fa9dacc73d057a303456c4a9b1aaa0
                                                                            • Opcode Fuzzy Hash: debfbd29976595c174153c35042e5ccb07f3d662f4fe8f92fccfdf4c26abb76f
                                                                            • Instruction Fuzzy Hash: 72A13AB0D0525ADFCB04CFA6C5806AEFBF2FF89314F649599D411AB254DB349A82CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C649, Relevance: .2, Instructions: 221COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7c4805367af8551d5662b1ac1eaa79db2139f973f76c14fbae4043cfd106e66a
                                                                            • Instruction ID: adcd387cfe93a7786aeba3cf956542bbd0efbc6f654d96762fe572d199fa2387
                                                                            • Opcode Fuzzy Hash: 7c4805367af8551d5662b1ac1eaa79db2139f973f76c14fbae4043cfd106e66a
                                                                            • Instruction Fuzzy Hash: 18A1CEB1D02348DFCB14DFA8D58899CBFF1FB48718B54A4AAD446EB229EB349901DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C78E, Relevance: .2, Instructions: 187COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0d5687d60f6b58a4d9b180129b4a059cfc82702c3a80ade6ec3f037dcbd19e19
                                                                            • Instruction ID: f1047061d2e96e271cf4fb92d94b48e44967a786b80a17f5d42827330a4e1510
                                                                            • Opcode Fuzzy Hash: 0d5687d60f6b58a4d9b180129b4a059cfc82702c3a80ade6ec3f037dcbd19e19
                                                                            • Instruction Fuzzy Hash: 55818AB1902248DFCB14DFA8E69499CBFF1FB5C704B54A4AAD406EB318EB749A00DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C84E, Relevance: .2, Instructions: 181COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2dd1f4339217b851a81157f0893583abe7678391ecf7c2ac89ede42991cbbbae
                                                                            • Instruction ID: 971ab05433d135868054c9c22bf7b41cfbcb416dc6818b5c9cbce81cce7287fe
                                                                            • Opcode Fuzzy Hash: 2dd1f4339217b851a81157f0893583abe7678391ecf7c2ac89ede42991cbbbae
                                                                            • Instruction Fuzzy Hash: 1F81AEB1902348DFCB14DFA8E69499CBFF1FB4C708B5494AAD406EB269EB749901DF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B47EF9, Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3dd8243849bba09d412f92df4e01b2f8f53a183e44dde788230b7c9e4bcf861
                                                                            • Instruction ID: 30e34f4e57a4dd29a66caf5d09280d0834c8491774325cc58a1414efd107d722
                                                                            • Opcode Fuzzy Hash: a3dd8243849bba09d412f92df4e01b2f8f53a183e44dde788230b7c9e4bcf861
                                                                            • Instruction Fuzzy Hash: 555138B1E046498FDB08CFA6C5846AEFBF2FF88301F24D16AD459A7250DB349941DF64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A95420, Relevance: .1, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 297a08d9a11142d1917ffaa21ce7adc294abc226de2a770334c01dbb9f999d9c
                                                                            • Instruction ID: 00a26a5f043d262f466403936abecdaa21675dabcaeb5ace8d3788d9164c408d
                                                                            • Opcode Fuzzy Hash: 297a08d9a11142d1917ffaa21ce7adc294abc226de2a770334c01dbb9f999d9c
                                                                            • Instruction Fuzzy Hash: F141E875D0522ACBDB68CF6AC9447A9B7F6FB89300F5084FAC51DA7254EB305A85DF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A95411, Relevance: .1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6561899386ee8535361294d70a5301ca40dead9b9782107b65a10754b21d9ae3
                                                                            • Instruction ID: aeaf3f1b8e4f20d1fd816613f92409e4440cd14ca8c66de79a03e5dd3bd6be78
                                                                            • Opcode Fuzzy Hash: 6561899386ee8535361294d70a5301ca40dead9b9782107b65a10754b21d9ae3
                                                                            • Instruction Fuzzy Hash: 7E41E971D0121A8FDB68CF6AC94479ABBF2BF89300F5085F9C51DA7254EB345A85DF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4ED80, Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 176e0d438348964dec80ee8e7b1dfc1b3aba123bfbd5fa84e22f4f674ba97fe5
                                                                            • Instruction ID: dfcdd0e9ca83e248069fc6567111da282d7fc7c6046a9e6950b74837d58bfd29
                                                                            • Opcode Fuzzy Hash: 176e0d438348964dec80ee8e7b1dfc1b3aba123bfbd5fa84e22f4f674ba97fe5
                                                                            • Instruction Fuzzy Hash: 37313870D45209DFCB44DFA5D6845EEBBF6FB8D250F20A8AAD105B7204DB359901CF68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4ED72, Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 04d430172fba1e9725296d3e9ff23dfbb7815613d1b28643b8176082f45acffa
                                                                            • Instruction ID: 8993600d9b53d6285da77f14e8df47053beb8d7673a543f116bdc7cc2e90eb28
                                                                            • Opcode Fuzzy Hash: 04d430172fba1e9725296d3e9ff23dfbb7815613d1b28643b8176082f45acffa
                                                                            • Instruction Fuzzy Hash: 75312870D15209DFCB44CFA9D6845EEBBF2FB8E250F20A8AAD105B7214DB359901CF68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B487E8, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b7647e6792a3059580c626f45ea919ed9c433a9539a3242495ede1c7ce65c135
                                                                            • Instruction ID: 5fb6cdb852a4740e0d121ef1f978be75fb30bb32148b87646e268cdfd1a0ce42
                                                                            • Opcode Fuzzy Hash: b7647e6792a3059580c626f45ea919ed9c433a9539a3242495ede1c7ce65c135
                                                                            • Instruction Fuzzy Hash: 7D210C71E006588BDB18CFAAC8447DEFBF3AFC9310F14C06AD508A6258DB351956DF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A908CD, Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `(&$`(&
                                                                            • API String ID: 0-1586070177
                                                                            • Opcode ID: 08eaacf091e2d0065b3c404f60beb8049950028ca6e4e05cab35c53d606ff017
                                                                            • Instruction ID: dfb05566683b0a92a7178b748f18beec23a2863c63c588ab730157e9f5709065
                                                                            • Opcode Fuzzy Hash: 08eaacf091e2d0065b3c404f60beb8049950028ca6e4e05cab35c53d606ff017
                                                                            • Instruction Fuzzy Hash: F5310074D042298FCFA4CF61D8847A9BBF5BB89345F2084EA804EAB244DE345A89DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051520A2, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameA.ADVAPI32(?,00000E2C), ref: 05152169
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID:
                                                                            • API String ID: 2645101109-0
                                                                            • Opcode ID: b36f74f8bbf34c28ea0256f6be49323f026c2712aec617103ad6e8e2a330b1e0
                                                                            • Instruction ID: 335a3a6e7a96e8c1129c1674919aae36d05b8f70a77e332db717bfbd44b65d79
                                                                            • Opcode Fuzzy Hash: b36f74f8bbf34c28ea0256f6be49323f026c2712aec617103ad6e8e2a330b1e0
                                                                            • Instruction Fuzzy Hash: 49316D7210A3C46FE7138B348C54BA6BFB89F03210F0985DBE985DB1A3D2689849C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152E73, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05152F23
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 3e168159a1d4a18337903ef243fafdca3cbc8f4d14de0ca1b99b0cf460de0754
                                                                            • Instruction ID: 37cb5a5587cabb0f3e4f9e1671b72dbacb2a2579a70c4c9eae6860086efd7c57
                                                                            • Opcode Fuzzy Hash: 3e168159a1d4a18337903ef243fafdca3cbc8f4d14de0ca1b99b0cf460de0754
                                                                            • Instruction Fuzzy Hash: 7031A272404384AFEB228B65DC44F66BFA8EF46320F08849BF985DB152D224A909DB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051527FA, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 051528A4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationToken
                                                                            • String ID:
                                                                            • API String ID: 4114910276-0
                                                                            • Opcode ID: f2f9479939c6e46ba160e2de6909dbffedd248c08d483328ecf4c959945d0115
                                                                            • Instruction ID: 2ef5ee4d3b1c9d73cdd5c6c164edc187595adcc459fdc738c3616f5c23888be7
                                                                            • Opcode Fuzzy Hash: f2f9479939c6e46ba160e2de6909dbffedd248c08d483328ecf4c959945d0115
                                                                            • Instruction Fuzzy Hash: AD31B372409384AFEB228F65DC45FA7BFB8EF06310F08849BE9849B153D234A909C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 010BACD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: db5a1b2989791e0bf61b3ed3e6a77ddac64392ef884fe18dc694e5d998f850a5
                                                                            • Instruction ID: 4ea9d5746f4797be34b5e6bdb2f0acc25c8346a9cac7dd386813e5845c5f6255
                                                                            • Opcode Fuzzy Hash: db5a1b2989791e0bf61b3ed3e6a77ddac64392ef884fe18dc694e5d998f850a5
                                                                            • Instruction Fuzzy Hash: C931A472504384AFE7228B25CC85FA7BFECEF06710F04859BED819B152D265A809CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152388, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05152429
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 361829e88b807614430a29ca88c1e335d56d70f9b5b28b54204e5f9622c720cf
                                                                            • Instruction ID: 87e130a8e58dd0b2c429d1fbdcd0f9a16166fd708fa40ae00fefe41668e73f54
                                                                            • Opcode Fuzzy Hash: 361829e88b807614430a29ca88c1e335d56d70f9b5b28b54204e5f9622c720cf
                                                                            • Instruction Fuzzy Hash: 31316D76504340AFE722CB65CC44F66BFE8EF45620F0884AEED859B252D375E809CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 010BADD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: dd48f0919260f06a94de887cc759bf5ebd958d9d4132031d806a77bd0054e283
                                                                            • Instruction ID: ea91317741868d5a890dee259bd644813a88b6c2394c08d9a069526f4c9936f2
                                                                            • Opcode Fuzzy Hash: dd48f0919260f06a94de887cc759bf5ebd958d9d4132031d806a77bd0054e283
                                                                            • Instruction Fuzzy Hash: 65319371509784AFE722CB25CC85FA2BFF8EF06310F1884DAE9859B153D264E549CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05151556, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 051515FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: 4871d9780a68403981e95e604f78c367995602938bf2e614147e5d40a297e02f
                                                                            • Instruction ID: 8f167532d493ef788794d8ff87a4048c9c45f6afeb28835655d1d6c0f7d395d5
                                                                            • Opcode Fuzzy Hash: 4871d9780a68403981e95e604f78c367995602938bf2e614147e5d40a297e02f
                                                                            • Instruction Fuzzy Hash: 2E31A2B1509780AFE712CB25DC84F56FFE8EF06210F08849AED85DB292D375E909CB65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05151654, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 0515170A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: a7f91f484a735a85f1e6ceb25dd35147bf6e65e08d77ead9508d60dca7d15877
                                                                            • Instruction ID: 8b6dd059defc3c2e9def7d2bced30ee75aa719c699e9e11d3a74f51dcecabb53
                                                                            • Opcode Fuzzy Hash: a7f91f484a735a85f1e6ceb25dd35147bf6e65e08d77ead9508d60dca7d15877
                                                                            • Instruction Fuzzy Hash: C831D7754097C06FD3038B25DC51B62BFB8FF47624F0A81DBE9848B563E264691AC7B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152A93, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05152B2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: OpenPolicy
                                                                            • String ID:
                                                                            • API String ID: 2030686058-0
                                                                            • Opcode ID: 571a09919adbbdde9c3c4f8a07bc6ddadb639d46e5cfa67b90a44bf7b3912703
                                                                            • Instruction ID: d424fd12804b6c5d1fd98649f490bf69c27780f77a80e4fa018a7ac3d3259b72
                                                                            • Opcode Fuzzy Hash: 571a09919adbbdde9c3c4f8a07bc6ddadb639d46e5cfa67b90a44bf7b3912703
                                                                            • Instruction Fuzzy Hash: 49218272504344AFE721CF65DC84F66FFA8EF46710F18849BED849B252D335A908CB65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051521C7, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowA.USER32(?,00000E2C), ref: 0515226A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FindWindow
                                                                            • String ID:
                                                                            • API String ID: 134000473-0
                                                                            • Opcode ID: d5a1789b8acd117bb758697130cfc84d4fcb051b450d90234d49a360ee27c486
                                                                            • Instruction ID: de7991e6dc14caaa2825e62e14253a2ddcd478b673da71784abeb490f6027429
                                                                            • Opcode Fuzzy Hash: d5a1789b8acd117bb758697130cfc84d4fcb051b450d90234d49a360ee27c486
                                                                            • Instruction Fuzzy Hash: 6021A875409380AFE7128F24DC41F96BFA8EF46320F18849BED449F192D3B8A949C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152480, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 05152515
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: fc6d88e0fbb9b9147d2a88c7d3c4205e2952924620b0d896db7443da3fb44f12
                                                                            • Instruction ID: 33c0d35daa5a38928272eb2c3a1ec06b255d8a0938bacd7c44c5c5f8266e6ae2
                                                                            • Opcode Fuzzy Hash: fc6d88e0fbb9b9147d2a88c7d3c4205e2952924620b0d896db7443da3fb44f12
                                                                            • Instruction Fuzzy Hash: 6C212B764093806FE7128B25DC41FA2BFA8EF47720F1880D7ED848B193D2646909C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152EA6, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05152F23
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 3529e62d820f36c67761dacaebe561abdbfa9cf322f78f9bdb5191e469c1a353
                                                                            • Instruction ID: fae04553c61b5fc70d8b30e4e3b8a9c5be6880fea18790af1f03fce759a851a1
                                                                            • Opcode Fuzzy Hash: 3529e62d820f36c67761dacaebe561abdbfa9cf322f78f9bdb5191e469c1a353
                                                                            • Instruction Fuzzy Hash: FF21BD72500204AFEB218F64DC44F6BBBACEF05320F14896BFE45DB251D774A4088B71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA2AC, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 010BA346
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: c55f2a098e1010840d58cab2da1c2ee65442bb174aa34650b6727a9124d0a65c
                                                                            • Instruction ID: 2fa5582737c1a5ce12b0266d46660bcc659f886a1fdba34e1069cadfa6964c72
                                                                            • Opcode Fuzzy Hash: c55f2a098e1010840d58cab2da1c2ee65442bb174aa34650b6727a9124d0a65c
                                                                            • Instruction Fuzzy Hash: 8D21B67154D3C06FD3138B259C51B62BFB4EF87624F0981DBE884CB653D225A919C7B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051523AA, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05152429
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 23398ae05115d4e1262c264124de9f342cb1f0c5b97b1b015063ccb49124cf79
                                                                            • Instruction ID: 5622111ddf7ef2811cb502bc4c7f30e1f60cf97f94e2cacfb01a77b954142a9b
                                                                            • Opcode Fuzzy Hash: 23398ae05115d4e1262c264124de9f342cb1f0c5b97b1b015063ccb49124cf79
                                                                            • Instruction Fuzzy Hash: 92219C76500200AFE721CF65C884F66FBE8EF08320F18846AED958B251D375E809CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152F81, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNELBASE(?), ref: 05153008
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: 31623e79948b29f6e9d9ae81cc83c71fd27a6c2ea8d0e2ae8a5c3e1da43dfdf7
                                                                            • Instruction ID: d6c329b1e03c3c56a6542dd4cd2f35501323481fda195449fd067ba629215dc8
                                                                            • Opcode Fuzzy Hash: 31623e79948b29f6e9d9ae81cc83c71fd27a6c2ea8d0e2ae8a5c3e1da43dfdf7
                                                                            • Instruction Fuzzy Hash: 7421AE725093809FDB128B25DC51B92BFB4EF07260F0984DADC848F263D235A908CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 010BACD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 8e1299a3bb53725c8aa05764d680483634c131135aab6a87592386ee5e1b73c1
                                                                            • Instruction ID: 0791f2eb64d4acc3a1c04b629941fa8bb2d3ad17e77ee863a3400526be01828a
                                                                            • Opcode Fuzzy Hash: 8e1299a3bb53725c8aa05764d680483634c131135aab6a87592386ee5e1b73c1
                                                                            • Instruction Fuzzy Hash: 4821A172500604EFE7219F59DC85FABFBECEF04720F14855BEE859B241D664E4098BB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05153300, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05153382
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 3e9d0687303b58078ba02c0464d34cb41ea18f96ff089a131af400dd37b6b75d
                                                                            • Instruction ID: b77a295e220adab83d49b89993c417e36c6fd141f9cc44fceff91e60cddf486a
                                                                            • Opcode Fuzzy Hash: 3e9d0687303b58078ba02c0464d34cb41ea18f96ff089a131af400dd37b6b75d
                                                                            • Instruction Fuzzy Hash: B32160765093809FD712CF25DC45B92BFA8EF46260F0984EAED95CB253D234E948CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0515158A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 051515FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: fdb7b3efa6471deefaecddadefbbd331ec5439c19e929c8138c27b70f98c7777
                                                                            • Instruction ID: b075d3e32518157a4aa53e8159c474ac39f637b8edff748e13a6becb925ec23f
                                                                            • Opcode Fuzzy Hash: fdb7b3efa6471deefaecddadefbbd331ec5439c19e929c8138c27b70f98c7777
                                                                            • Instruction Fuzzy Hash: 4F21BEB1544200EFE721DF25C884F66FBE8EF05220F18846AED859B241D7B0E408CB75
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152ABE, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05152B2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: OpenPolicy
                                                                            • String ID:
                                                                            • API String ID: 2030686058-0
                                                                            • Opcode ID: c5d0f16309d9cc221918a0ba25f82e4d38b7971efe4a7f884bd4354fd398902e
                                                                            • Instruction ID: 86206b3f24608a94176eef0be3a4ef78d7ffd3880b338da963d220ad77029699
                                                                            • Opcode Fuzzy Hash: c5d0f16309d9cc221918a0ba25f82e4d38b7971efe4a7f884bd4354fd398902e
                                                                            • Instruction Fuzzy Hash: 1821AE72500204AFEB20DF29DC84F6AFBA8EF44720F18886AEE559A241D774A4088B75
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152632, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteFile.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 051526B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: a177b467f4e5730acb8d00da6d9133a4dc385f33d042a0e4d2acbf1043e14841
                                                                            • Instruction ID: a708106204ec0da48b18990759a10ed417ccd7727245fc041005682e6758a73d
                                                                            • Opcode Fuzzy Hash: a177b467f4e5730acb8d00da6d9133a4dc385f33d042a0e4d2acbf1043e14841
                                                                            • Instruction Fuzzy Hash: 8A215E72405384AFEB228F65DC44F67BFB8EF46320F08859BEA559B252C275A508CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051501D5, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05150257
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 97863c7283b87f07b3f6d5f24397bf04856cc9e5d27533584d35947ecd332be7
                                                                            • Instruction ID: 740c5c7d500be25b24d97b1a3daa4389a09e94e92c459a6fafbdb5a6f1307759
                                                                            • Opcode Fuzzy Hash: 97863c7283b87f07b3f6d5f24397bf04856cc9e5d27533584d35947ecd332be7
                                                                            • Instruction Fuzzy Hash: F8219071509384AFDB22CF65D844B62BFF4EF0A320F09849AED858B163D375E908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 010BADD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: d09b3f41b1b904ec7a55895ef0ed90d3d846c261a4d5dc3de1e22d46a0c3dca5
                                                                            • Instruction ID: d63e45a493eb6bf9acc7de2285a2c38447d6f63cdbd85e789776ceb365bdeec1
                                                                            • Opcode Fuzzy Hash: d09b3f41b1b904ec7a55895ef0ed90d3d846c261a4d5dc3de1e22d46a0c3dca5
                                                                            • Instruction Fuzzy Hash: 68218E71600604EFE721DF29CC81FA7BBECEF05711F0485AAEE869B251D660E408CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0515283A, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 051528A4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationToken
                                                                            • String ID:
                                                                            • API String ID: 4114910276-0
                                                                            • Opcode ID: 5995e462a6d47c31dac6327591316b1a307a135867c7d259847f83639e146c2d
                                                                            • Instruction ID: 55d511fcd9f0e6323bba1d81214f73452c4b0f419a76417ff103a907e55d15fe
                                                                            • Opcode Fuzzy Hash: 5995e462a6d47c31dac6327591316b1a307a135867c7d259847f83639e146c2d
                                                                            • Instruction Fuzzy Hash: 90118972500604EFEB21CFA9DC85FABBBE8EF45320F14846BEE559B251D674A408CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05153244, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 051532C4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 5e1a4d8cd111febca5ac50eb7b614815ab7a630cdb7d29209a2031a3a0c77eba
                                                                            • Instruction ID: 72a39a71cc99338bbc2a3e22a1c3727cc2d00d7786cf2c2fd16c2d871d630ca1
                                                                            • Opcode Fuzzy Hash: 5e1a4d8cd111febca5ac50eb7b614815ab7a630cdb7d29209a2031a3a0c77eba
                                                                            • Instruction Fuzzy Hash: 1A21CF760097C09FD7128F25DC45AA2FFF4EF07220F0984DEED858B163D264A848DB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051510B1, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05151120
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 804de24d633692cb1c114d7a9887aabf1b136bf82c2e057a0c8f1e1ae0402179
                                                                            • Instruction ID: 614177e54e4a8566cc7e9b36c592ec8c7f5197967e5c0b901845731aa0ad0af2
                                                                            • Opcode Fuzzy Hash: 804de24d633692cb1c114d7a9887aabf1b136bf82c2e057a0c8f1e1ae0402179
                                                                            • Instruction Fuzzy Hash: 39219F714093C4AFD7138B25DC95B52BFA8EF43220F0880DBDD858F662D3759908CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05151733, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 051517BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 8fab3faf3e192a8acc79f364804cec5512612b46b08cf94385d3a219556ef6f4
                                                                            • Instruction ID: 2d254aee3b571c6c24f190be8206fbbbfe9a6b3728abf74140cb44a424c2ac31
                                                                            • Opcode Fuzzy Hash: 8fab3faf3e192a8acc79f364804cec5512612b46b08cf94385d3a219556ef6f4
                                                                            • Instruction Fuzzy Hash: CB21E771104380BFE721CB24DC85F66FFA8EF46720F14809AFD845B292C374A948C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BB7C9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 010BB845
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: d270bb6ce13196b4a534b0c3129eef14c76a03f6df27a1966c5b6a1f65c6ebee
                                                                            • Instruction ID: fadd167fd7fd343192530bb4ef61a460a679071eaf335fe7e98dc773fb61713d
                                                                            • Opcode Fuzzy Hash: d270bb6ce13196b4a534b0c3129eef14c76a03f6df27a1966c5b6a1f65c6ebee
                                                                            • Instruction Fuzzy Hash: 0321C071409380AFE7228E25DC80B62BFE8EF06610F0880CAED848B253D275E808CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051535F5, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05153669
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 0e73c79f9a79d4974b4cdda7dbfcd4a1f238bee27db6d75af11342d0653675a6
                                                                            • Instruction ID: d721735bc35a7a6f9cf550fb104cc3641509a635a352cf23e571d49172b3ebdf
                                                                            • Opcode Fuzzy Hash: 0e73c79f9a79d4974b4cdda7dbfcd4a1f238bee27db6d75af11342d0653675a6
                                                                            • Instruction Fuzzy Hash: 3A215E714097C09FDB238F25DC44A52FFB4EF17220F0985DAED848F163D265A958DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010BA666
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 4a95de705c14c772bce823e1cd8f1dd20c4e49172afdbae96e3f06f9dae17581
                                                                            • Instruction ID: 84c159aab4b969a509504b0df7068a867def0affe63af41bedea2c5454fe20f4
                                                                            • Opcode Fuzzy Hash: 4a95de705c14c772bce823e1cd8f1dd20c4e49172afdbae96e3f06f9dae17581
                                                                            • Instruction Fuzzy Hash: 6F118471409780AFDB238F55DC44B62FFF4EF4A210F0885DAEE858B163D275A518DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051521FE, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowA.USER32(?,00000E2C), ref: 0515226A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FindWindow
                                                                            • String ID:
                                                                            • API String ID: 134000473-0
                                                                            • Opcode ID: 2fd8d4f27afad3f533bf6d28b3244b6a3740034960a0aff3bd9d71afdabee9b2
                                                                            • Instruction ID: 614c743c110adc474a44555c4e297da9bafe7f242da1e0080a0d6157c908ba20
                                                                            • Opcode Fuzzy Hash: 2fd8d4f27afad3f533bf6d28b3244b6a3740034960a0aff3bd9d71afdabee9b2
                                                                            • Instruction Fuzzy Hash: 1D11E376500200EFEB21DF14DC81FA6FB98EF45720F1484AAEE449B281D7B4A509CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152652, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteFile.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 051526B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: 2d0431321b7044763e2b2e6cf861cc3dcb5917ab720081b190aa533ed2e6a5bc
                                                                            • Instruction ID: 85b679cf46027d5fa30f393fd33318cdf115c991d2dc35f9086141ea764172f4
                                                                            • Opcode Fuzzy Hash: 2d0431321b7044763e2b2e6cf861cc3dcb5917ab720081b190aa533ed2e6a5bc
                                                                            • Instruction Fuzzy Hash: 53119D72400600EFEB21CF55DC40F67FBA8EF55320F14856AEE559B251C674A408CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051531A3, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05153208
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 03afba5093174e429496c5b2b8b8b19ddf7dd2c2b470aadac4922185bf1cca50
                                                                            • Instruction ID: 61eb5705bc8e2c56a59ada362ba41b9b4d116608c3b7eae5cdd32db56ea706e3
                                                                            • Opcode Fuzzy Hash: 03afba5093174e429496c5b2b8b8b19ddf7dd2c2b470aadac4922185bf1cca50
                                                                            • Instruction Fuzzy Hash: C711E276009780AFDB228F21DC40A62FFB4EF0A220F0884DEED858B563C275A458DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05151756, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 051517BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 6228fa0832c97557950e4857c108362ce9e883d78230953c5acd99497392f3d0
                                                                            • Instruction ID: e5f3646895441e26e17e46bc3e6c43a23f45a51c94bf60b05ea2060f10a6e315
                                                                            • Opcode Fuzzy Hash: 6228fa0832c97557950e4857c108362ce9e883d78230953c5acd99497392f3d0
                                                                            • Instruction Fuzzy Hash: 1B11E175540200FFE721EB29DC81FB6FB98EF45720F14849AEE445A281D7B4A548CA76
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051538E3, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0515394D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 788ddee5dfb4c036eb845e848ffaf0993d408018a2b40aab6d864c47a1815a14
                                                                            • Instruction ID: 5fb9e74ab69b10c2c55b3b3d1e678fa93d250de21342abfbda623f9ae3229881
                                                                            • Opcode Fuzzy Hash: 788ddee5dfb4c036eb845e848ffaf0993d408018a2b40aab6d864c47a1815a14
                                                                            • Instruction Fuzzy Hash: 1F11DD72409780AFDB228F25DC45F62FFB4EF06324F08849EED858B263C275A418DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051530FC, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 0515315B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 17e5d0b1aba60474ad5c06eed69c9c8f2386113d3567055ddfec6407c972864d
                                                                            • Instruction ID: 176c4eef157b988f372b5199a7850992bf7491e06113cdc09611a99bf4fc5d97
                                                                            • Opcode Fuzzy Hash: 17e5d0b1aba60474ad5c06eed69c9c8f2386113d3567055ddfec6407c972864d
                                                                            • Instruction Fuzzy Hash: 3411BC75509384AFD7118F25CC84F62FFE8EF06220F0880AEED458B262D278E908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0515333A, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05153382
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 0b849676a6d0b6922b442f2ad2bb268e8c13d965a628128fb10f942cccdfd45a
                                                                            • Instruction ID: 62a1c12f4f2686135b6f229b39b2e0711fffca295111d019bfb1425081600502
                                                                            • Opcode Fuzzy Hash: 0b849676a6d0b6922b442f2ad2bb268e8c13d965a628128fb10f942cccdfd45a
                                                                            • Instruction Fuzzy Hash: 3F118272504600DFD760CF29D844B66FBD8EF04260F08846ADE59CB241D774E408CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05150206, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05150257
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: c8af9714f5b3a3322814e9d90ea59c23bd5db186dc29342a478a5122cb438bbc
                                                                            • Instruction ID: 1fa6b0564266fe5e8e7bbef62c722ce7824e4f0f03d909459c332816c9c6e402
                                                                            • Opcode Fuzzy Hash: c8af9714f5b3a3322814e9d90ea59c23bd5db186dc29342a478a5122cb438bbc
                                                                            • Instruction Fuzzy Hash: 6E115A71504604DFDB20CFA5D888B66FBE8FF48320F4884AAED498B212D375E408CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051524C2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E2C,6B9AA088,00000000,00000000,00000000,00000000), ref: 05152515
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: 2d00c245c220786c327ec85dcf5fa7380b8081179e287de940d9647f9759449f
                                                                            • Instruction ID: 07a37b632f1ec1d23b98cd5162123ecdc6fa57da078e5b0e6bbbccc51e47b8c0
                                                                            • Opcode Fuzzy Hash: 2d00c245c220786c327ec85dcf5fa7380b8081179e287de940d9647f9759449f
                                                                            • Instruction Fuzzy Hash: BF01D276500604EFE720CB15DC85FA7FB98EF45720F148097EE559B241C7B8A5088AB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA42A, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(?), ref: 010BA480
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: b1b6fbb310a7fd45618eb831419b06228312d6701ed2871cfcbbe8680da92831
                                                                            • Instruction ID: b107736601c63926a4388e58a5ccf26843210f0437453dd1f53c21efac409d9d
                                                                            • Opcode Fuzzy Hash: b1b6fbb310a7fd45618eb831419b06228312d6701ed2871cfcbbe8680da92831
                                                                            • Instruction Fuzzy Hash: 54118E71409384AFD7228B15DC84B62FFB8DF46220F0880DAED858B253D279A808CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 010BAF50
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 86bdb980eb1bfb275a55e3c64bd79530090ebe528801b2b46ace0dec2c697504
                                                                            • Instruction ID: 74ea020d319bfe3968989cdaacffe32db80a496efd4a46f951aa4677d293f7eb
                                                                            • Opcode Fuzzy Hash: 86bdb980eb1bfb275a55e3c64bd79530090ebe528801b2b46ace0dec2c697504
                                                                            • Instruction Fuzzy Hash: 67118C72405784AFDB228F55DC84A52FFF4EF4A220F08859AEE854B262C375A818CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0515327E, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 051532C4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 954908da6630b3dd9ae362b17de13857e04117607e1d5af6cd3e3f5023229ddd
                                                                            • Instruction ID: a9adab1130ed8013587ae2b4d1410a02653feec53de8e51876352a26ea2e410c
                                                                            • Opcode Fuzzy Hash: 954908da6630b3dd9ae362b17de13857e04117607e1d5af6cd3e3f5023229ddd
                                                                            • Instruction Fuzzy Hash: 9101AD35500A00DFDB20CF19D885B66FBE4EF05220F0884AAED668B611D371E418DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152FCE, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNELBASE(?), ref: 05153008
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: 17a0b4075ade8a90c181f5ad5369ff4cc0acaba40e06d1c6d382c71cce7fbf62
                                                                            • Instruction ID: c800a976b4b4526c53db968a8a72972db3800e767f7ea7e6561bd335ffccd8e0
                                                                            • Opcode Fuzzy Hash: 17a0b4075ade8a90c181f5ad5369ff4cc0acaba40e06d1c6d382c71cce7fbf62
                                                                            • Instruction Fuzzy Hash: 60019E71500240DFDB10CF29D885766FFD8EF45620F18C4AADD19CB242D679E908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BB7FA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 010BB845
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: bb21740e4c0d38334dd6020db9bd4170d0cd4fa6215fb8cb0f800a77ec5dd191
                                                                            • Instruction ID: 44653189a49eb5ae86bc0d822bfa090fdcbbc3c4891e191943327034da89c7ce
                                                                            • Opcode Fuzzy Hash: bb21740e4c0d38334dd6020db9bd4170d0cd4fa6215fb8cb0f800a77ec5dd191
                                                                            • Instruction Fuzzy Hash: 440192715006009FD760DF19D885B66FFE4EF14620F08C09ADD898B212D275E408CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010BA666
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 81e20135c658ce1dc8d9bd151b015267faeef78ee45c5c20fe4d3668b869fe59
                                                                            • Instruction ID: 5518db83208d7b1abd62feb19907934feb5b2ecbc84b71908ecd8dd950154e16
                                                                            • Opcode Fuzzy Hash: 81e20135c658ce1dc8d9bd151b015267faeef78ee45c5c20fe4d3668b869fe59
                                                                            • Instruction Fuzzy Hash: DD018071900600EFDB228F55D884B56FFE4EF4C320F08C9AADE894B612D275E418DF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0515311E, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 0515315B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 7b66f43652582f974b4fb13e5de7ca093179bfc8b61fcd23358e86c9531f5692
                                                                            • Instruction ID: 08547d6796725d828c94ee43d2e26ed064047548ec11ace588ac3cee7491f61d
                                                                            • Opcode Fuzzy Hash: 7b66f43652582f974b4fb13e5de7ca093179bfc8b61fcd23358e86c9531f5692
                                                                            • Instruction Fuzzy Hash: 4101BC75600240DFDB20CF29D884B66FBE8EF05260F18C4AEDD698B652D375E808CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 010BA346
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: 73c75df64895c2545d77e21fb91ba807a194773483839d1777bc24d88b72effa
                                                                            • Instruction ID: 3b32d23dd4a6f4b439bc01941f0917b083086e9503b5bc61d34ad1ed5c10232b
                                                                            • Opcode Fuzzy Hash: 73c75df64895c2545d77e21fb91ba807a194773483839d1777bc24d88b72effa
                                                                            • Instruction Fuzzy Hash: 38014B76500600ABD610DF16DC86B26FBA8EB89A20F14815AED085B741E375F916CAA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051516BA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 0515170A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 9a4e697f4b4fdfd48fc45e84246423dabbef9872312b6244c0e97535001fef16
                                                                            • Instruction ID: e0a05e692e3830dcaed981d02c0767ec99bfa57ad5868a8a257fd7186a2f8f51
                                                                            • Opcode Fuzzy Hash: 9a4e697f4b4fdfd48fc45e84246423dabbef9872312b6244c0e97535001fef16
                                                                            • Instruction Fuzzy Hash: 4E014B76500604ABD210DF16DC86F26FBA8EB89B20F14815AED085B741E375F916CAA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051531CA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05153208
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 8f11d72e4c95b8cf4e4c380c67514574713b82a7b25b55801af15c82c9cc7b4b
                                                                            • Instruction ID: abdf8195d2ef8542e2e26d7f2d4b830b33b92358de16e836b4add86b8256685e
                                                                            • Opcode Fuzzy Hash: 8f11d72e4c95b8cf4e4c380c67514574713b82a7b25b55801af15c82c9cc7b4b
                                                                            • Instruction Fuzzy Hash: E8019E35500A40DFDB208F55D884B66FFA5EF09320F08C49EDE554B621D375E418DF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051510EE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05151120
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: f7015f55d93dfbb924081b89e7bf26249f31d5527b15de9d19d5fde09d58ccf4
                                                                            • Instruction ID: 33e59883d52396f4c271125f1d565e0d5190f2cb6edb98dcba8869d78e8456e1
                                                                            • Opcode Fuzzy Hash: f7015f55d93dfbb924081b89e7bf26249f31d5527b15de9d19d5fde09d58ccf4
                                                                            • Instruction Fuzzy Hash: 6101DF71540244EFDB21CF29E885766FF94EF45230F18C4ABDD498B202D275A408CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05153912, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0515394D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: ceb791073901e8a9a57a4c46358c7810b773ec4d0780a1a2a660fa0ef5b54eba
                                                                            • Instruction ID: a0eb4f67f2fe0dbeb51ef57f031b7d3e68149a6e3b83688cef1b926b776d9e8a
                                                                            • Opcode Fuzzy Hash: ceb791073901e8a9a57a4c46358c7810b773ec4d0780a1a2a660fa0ef5b54eba
                                                                            • Instruction Fuzzy Hash: B8019A76500600DFDB208F15D884B66FFA4EF09320F0884AADE5A8B662C375E458DBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 010BAF50
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 50045c4e0063272dd9bcb3c5460006444ea4c05e3f3c6578655ae55a1df99f09
                                                                            • Instruction ID: 19b3b2d15310fcb8ae0cb5b5d8ec9c1761f3d65ae7d99850596dcad7361f5dc3
                                                                            • Opcode Fuzzy Hash: 50045c4e0063272dd9bcb3c5460006444ea4c05e3f3c6578655ae55a1df99f09
                                                                            • Instruction Fuzzy Hash: 84018F71500600DFDB218F55D884BA6FFE0EF18320F08C59ADE890B662D3B5A418DFB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0515362E, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05153669
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.298734557.0000000005150000.00000040.00000001.sdmp, Offset: 05150000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: a2ff68fdf8cb7dce0415cf2e9481b306517ced12a985a8ec4ae2859b8cb3f644
                                                                            • Instruction ID: cc35866d62df4953586e2d7035369a3689dea4069f114bc0e5741e764660990d
                                                                            • Opcode Fuzzy Hash: a2ff68fdf8cb7dce0415cf2e9481b306517ced12a985a8ec4ae2859b8cb3f644
                                                                            • Instruction Fuzzy Hash: 6B017831800604DFDB218F55D884B66FFA0EF18360F18849EDE590B226D3B5A518DBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(?), ref: 010BA480
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293963264.00000000010BA000.00000040.00000001.sdmp, Offset: 010BA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: b2668d8a78b9c64852657a46d2e8be3b280973f344c2765685ccf4f4428c54d8
                                                                            • Instruction ID: 1f789d49e05d2b5d1195dd75d990f64bf2300e4bc62e63dc5faae4b46cac2366
                                                                            • Opcode Fuzzy Hash: b2668d8a78b9c64852657a46d2e8be3b280973f344c2765685ccf4f4428c54d8
                                                                            • Instruction Fuzzy Hash: 3AF0A435504644DFD7108F19D888766FFD4DF45320F18C0AADD894B216D7B9A408CE62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B48DC5, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 84
                                                                            • API String ID: 0-4024618266
                                                                            • Opcode ID: cebe4d233e34684f8c5c5bcd684e6e92760c35692266b0c2187a3ee4294ecfc2
                                                                            • Instruction ID: 3e2367a38ac28072642ed155531769090d4fc6d71e71b72e4215913cbb949016
                                                                            • Opcode Fuzzy Hash: cebe4d233e34684f8c5c5bcd684e6e92760c35692266b0c2187a3ee4294ecfc2
                                                                            • Instruction Fuzzy Hash: 2CE09A74105281DFC7618F30D9908A57BB1FF16301BA80BC9C8578B25ADB3299A1EF4A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B48DF2, Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 84
                                                                            • API String ID: 0-4024618266
                                                                            • Opcode ID: e0320cb1726d2ecd38d529b32f530ca2fa13ef2f0cc271dae02ddea59faa4a2b
                                                                            • Instruction ID: cb33ac5aa744513c80e0b67a2b6717ce854b6f0fa51758d8fa12ae1ee578d4fa
                                                                            • Opcode Fuzzy Hash: e0320cb1726d2ecd38d529b32f530ca2fa13ef2f0cc271dae02ddea59faa4a2b
                                                                            • Instruction Fuzzy Hash: 0AD06C74602324CFC7A98F60C6949987BB2FF0A312F1046D9E40A5B295CB36E990CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4CA14, Relevance: .3, Instructions: 265COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 42322a9e5fb6bdfbadf0e99e7c06dc83b19ef9dc43a93a8c89fa470b99185b87
                                                                            • Instruction ID: 1cde473f6b5fd909f3404a58545a56d7c53fe341e549825ca157d095f4e003ed
                                                                            • Opcode Fuzzy Hash: 42322a9e5fb6bdfbadf0e99e7c06dc83b19ef9dc43a93a8c89fa470b99185b87
                                                                            • Instruction Fuzzy Hash: F7C12674E01258DFCB10DFA9C590AACBBB2FF49308F20929AD415AB345CB74AE42DF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B464B1, Relevance: .2, Instructions: 211COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 90f1727e4e3c989df648b5f92d88fb4b1866e0a556c2edffcb5bfde22761e296
                                                                            • Instruction ID: a7515def903eda66ff49bdaa720ec4ea2d1dfc8479df31700167985fa7afb847
                                                                            • Opcode Fuzzy Hash: 90f1727e4e3c989df648b5f92d88fb4b1866e0a556c2edffcb5bfde22761e296
                                                                            • Instruction Fuzzy Hash: 34911570D00229DFDF24CFA5C984BEDBBB2BF46304F1481A9D508AB251DB71AA86CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C4B8, Relevance: .2, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 197a36984c6de2f3b83b5d512632a7f3067a8650658b02881df3b55b4254fdc0
                                                                            • Instruction ID: 385b98be4c4ae81307d921de9dcce7571519e1021b7426882f43fc2772c7059a
                                                                            • Opcode Fuzzy Hash: 197a36984c6de2f3b83b5d512632a7f3067a8650658b02881df3b55b4254fdc0
                                                                            • Instruction Fuzzy Hash: 00815AB1D02348DFCB14DFA8E59499CBFF1FB48704B54A0AAE416EB268EB759900DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C493, Relevance: .2, Instructions: 171COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 75ec37a5d921cbc01f2b7262ed8e53d1d0227fd3ee51d666825df639b3de8e1f
                                                                            • Instruction ID: 67ac5c512261ca429cedeeb70a7f1d2a92b1dfa20c054e9ec1175b188f20d8c3
                                                                            • Opcode Fuzzy Hash: 75ec37a5d921cbc01f2b7262ed8e53d1d0227fd3ee51d666825df639b3de8e1f
                                                                            • Instruction Fuzzy Hash: 53817CB1902348DFCB14DFA8E59899CBFF1FB4C704B5490AAE456EB269DB309901CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46990, Relevance: .2, Instructions: 171COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d63eb5ac85829c28a2b8a91dfaac91d5496c3d72ba54fefef221163324caf94f
                                                                            • Instruction ID: e861744d12d86f5e1008111c399f22aeb06053490a5631f962f6b08b51d0f051
                                                                            • Opcode Fuzzy Hash: d63eb5ac85829c28a2b8a91dfaac91d5496c3d72ba54fefef221163324caf94f
                                                                            • Instruction Fuzzy Hash: D6515D70E002199FDB18DFA9D890BAEBBB6BF89300F24846AE545BB354DF705D41CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C522, Relevance: .2, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 83ac67a9565bf04d93112470c0ec2c483217b3369e97005333d7487f515def98
                                                                            • Instruction ID: 4d830df87abdc82d705a7f178dac236fe4ce0c4ec8b49f23e71c6fbd8ca7ed48
                                                                            • Opcode Fuzzy Hash: 83ac67a9565bf04d93112470c0ec2c483217b3369e97005333d7487f515def98
                                                                            • Instruction Fuzzy Hash: 13818EB1902348DFCB14DFA8E59499CBFF1FB4C718B5494AAD406EB268DB319900CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B45D50, Relevance: .1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec72b0df6dfe72ed29084d195c86c8dd9daa5f73a73bf3edf4e98552a51dfb98
                                                                            • Instruction ID: bc8f8cfabd0e7ff654d336502fbb3a823a8b39779c3fed5d818b7dc85c92deb3
                                                                            • Opcode Fuzzy Hash: ec72b0df6dfe72ed29084d195c86c8dd9daa5f73a73bf3edf4e98552a51dfb98
                                                                            • Instruction Fuzzy Hash: 1D41A274E012089FCB44DFA9C494AAEBBF2FF88300F24806AE859A7354DB316941CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46A50, Relevance: .1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 78ccf99e3b72831bef07f4abdf832a50c19aa55cfdbb5c45620bc17edf767cd6
                                                                            • Instruction ID: e94f9a01bb8b98a54f92e91f1b7fbcb5d653ae97834a9f3747c55aae744e48e8
                                                                            • Opcode Fuzzy Hash: 78ccf99e3b72831bef07f4abdf832a50c19aa55cfdbb5c45620bc17edf767cd6
                                                                            • Instruction Fuzzy Hash: 2741D474E012189FDB18DFA9D995AEEBBF2BF89300F24902AE905B7354DB315842CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B45D60, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c61853b214c7c5625bc93f5acb5ecfc5a959ea25b7422f5a0d191029f74abd0a
                                                                            • Instruction ID: 2b978137143099a7654266c9ee9d0c98726ce95891b54e719ccef28d3e5da5ab
                                                                            • Opcode Fuzzy Hash: c61853b214c7c5625bc93f5acb5ecfc5a959ea25b7422f5a0d191029f74abd0a
                                                                            • Instruction Fuzzy Hash: C84172B4E01208DFDB44DFA9C594AADBBF2FF88300F24816AE819A7354DB356941CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A9566D, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 403e8483a16ed3806eb7ebe7528905067b427b16e9e1671e23176c2ab174fa53
                                                                            • Instruction ID: 9e1e4eb24e01be848eb0c88edfe5d2edf8c02a681c088996efe7a7aeec07f67d
                                                                            • Opcode Fuzzy Hash: 403e8483a16ed3806eb7ebe7528905067b427b16e9e1671e23176c2ab174fa53
                                                                            • Instruction Fuzzy Hash: 4441F574D4522ACFDB65CF25CA45BE9BBF1AB49300F4145E9C529A7240EB349E80CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A955DF, Relevance: .1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc561083888c62e46c33ed61d089ca5d5e6638eda6c4df00f404585062ba76d7
                                                                            • Instruction ID: 271d2c705047f58b1f3719ffed613bb8d05b21c6bb86252ac1596d1f60caf2b4
                                                                            • Opcode Fuzzy Hash: bc561083888c62e46c33ed61d089ca5d5e6638eda6c4df00f404585062ba76d7
                                                                            • Instruction Fuzzy Hash: A641C074D5022ACFDB65CF65C984BE9BBF2AB99300F5045E9C529A6250EB309A81DF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A92B63, Relevance: .1, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a37dc87d6abfb1b9f33650b3a034b6723366ef1b65e4507cee1b3467224989d7
                                                                            • Instruction ID: cee884d33d06eb8c9d59ec2d003462b993f1102759de091b12ccd287d24f5250
                                                                            • Opcode Fuzzy Hash: a37dc87d6abfb1b9f33650b3a034b6723366ef1b65e4507cee1b3467224989d7
                                                                            • Instruction Fuzzy Hash: F431E3F19193C19FDB038F7588A5799BFB89F76204B5801DECC80DA147EA39D146CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B49CD0, Relevance: .1, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3b5ffd2aee7237fdf08317d382d76d31ad98cdea6fc43a263312d65667c34afb
                                                                            • Instruction ID: 4d09e8255ac5661241b2f05b4cf7280b573678e20aa8a9dc237aaa126e3ecab3
                                                                            • Opcode Fuzzy Hash: 3b5ffd2aee7237fdf08317d382d76d31ad98cdea6fc43a263312d65667c34afb
                                                                            • Instruction Fuzzy Hash: 6531F774E04649EFCB04CFA9C584AAEFBF1EF89314F15C4A6D405AB251E6349A41DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B480A8, Relevance: .1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c00f2649fb01b3ab139113770ce8d4c13992b831accc5d42c5719acc95cbcf90
                                                                            • Instruction ID: e73e59040aff90edd6c892c2f600e5cbca77c5b2ec8af25d3b45f42085cc9437
                                                                            • Opcode Fuzzy Hash: c00f2649fb01b3ab139113770ce8d4c13992b831accc5d42c5719acc95cbcf90
                                                                            • Instruction Fuzzy Hash: 433126B4D142199FCB44CFAAC8809AEBBF2FF88300F00D59AD455AB314C779AA41DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B480B8, Relevance: .1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e626f0ed83954f37ddfb7175a35d3d24ad1282015919b09880f95d95f400d047
                                                                            • Instruction ID: ee06041ade970f3e6e56b49730536318ea762a3259c74b68f944f6a61caa1882
                                                                            • Opcode Fuzzy Hash: e626f0ed83954f37ddfb7175a35d3d24ad1282015919b09880f95d95f400d047
                                                                            • Instruction Fuzzy Hash: 2131F5B4D14219DFCB44CFAAC8809AEBBF2FB88300F10959AD815AB354D775AA41DF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B49EE9, Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f6b53af3b397e9d3855746b16fa6ce5ce50e688dd6f04ab97184570464d1498
                                                                            • Instruction ID: 65cd00e8456af17322c2e962bfc021d77b6d9af6d3fec5aa3db5a69c924c4f0b
                                                                            • Opcode Fuzzy Hash: 8f6b53af3b397e9d3855746b16fa6ce5ce50e688dd6f04ab97184570464d1498
                                                                            • Instruction Fuzzy Hash: F1314770E0460ADFDB04DF99C5C06AEBBB2FF84300F10C6AAD416AB255DB74AA40DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B40006, Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d7226970a384fa339a63e5cb96c7c65455ae66217360fe0a655a3e6362a1ea3
                                                                            • Instruction ID: 590f42a19a1e945ed0a1e1e321ae62e613f34329bb61d2493fde83d6ab72d99f
                                                                            • Opcode Fuzzy Hash: 2d7226970a384fa339a63e5cb96c7c65455ae66217360fe0a655a3e6362a1ea3
                                                                            • Instruction Fuzzy Hash: A421A96148E3C18FC3139B7488656AA7F70AF53110B0E44DBC4E08F2A3D62C5E1ADB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90070, Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1a9fccbb44963b128dac4a56561bdaf74c8a4f2ce9d7d13732bad71161d09a35
                                                                            • Instruction ID: 7c838e65fde703a3b40343bbe8fb23d03f4bebfda1a08561795a5370d046993e
                                                                            • Opcode Fuzzy Hash: 1a9fccbb44963b128dac4a56561bdaf74c8a4f2ce9d7d13732bad71161d09a35
                                                                            • Instruction Fuzzy Hash: E531C5B8D012298FDBA4DF26C888799BBF6BB99304F1081E9D44DA3254DF345E85DF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A956AC, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c8f6d5c4aca31afeb3f3b60f762b2f5881d6ef02bdbe7d68cec47b4b33cb4354
                                                                            • Instruction ID: 7e07b81354c832fbb8181c2e9cd0a10fd2b7fa91374dcb8052a8110878ce5020
                                                                            • Opcode Fuzzy Hash: c8f6d5c4aca31afeb3f3b60f762b2f5881d6ef02bdbe7d68cec47b4b33cb4354
                                                                            • Instruction Fuzzy Hash: 9F31E474D5022ACFDB64CF65C980BA9B7F2FB89300F5044E9C919A7654EA309E85DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A955C8, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e0a3c5f574d4501567bc4a073e718538c18bcc7f5c6c6ff734f4faca760ea26f
                                                                            • Instruction ID: 1c0e1faa221219e91cfc7ecbe4a31403714c0bbca988be0b53674c3640bd2611
                                                                            • Opcode Fuzzy Hash: e0a3c5f574d4501567bc4a073e718538c18bcc7f5c6c6ff734f4faca760ea26f
                                                                            • Instruction Fuzzy Hash: AB310674D5022ACFCB64CF65C980BA9B7F2FB89300F4044E9C519AB650EA309E85DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A92BDF, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7fd7f4112d310fcb09225e6ff4d0305ceaa2679f810d6b044c8a984889c5e418
                                                                            • Instruction ID: cadbbf5da85cdcde5361e41efd3513864d0da5c4edda4c6f08adb8095404d3ca
                                                                            • Opcode Fuzzy Hash: 7fd7f4112d310fcb09225e6ff4d0305ceaa2679f810d6b044c8a984889c5e418
                                                                            • Instruction Fuzzy Hash: A93103A191D3C15FE7038FB588A9795BFB89E67104B5D00DECC80CB10BDA2AD146CB65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4CECA, Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6be5ecd14f9972e8a216dffe5ed55e3e08609479d2788939074ed38c2863f544
                                                                            • Instruction ID: 3af9a20860ced375c8d09135d16b643535bc25776f8c8fc5262a5de75ea3dd2b
                                                                            • Opcode Fuzzy Hash: 6be5ecd14f9972e8a216dffe5ed55e3e08609479d2788939074ed38c2863f544
                                                                            • Instruction Fuzzy Hash: D0214874D0A2498FCB05CFA4C5902EEBFB2FF8A300F1491AAC845A7355DB385A01DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B45C90, Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4fdc4bd999675f5f77e361b4e721b3c7d66dcf10b7176205eef4d3c4be5c71ed
                                                                            • Instruction ID: 43ff0cdfd6ab3565acff8d3820754053e14a1d93b20806044b126656bd670baa
                                                                            • Opcode Fuzzy Hash: 4fdc4bd999675f5f77e361b4e721b3c7d66dcf10b7176205eef4d3c4be5c71ed
                                                                            • Instruction Fuzzy Hash: 7521AEB4D01609DFCB04DFA9C580AAEFBF1BF58300F6095AAD404B7250E774AA81DFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B49BD9, Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7932a272c714b3fccd17e4836b8ac712c2a88610a040a64cd4ba3ab0a533f388
                                                                            • Instruction ID: fdc26dccb7b2496d177e57bbacfd87591ee344b15eab6c4f1c40264d70b2167d
                                                                            • Opcode Fuzzy Hash: 7932a272c714b3fccd17e4836b8ac712c2a88610a040a64cd4ba3ab0a533f388
                                                                            • Instruction Fuzzy Hash: A22136B0D04659DFCB04CFA9C584AAEBBF1FF89344F1094AAC411AB215E7349B41EF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B481E1, Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fa6c5a55186325070f0eb00a6e70e7018cb44bf8182f0747932cf524d50999cc
                                                                            • Instruction ID: c7f0c215a8426094717c2c2a910e48e3b0f6dfd63388cd566adb8f250a845839
                                                                            • Opcode Fuzzy Hash: fa6c5a55186325070f0eb00a6e70e7018cb44bf8182f0747932cf524d50999cc
                                                                            • Instruction Fuzzy Hash: 922147B4D04609DFCB04CFA9D8819AEFBF5FF49300F1099A9C854AB225D730AA41DF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AD1C60, Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294217374.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d72b084a535f0490e8556a679fdb697c7da6c3582fc0fa9353826122a5bee9f0
                                                                            • Instruction ID: 711450ad471dca85a8e867bf82eda044041c3e21e403df0a42ccb9060e79c1b4
                                                                            • Opcode Fuzzy Hash: d72b084a535f0490e8556a679fdb697c7da6c3582fc0fa9353826122a5bee9f0
                                                                            • Instruction Fuzzy Hash: 6411EDB5508301AFD340CF19D840A5BFBE4FB88664F04895EF998D7311D331E9048FA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A3075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294165323.0000000002A30000.00000040.00000040.sdmp, Offset: 02A30000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 12bcb7abaabc0b020e51f408caa22bb1227d473e641156b8117096b2ec4a877b
                                                                            • Instruction ID: 89610b5a13598a72f5b0f9c05c98a2b5a366ca5b1d1fda50f09e4937ab9611f4
                                                                            • Opcode Fuzzy Hash: 12bcb7abaabc0b020e51f408caa22bb1227d473e641156b8117096b2ec4a877b
                                                                            • Instruction Fuzzy Hash: 5C11B434204744EFD716CB24C984B26BBA5AB88B08F24C99DF9491B653CB7BD803CE51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010CADBC, Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293980068.00000000010C2000.00000040.00000001.sdmp, Offset: 010C2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d927ee753ce5d958766a7ba3a9717db906d4fd0bf73f59b4ec66eec4349f413a
                                                                            • Instruction ID: 6bcd826b099e7e878d3c0f0a954f47e755e28c03edd0586ed333ae867d149696
                                                                            • Opcode Fuzzy Hash: d927ee753ce5d958766a7ba3a9717db906d4fd0bf73f59b4ec66eec4349f413a
                                                                            • Instruction Fuzzy Hash: 3811ECB5608301AFD350CF09DC40E5BFBE8EB98660F14891EFD9897311D271E9088BA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B45E97, Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4ad77aeacde43ee563ca21ba40a6c9aeb9f78f2bfe09e609d0ab4ef81c430318
                                                                            • Instruction ID: c3d30b2c8a0c90ca701e963a1ee81a8a9ef70f7543ecaf63ebb172289762cbc3
                                                                            • Opcode Fuzzy Hash: 4ad77aeacde43ee563ca21ba40a6c9aeb9f78f2bfe09e609d0ab4ef81c430318
                                                                            • Instruction Fuzzy Hash: B3111674E002499FCB14DFA9C850AEEBBF2EF89300F20816AD615B3394DB355A41CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B45C81, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b45f1d086fe2a79f9909c76aa607a6875e25f00c3e33d579f8cc349b91eec9a3
                                                                            • Instruction ID: 0e9d9a2dadad677422d304b06ff7836a9fc769edd824d3c1e237d25ecef13fc8
                                                                            • Opcode Fuzzy Hash: b45f1d086fe2a79f9909c76aa607a6875e25f00c3e33d579f8cc349b91eec9a3
                                                                            • Instruction Fuzzy Hash: 581100B4D05619DFCB18CFAAC5847AEBBF1EF49304F2080AAC808A7311D7749A41DF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B45EA8, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c8d923220d9dc7fc2f8f9119cfd4d217a7f23b62c4b578092c563eed851fa9b0
                                                                            • Instruction ID: 690dd13637c6017aadf980af09e1a89855b81bc4acb4fbeb9076417c2295e077
                                                                            • Opcode Fuzzy Hash: c8d923220d9dc7fc2f8f9119cfd4d217a7f23b62c4b578092c563eed851fa9b0
                                                                            • Instruction Fuzzy Hash: 2C11E874E002099FDB04DFA9C940AAEFBF2EF88300F208169DA15B3394DB359A41CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94E59, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5acc03d539d94a46c8be75d98f0f0976a8f1016edb95c6c5aff8b0e0183dbf0c
                                                                            • Instruction ID: 6ecba3f11448954994e67a41f2eebe7e3a26ed35ada84e1171ee7b99736c4232
                                                                            • Opcode Fuzzy Hash: 5acc03d539d94a46c8be75d98f0f0976a8f1016edb95c6c5aff8b0e0183dbf0c
                                                                            • Instruction Fuzzy Hash: D701DF34D04308DFDB08DFB5D985AAEBBB6FB8A300F0081A9C464A7345DB359A42CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94E68, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b538cbadc64765021ef47ed909b5d10c75cbe1578c81af9955a0225cc469fd86
                                                                            • Instruction ID: de7452618f79b05e7e5b9ca9c89b8d19d1dbbdf14ad240c98f74347830d895ba
                                                                            • Opcode Fuzzy Hash: b538cbadc64765021ef47ed909b5d10c75cbe1578c81af9955a0225cc469fd86
                                                                            • Instruction Fuzzy Hash: 36016D74D04309DFDB08DFA6D9946AEBBB9FB89300F1094A9D455A7344DB359A42CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A9037D, Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 39a5d2295b4a9e19ff56ba40774aec60eb7b82b9fc26fb0c2734ed5d2f262c97
                                                                            • Instruction ID: 2ad26881202315bb6bc780f31c3144ba0817fb574a20f07d2612c0a9fe74a0fc
                                                                            • Opcode Fuzzy Hash: 39a5d2295b4a9e19ff56ba40774aec60eb7b82b9fc26fb0c2734ed5d2f262c97
                                                                            • Instruction Fuzzy Hash: 91119A74A153288FCBA5EF25C9987ADBBF6AB48310F5041E9A48AA3344DB311FC5CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90122, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dce31127018e169c8dda0c6c44c287afea5f49fc7f1e181481a01528eecd2db8
                                                                            • Instruction ID: aa6cbb2d84a8f1ca6ab763ba515b346f4165582923bd179a294c711c20a9fce0
                                                                            • Opcode Fuzzy Hash: dce31127018e169c8dda0c6c44c287afea5f49fc7f1e181481a01528eecd2db8
                                                                            • Instruction Fuzzy Hash: 11118674A4121ACFDB64DF25D858799B6B2BB48355F1081EA949EA3344DA344E84CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4EE31, Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a28231cfac3920b3c6ce28083b142524d4baa65c9057d233b0cf2471dd9dbe15
                                                                            • Instruction ID: a51d435cf86a17ffc9031e6a1f405344dd6cdd9311d14c55c3830096b158c46f
                                                                            • Opcode Fuzzy Hash: a28231cfac3920b3c6ce28083b142524d4baa65c9057d233b0cf2471dd9dbe15
                                                                            • Instruction Fuzzy Hash: 7101EF35E46208DFCB44CFA8E6805CDBBF2FB8D350F20A4AAE215A7204DB319A058F54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4C660, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 455bc1f8fded79a6747988154647110ddcbcaf7a8dd96028c284b4fdb20573f0
                                                                            • Instruction ID: 4630efdaa9bae84732bc4ca07dcc1a660e26e2a7e2519e69254740184715b6e6
                                                                            • Opcode Fuzzy Hash: 455bc1f8fded79a6747988154647110ddcbcaf7a8dd96028c284b4fdb20573f0
                                                                            • Instruction Fuzzy Hash: F0112971A00209CFCB10DFA4D494A9DBFB1FB48318F609119E955DB358DB759802CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90B94, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: af35713520ad21ef68597423d8e50da65b54824b8515bdb687b2686d0618e6b3
                                                                            • Instruction ID: 3c7198194c2ae27925f3be09eae9f84cabcb3f93bbdd00f5bdd5543fcac8f98f
                                                                            • Opcode Fuzzy Hash: af35713520ad21ef68597423d8e50da65b54824b8515bdb687b2686d0618e6b3
                                                                            • Instruction Fuzzy Hash: 47119BB4901668CFDBA0DF64CD887DEBBB1AB89306F1041DA944AAB354DB354EC1CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A96BE7, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e76564170a107249e57af7b685644dcead54b6e86aa0abcd9bfde8655383bb2
                                                                            • Instruction ID: f13f0c2d08284f9f7362c620254e6df9661977612d828b8a32dec9434eb21c38
                                                                            • Opcode Fuzzy Hash: 6e76564170a107249e57af7b685644dcead54b6e86aa0abcd9bfde8655383bb2
                                                                            • Instruction Fuzzy Hash: 96F0AF70D04209AFDB44EFBDC8956AEBBB1FF89200F0084A9D489A3242DF345941CF84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E6FE, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5c8c05ed615c75387493c6f34631a3238b81c5c802d913c23cc7bd0831b92462
                                                                            • Instruction ID: fdaf2ddd2f5b335d57f2f01e0c80249dc47c728bf85b96ac2f8f159499b1064a
                                                                            • Opcode Fuzzy Hash: 5c8c05ed615c75387493c6f34631a3238b81c5c802d913c23cc7bd0831b92462
                                                                            • Instruction Fuzzy Hash: 6E115A74E002288FDB64DF64D884B98BBB2BB49304F5081EAD84DE2345EB355E819F10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B49CE0, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4fd97c0209c69bea23176be67f2100e253614f46915b9134745935df3a3e4e4f
                                                                            • Instruction ID: df334c9714a4cad64c56c305bebf6b4285abf299b8c6a824ff5f09686850b8ad
                                                                            • Opcode Fuzzy Hash: 4fd97c0209c69bea23176be67f2100e253614f46915b9134745935df3a3e4e4f
                                                                            • Instruction Fuzzy Hash: C3F0C438A00208AFCB04DFA9C988A9DFBF1EF88200F05C495D908AB365DA35E950CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A904C4, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9702a240ba1e41787ef0c09157234eee47d8c634ea88a0bbda099d6cd7d357d4
                                                                            • Instruction ID: 7aedf11f36652a704ae460875ea0ad76f18056cf05739944adcc47b27375098e
                                                                            • Opcode Fuzzy Hash: 9702a240ba1e41787ef0c09157234eee47d8c634ea88a0bbda099d6cd7d357d4
                                                                            • Instruction Fuzzy Hash: CC11D775D4122ACFDB24DF21D998BECBBB1BB4A308F1081EAD45AA7241DB344E80DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90E90, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 41b8a73d535e3c98ecbaaf5a8d779f9b25a19e32504bda383e3f2b84e0cdbd79
                                                                            • Instruction ID: 8c46625cff98020498c0d111dc93ea0d022f17d084948570376e209505771e2a
                                                                            • Opcode Fuzzy Hash: 41b8a73d535e3c98ecbaaf5a8d779f9b25a19e32504bda383e3f2b84e0cdbd79
                                                                            • Instruction Fuzzy Hash: 54019374D002688FCBA4DF65D8946DDBBF2BB89304F1080EA988EA7354DA345EC1DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93296, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 75210661207d3e3e3e1c84dc3c4971a95db87c8f4b09dcc2d232882f13842b7c
                                                                            • Instruction ID: d7e095f3a7377d995940ca39ddf94609ec665d583ea2c99fb9c405b67aa99e03
                                                                            • Opcode Fuzzy Hash: 75210661207d3e3e3e1c84dc3c4971a95db87c8f4b09dcc2d232882f13842b7c
                                                                            • Instruction Fuzzy Hash: DF01AD709083C49FCB26CBB88854699BFB0AF5B204F1840EAC8909B297EB359552DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A96BF8, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a06148336c55c14dc4368280836c703af06f7aeb67ff50951dc3513a3e6b02eb
                                                                            • Instruction ID: 6f7268d505dd3476111c6fe9fadc26dd0e68320a8f96ac9e00a131485882405d
                                                                            • Opcode Fuzzy Hash: a06148336c55c14dc4368280836c703af06f7aeb67ff50951dc3513a3e6b02eb
                                                                            • Instruction Fuzzy Hash: 18F03A70E00209AFDB44EFBAC8856AEBBF5FF89200F0084A9A459A3241DF355941CF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90979, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bef08a1a3a595edd71518bafd4b49b5aa581911b1f6d3845c3b814bd08a68de7
                                                                            • Instruction ID: 2ec382fc1a16d8d1dd4d675186748c04b716625dda04b65775ad8d7624fd7291
                                                                            • Opcode Fuzzy Hash: bef08a1a3a595edd71518bafd4b49b5aa581911b1f6d3845c3b814bd08a68de7
                                                                            • Instruction Fuzzy Hash: 2E01B074A02628DFDB61DF21D8A87ADBBB2FB44345F1084D98449A7741DB340A85CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A30818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294165323.0000000002A30000.00000040.00000040.sdmp, Offset: 02A30000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                                            • Instruction ID: 8006fcf56810843d2af819fefa812b713bea5c41a5076aa28f19c4fad37cbda8
                                                                            • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                                            • Instruction Fuzzy Hash: A7F01D35104644DFC306CF40D980B26FBA2EB89718F24C6ADE9490B752C737D813DE81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B48A16, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6823d4be916a6b86c6392f45429cb809569e8672ff80a402584965c15b51f6f8
                                                                            • Instruction ID: bbf0f7779b9b5b9396425caf483bf88fea2dc4fe13d1c9a926fed5193a30e3b2
                                                                            • Opcode Fuzzy Hash: 6823d4be916a6b86c6392f45429cb809569e8672ff80a402584965c15b51f6f8
                                                                            • Instruction Fuzzy Hash: B4112B7494122ADFCBA5CF64C980AE8BBB1BB08311F1040EAE859A7714E6359A80DF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A91016, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c08bbdf2a16e98dc9d862949743efa4a34b7617ccb67810a53d5d152d9968c0
                                                                            • Instruction ID: 2098b57305d64dbeb50da95e7085429c29411c84312f43992720d652cf7c9883
                                                                            • Opcode Fuzzy Hash: 3c08bbdf2a16e98dc9d862949743efa4a34b7617ccb67810a53d5d152d9968c0
                                                                            • Instruction Fuzzy Hash: D901C0749012288FCB619F65C8946DDBBB1AB49304F0051DAEA89A7344DA345E81CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4DF00, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 77286e88a42b44742510d3f29c5b17492d690028c0abf868bc0b6cbdee47538a
                                                                            • Instruction ID: dd5ecf1b863e876a79cf6791d3cbad5e38112a5141bd1babf22cc7124abda894
                                                                            • Opcode Fuzzy Hash: 77286e88a42b44742510d3f29c5b17492d690028c0abf868bc0b6cbdee47538a
                                                                            • Instruction Fuzzy Hash: 3C01807490121ADFCB54DFA8D5D4AAEBBB1FF88710F10819AE909AB350DB30A980DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90D84, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd45d82608b49044e14c7658af6dfa7700cb165c3d55840c7f6b7625e7f4aac3
                                                                            • Instruction ID: 30690a49fb4d5ca82ab0e97361fb8657483c16763c168e8b05b28774f5b1274f
                                                                            • Opcode Fuzzy Hash: cd45d82608b49044e14c7658af6dfa7700cb165c3d55840c7f6b7625e7f4aac3
                                                                            • Instruction Fuzzy Hash: 9D0104749006688FCB6A9F20CC486ADBBB6FB89706F0441DAA449A7365DB354E84CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A901FE, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: daa17001741f193cac2f1ffae62d04c4ca33d230d0c3a8564037d1346323babb
                                                                            • Instruction ID: 25254d75399f5a351e7a2eacbac858006352dd4ae64e4d632d935c3acc47b8c9
                                                                            • Opcode Fuzzy Hash: daa17001741f193cac2f1ffae62d04c4ca33d230d0c3a8564037d1346323babb
                                                                            • Instruction Fuzzy Hash: 4201D374A04228CFCB61CF64D89869DBBB6BF48304F1441EAD48EAB345DB341A85CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B400B8, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5d9a39c7b7c459eb77bcdeadfd5c609e685e36b55996bf9aade136b17361e0db
                                                                            • Instruction ID: 54ad462ed0c8a93e44c5c1d27df0a5066a56933a59d46161dd2267c11acda25a
                                                                            • Opcode Fuzzy Hash: 5d9a39c7b7c459eb77bcdeadfd5c609e685e36b55996bf9aade136b17361e0db
                                                                            • Instruction Fuzzy Hash: 06F05830A01248DFDB08DFA4D595BEEBBB0EF96314F2495A9C408AB221DB711E02DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A902C6, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 652d71efb627622d99d98a0c9cf53f7f46ac12ccaeca3230a165ab13718aeb25
                                                                            • Instruction ID: e02ebce7c64fe9656350378987e3f30a74adc20b74534ae8356e62ef5a8104f4
                                                                            • Opcode Fuzzy Hash: 652d71efb627622d99d98a0c9cf53f7f46ac12ccaeca3230a165ab13718aeb25
                                                                            • Instruction Fuzzy Hash: 7D01C4749002289FCB64DF60C8656DDBBB2BB89704F1081DA954DA7354EF311E81DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A910BC, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e8d516c68ca25c4ebc63992e7c25f312395c3ea41ab02fb3eee3c4c0aac1a00d
                                                                            • Instruction ID: be9835407c1a4612f1177433bc7bdcbdff837d60f16465768de116f0ec064427
                                                                            • Opcode Fuzzy Hash: e8d516c68ca25c4ebc63992e7c25f312395c3ea41ab02fb3eee3c4c0aac1a00d
                                                                            • Instruction Fuzzy Hash: 32011D74D012298FCB60DF64D89869DBBB2BB49304F2081EAD48EA7344DF384E81CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93CC6, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be9b2346b0425198ac2d4b29047ed4fe8a6118a3b4a5a70561cfec6402e838eb
                                                                            • Instruction ID: 116816e4769ee291be1297661412b97f55f305b77e342318c3cb65b3733dee74
                                                                            • Opcode Fuzzy Hash: be9b2346b0425198ac2d4b29047ed4fe8a6118a3b4a5a70561cfec6402e838eb
                                                                            • Instruction Fuzzy Hash: 4AF092B0D053598BDF54DFB6C6946AEBBF2EF49700F20C46A844AAB6A4DB344942CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90A66, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8b5f7eb593b4382ee1e0098617e0eb9e464df9b8ff515e129b2a2d046804767e
                                                                            • Instruction ID: daf023c79ff87c65b0ad2f017abf82069fb2f79c8a36e25d0a6fcd43757189b8
                                                                            • Opcode Fuzzy Hash: 8b5f7eb593b4382ee1e0098617e0eb9e464df9b8ff515e129b2a2d046804767e
                                                                            • Instruction Fuzzy Hash: B101E8B4D0022D8FCB60EF24C8986DDBBB2AB99304F1081DA849DA3355DA340E81CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A90F61, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd461b02dd8d9e712cc8f74f2ce16e5e87d7b590bb18a028489acfe671eb811c
                                                                            • Instruction ID: 5c8567ea32c6f64fc61d9f2e66f8bbd6804c89559ce8e03147e4e6899f99083b
                                                                            • Opcode Fuzzy Hash: cd461b02dd8d9e712cc8f74f2ce16e5e87d7b590bb18a028489acfe671eb811c
                                                                            • Instruction Fuzzy Hash: E2018074A04228CFDBA5DF24D8586DDBBB1BB89305F5081DA988EA3344DB351E81DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A305F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294165323.0000000002A30000.00000040.00000040.sdmp, Offset: 02A30000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 666974dfbec8dc63cb1da311071087cec64c00ab4170bbc8dfee9a1f0ab37f01
                                                                            • Instruction ID: 9850f243632e3bbd3a7d2cdcf9f03a2b18e5fb11e77a961cc503189fe4ee2ba8
                                                                            • Opcode Fuzzy Hash: 666974dfbec8dc63cb1da311071087cec64c00ab4170bbc8dfee9a1f0ab37f01
                                                                            • Instruction Fuzzy Hash: 48E09276640A008BD650CF0BEC41462F7D8EB88630B18C07FDC0D8B700E139F508CEA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93518, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d1b0efd116d764e315b6a004f81033365002e2ca80b26c9c74e1715cec93df6
                                                                            • Instruction ID: c5330f3893944a3dd4a54101c0584b7effb7778f780ee91a7e0fb67987f7f5a6
                                                                            • Opcode Fuzzy Hash: 2d1b0efd116d764e315b6a004f81033365002e2ca80b26c9c74e1715cec93df6
                                                                            • Instruction Fuzzy Hash: 92F0ED70D54388AFCB16EBB9D84469DBFB0AF09200F1080EAD880A7381DA34A919DF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010CAE0B, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293980068.00000000010C2000.00000040.00000001.sdmp, Offset: 010C2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 99864c1e0f3728eb018a913d0577524345d7b574053d316c3341e1ac66f269d0
                                                                            • Instruction ID: e590d69bee9e16c7120f878015323b3690aca0e1d98ac7bdc45b16890c2c9f5c
                                                                            • Opcode Fuzzy Hash: 99864c1e0f3728eb018a913d0577524345d7b574053d316c3341e1ac66f269d0
                                                                            • Instruction Fuzzy Hash: 2FE0D87254160467D2108F0A9C41B63FB98DB55A30F14C557EE081B301D1B5B5148AF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B48ACB, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 39683faa27239de3ad3df0af5bb7b3b8aa615b621c68367eacbae64a87e7a6cd
                                                                            • Instruction ID: 6f89d5e66ad60e2a3691b6de04090c942f533950a1dffba18b9385d51c114963
                                                                            • Opcode Fuzzy Hash: 39683faa27239de3ad3df0af5bb7b3b8aa615b621c68367eacbae64a87e7a6cd
                                                                            • Instruction Fuzzy Hash: 6EF0F475D052998FCB65CFE4DA806DDBBB0FF48310F10A48A8455AB208DB34AA40DF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94BB1, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f18ef47fcaef9efa62454ba22d51d1cad42495d73601651e21376a8bdc89503a
                                                                            • Instruction ID: 5721c3ed352cf20a02e200b378e29b4d3e8ce875b14f576b53b128351a09edfb
                                                                            • Opcode Fuzzy Hash: f18ef47fcaef9efa62454ba22d51d1cad42495d73601651e21376a8bdc89503a
                                                                            • Instruction Fuzzy Hash: 2DF03974D083449FCB45DBB8D4553DCBFF0EF4A200F0080EAC88497261D635994ADF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A92769, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80d498784280143b4d8519bef9fe1651c2395e25e31273bbb9f08ea87f3fde92
                                                                            • Instruction ID: c2f9e19287c9075b183d8cfc07ab99ed2d3aef181ca0cf0d5edf8e26a51cc3c4
                                                                            • Opcode Fuzzy Hash: 80d498784280143b4d8519bef9fe1651c2395e25e31273bbb9f08ea87f3fde92
                                                                            • Instruction Fuzzy Hash: FBF0FF38C00229DFCF60CF65D888B9DBBB1FB09704F1085A9D84AE7200EB365A81DF64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AD1CCB, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294217374.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e9532a7f4c0a95e27eba157a5b7f2a810fdabd4767b63af43965e746e7a07bf4
                                                                            • Instruction ID: 6f3d428436e4b34a2bb77ac06216c45130a305fd695780f003aa7822ba794eae
                                                                            • Opcode Fuzzy Hash: e9532a7f4c0a95e27eba157a5b7f2a810fdabd4767b63af43965e746e7a07bf4
                                                                            • Instruction Fuzzy Hash: 3CE0D8B254170067D2108F069C45B63FB98DB95A30F14C56BED081B301D175B5188AF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AD1577, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294217374.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7cb8f441d6b7099cc9384852b9a5ff6f6c70dc287e4beb4c56fbd590f234a700
                                                                            • Instruction ID: 2e7821ab8c65e3f4976a779d9b20b55e76c49bcd055d4f7172065cc1968c7011
                                                                            • Opcode Fuzzy Hash: 7cb8f441d6b7099cc9384852b9a5ff6f6c70dc287e4beb4c56fbd590f234a700
                                                                            • Instruction Fuzzy Hash: A7E0D87294160067D2109F069C45B63FB98DB95A30F14C557EE081B301D176B514CAF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B400C8, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 52f2933c06262a008e4de752994b4b6062c871d12e8422962c6ccf0077b252a1
                                                                            • Instruction ID: a99660aa9a9c17f84d82b0406209968b9fa49c53acda7759ddfe484ed69450a3
                                                                            • Opcode Fuzzy Hash: 52f2933c06262a008e4de752994b4b6062c871d12e8422962c6ccf0077b252a1
                                                                            • Instruction Fuzzy Hash: E8E0ED30A0120CDFCB08EFA5D944AADB7B5EF85704F6055B9D80867364DB716E01DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A95CA0, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c54ef04ce31806dd4adb7201b82ec712837c6115c81ea0ffe307a2bef8ab6c6d
                                                                            • Instruction ID: 0f1247ffab6ec646be63666357c2c2f51f8496dc972be42b57bc80fdb51fe74c
                                                                            • Opcode Fuzzy Hash: c54ef04ce31806dd4adb7201b82ec712837c6115c81ea0ffe307a2bef8ab6c6d
                                                                            • Instruction Fuzzy Hash: 22F06DB0C5A228DFDB25CF65CA45BDCBBB0BB49304F5045EAC609B7281C7359A85CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B40070, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4fb495f72aa0240c369c1b1ce204b1087bcc9a0d4416001057fd20ace47bf798
                                                                            • Instruction ID: 9d448bb79516fe1d93f79a8c2b4b9bd4f357185f9f40042e34e72b479e04a0cb
                                                                            • Opcode Fuzzy Hash: 4fb495f72aa0240c369c1b1ce204b1087bcc9a0d4416001057fd20ace47bf798
                                                                            • Instruction Fuzzy Hash: E1E08C705832099BCA68FBB4C51277FB368DB42600F101CAC860633241CE765E20AEA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93691, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e8433d3fe28e67503485bc9a60cf43d09f6803faffcd286d39fa9ad3f781a637
                                                                            • Instruction ID: 978f6154e7bb82cf5c404e68d520084595e7a1fbe098be4f1329bc39b7b5287c
                                                                            • Opcode Fuzzy Hash: e8433d3fe28e67503485bc9a60cf43d09f6803faffcd286d39fa9ad3f781a637
                                                                            • Instruction Fuzzy Hash: BFE01A74908358AFCB15EFB9984539EBBB4AB05204F1042FDC88497282E639D65ADF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A927A3, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f1f1d715b372e4878a002cea8a41923e514ccbe78d34454a30107c0a38b868d
                                                                            • Instruction ID: a65efc8c38b1318226bd8f66b29335b6340bafb050c7aa5116420b7ca5dc8d64
                                                                            • Opcode Fuzzy Hash: 0f1f1d715b372e4878a002cea8a41923e514ccbe78d34454a30107c0a38b868d
                                                                            • Instruction Fuzzy Hash: 2CF06D78D002299FCB60CFA4D984B9CBBB1BB49304F1085A9D88AE3344DB355A81DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A943F7, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 87cd983ea9393cddb2d98a66a20d6036b0e08c0437230369b8e303a66d05bcf4
                                                                            • Instruction ID: 7d93ec7abbbf4c6021cc69db62e899bd5a7aa72f157677a1816232cabf6f2d33
                                                                            • Opcode Fuzzy Hash: 87cd983ea9393cddb2d98a66a20d6036b0e08c0437230369b8e303a66d05bcf4
                                                                            • Instruction Fuzzy Hash: 82E01274D143449FCB65DFB9848539CBFF0EB99314F1081EEC84496241EA355946CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94510, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8e8ae49a761c8d5d73793dee56288651e63bde490fd5bae0bc92f4a5b867f48d
                                                                            • Instruction ID: 22c50c745f5fb0b499a727a5498b3f069d60d0f6a8d6d2754654e30ea3279a03
                                                                            • Opcode Fuzzy Hash: 8e8ae49a761c8d5d73793dee56288651e63bde490fd5bae0bc92f4a5b867f48d
                                                                            • Instruction Fuzzy Hash: E6E0E570D04288AFCB95DBB8946139DBFF0EB4A214F0481EAC88497212DA395956DF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A96563, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b013b865003f5a4a12555641ef3fc9af74a7996a1bf17a54ce93bb5f88176a6e
                                                                            • Instruction ID: d6d6ce31c2c93750350eba76150b4e6c246ad2d0527ae481496a664ad6d0eccc
                                                                            • Opcode Fuzzy Hash: b013b865003f5a4a12555641ef3fc9af74a7996a1bf17a54ce93bb5f88176a6e
                                                                            • Instruction Fuzzy Hash: B1F0EDB5D443599EDB34CF51CD46BDDBBB4AB08750F5041D69209BA2C0DB746B84CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A92CA8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 618879402d258fa0390c840176ce1c5e37f4f6f86fddeb64ddca8cc61fd909ea
                                                                            • Instruction ID: 490c94ad8c76039e01f6b59d66384f86cdb5891f53a50355e47adadeac1d5ff5
                                                                            • Opcode Fuzzy Hash: 618879402d258fa0390c840176ce1c5e37f4f6f86fddeb64ddca8cc61fd909ea
                                                                            • Instruction Fuzzy Hash: 85E0E5B4D00218AFCB45EFA9C8406AEBBF4EB58300F1085AAD814A3340D7759640DF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A918D8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 889d872d012c33780dfe6e0e12b82df579e72c7453fd6796c863d5309077bd89
                                                                            • Instruction ID: 2a9b6e303fbcea7583b9b15409c143c5eb2049f786e418513de709e1e862579b
                                                                            • Opcode Fuzzy Hash: 889d872d012c33780dfe6e0e12b82df579e72c7453fd6796c863d5309077bd89
                                                                            • Instruction Fuzzy Hash: 45F0DF3490612ACFDF64CBA6D888B9CBBB0BB44304F6090EAC44EA7254DB309E84CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93613, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ccf6c613f4f53bdeade06b13a9421d789490894c63a4fa2c63c613bbfbec0f3e
                                                                            • Instruction ID: 11d304df1a855aa8300c53565311062b2f4244d3ae2bd851369a6aa06913a27f
                                                                            • Opcode Fuzzy Hash: ccf6c613f4f53bdeade06b13a9421d789490894c63a4fa2c63c613bbfbec0f3e
                                                                            • Instruction Fuzzy Hash: 02E04F74D0938CAFCB42DBB8985479DBFF09F06200F0441EAD844AB291EA359556CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94C7B, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b9edf6720fad8e3de625004e774089df19e0f88cfdbe8c5d7738bddbc9fe9cfe
                                                                            • Instruction ID: ecc585358be8cd35c52e16f49d7f7c83f24766378e11e6bb5d7ddb71d8722158
                                                                            • Opcode Fuzzy Hash: b9edf6720fad8e3de625004e774089df19e0f88cfdbe8c5d7738bddbc9fe9cfe
                                                                            • Instruction Fuzzy Hash: F7E08670D0938C9FCB05EBB8985479DBFF4AF4A300F1481EAC848A7255D6755512DF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A9364F, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 880bc0f57ad671b51a6fabce9aaa1a3ce18848aba84359c7955fbdf4093b7e60
                                                                            • Instruction ID: 1525ecb1acf627ed8e425d03a427d89f39c32d465754b6d0f230a3990d96eef6
                                                                            • Opcode Fuzzy Hash: 880bc0f57ad671b51a6fabce9aaa1a3ce18848aba84359c7955fbdf4093b7e60
                                                                            • Instruction Fuzzy Hash: 7CE0E570D103489FCB59DBB8D45539DBFB1EF4A204F1482EAC84897212E7395555CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94BEF, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6aecea594ba78a6a88ca933933fa58ca0537f5653f81e3c8da397d18f8fb37d0
                                                                            • Instruction ID: 4da3eb74ed713b00a6e678f3562523fa26319eeddf6e8b7699e29bb1aed102dd
                                                                            • Opcode Fuzzy Hash: 6aecea594ba78a6a88ca933933fa58ca0537f5653f81e3c8da397d18f8fb37d0
                                                                            • Instruction Fuzzy Hash: 70E04F344093C59FCB02DBB8D4552887FF0DB4F114F0844D6C98487152D931998ADF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A9454F, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e75495b74eef6e9bd26f5e357034ef7751a265bb39471325b2cb1cbfc715bbe
                                                                            • Instruction ID: 211eebf3b4dd424abf06cd5570c9ea07cd9bad8a3a93178a42bfa8b89865a941
                                                                            • Opcode Fuzzy Hash: 2e75495b74eef6e9bd26f5e357034ef7751a265bb39471325b2cb1cbfc715bbe
                                                                            • Instruction Fuzzy Hash: DFE0E570D043489FCB95EBB894597ADBFB0FF86204F1482AAC85863242D6351A55CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A95B53, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a042836e9e86f0c0f4d24276e2aef17efd56d6c2bf7de754c6138ffea6a49305
                                                                            • Instruction ID: 980472163277d7eab7a00324bfa6fd9cb48209895211363c0ad561ba4b164975
                                                                            • Opcode Fuzzy Hash: a042836e9e86f0c0f4d24276e2aef17efd56d6c2bf7de754c6138ffea6a49305
                                                                            • Instruction Fuzzy Hash: D9E0657690521A9ECB249F60C981AECBBB0FB55301F60A1D8D08A9A1A0DF380B85DB04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A932C0, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7dbe5325a99a6d0bbbd438185c74c006e233410b7163351dabc6af45c09096dd
                                                                            • Instruction ID: 75a6a7353ba6dc53095f7b91208fe6f4f1be76eba23bc649d1769501b4807f9a
                                                                            • Opcode Fuzzy Hash: 7dbe5325a99a6d0bbbd438185c74c006e233410b7163351dabc6af45c09096dd
                                                                            • Instruction Fuzzy Hash: 8EE01A70D00348EFCB44EFA8D8406ADBBF1FB58300F1085AAD814A3300D7759A51DF84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A936D9, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4df207400db4177fcffba4e8f99408ec3f7cdeebafa39b9782aa14df139294e9
                                                                            • Instruction ID: 0a1874842c97f051bf828eab574492b85914d03f1405c13647bd0f442ca647c6
                                                                            • Opcode Fuzzy Hash: 4df207400db4177fcffba4e8f99408ec3f7cdeebafa39b9782aa14df139294e9
                                                                            • Instruction Fuzzy Hash: 97E04670D05348EFCB15EFB9849539EBBB0AF05304F0042F9C808A7241EB36AA64CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94D98, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0825e5060907a69b9556ab86426827d7260daab15fde41e789e736424bc14ce2
                                                                            • Instruction ID: 492e5eef9e078c2069338e2b7f6c40719818372893bdd41cad1e7602863a7dd0
                                                                            • Opcode Fuzzy Hash: 0825e5060907a69b9556ab86426827d7260daab15fde41e789e736424bc14ce2
                                                                            • Instruction Fuzzy Hash: 93E01A70E603489FCB94EFA8D8457ACBBB0EF55211F0081EACC0892240E7391958CF42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46BC7, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4f4282cf0ab2ac17498a77931884a96f2eb16b0ea7034a0b8e98d0bcc798edd3
                                                                            • Instruction ID: bdeeae5b1ded0afba9494d60b9ade8e7910ea3357437593d9dd5c3b34cef62fa
                                                                            • Opcode Fuzzy Hash: 4f4282cf0ab2ac17498a77931884a96f2eb16b0ea7034a0b8e98d0bcc798edd3
                                                                            • Instruction Fuzzy Hash: D6E0C2704193D48FC3619FB8E81E3A97FB4EB13205F0081A6D488C3152DA7A0452DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A96CB1, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c9a56f81af499429d7261108d982ab98620e609d664eddc51cf3381035619f8
                                                                            • Instruction ID: 94af669a862360105a7d9205cb303dad625d248294dd0aa95770ecbbe28340a0
                                                                            • Opcode Fuzzy Hash: 1c9a56f81af499429d7261108d982ab98620e609d664eddc51cf3381035619f8
                                                                            • Instruction Fuzzy Hash: F4E046708113588FCB59EBB994083ACBBB5EF02209F1049AEC80893295EB364990CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A944D1, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 63c737a56b2837bfe272fe9aecec6ae8ae06c7160e1bbe228a06ea7abc634532
                                                                            • Instruction ID: 3fd1093015b1fcf046f3c2b208e266dfb370b7f7faa25366c78dd000e053d247
                                                                            • Opcode Fuzzy Hash: 63c737a56b2837bfe272fe9aecec6ae8ae06c7160e1bbe228a06ea7abc634532
                                                                            • Instruction Fuzzy Hash: 4AE04F70C053989FCB65DBB9A4283ADBFF0AF4A304F1441EAC84493242E6354641CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94E18, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 711ce3a2f2a692ec61d5532c690077ad598e5f7769dd0e2f1ffc37bc2cf30635
                                                                            • Instruction ID: 86bfb027ee8cafa43446a64079b4ea804ddd339f1149acffddef0cadd7ef64d9
                                                                            • Opcode Fuzzy Hash: 711ce3a2f2a692ec61d5532c690077ad598e5f7769dd0e2f1ffc37bc2cf30635
                                                                            • Instruction Fuzzy Hash: ADE08C309553888FCB96EBB8988539DBFB4AF06301F2405EAC804971D2EA750A55CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93528, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8fc39f57878da9438bde9a05d50f356191b5fcc56862f258be7d6440be927204
                                                                            • Instruction ID: 7678389ec6d902ce9ae38bb0ce010f6ca23f0930250e71b4f02a07ba88e2c9ec
                                                                            • Opcode Fuzzy Hash: 8fc39f57878da9438bde9a05d50f356191b5fcc56862f258be7d6440be927204
                                                                            • Instruction Fuzzy Hash: 3AE08C70E0030CAFCB28EFAAD44539DF7B0AB48600F1081E99804A3340EA35AA54CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B492AD, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be917c029a228d152d131859f5b0d60e500a1526ee869e4f9c3bc9039789a46a
                                                                            • Instruction ID: ab8854842e97bd33f475003921ee837a1b6a9e79044d6914569c3a71b5508563
                                                                            • Opcode Fuzzy Hash: be917c029a228d152d131859f5b0d60e500a1526ee869e4f9c3bc9039789a46a
                                                                            • Instruction Fuzzy Hash: 1DE0E534A016598FCB60DF58C5C4A9DB7B1FF45310F11A195D406AB219CB34EE84CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A96207, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 411e36922d8f60122d4b1dc2d58956ce41121f11ab7ae1f55ba28c6d5dc54aec
                                                                            • Instruction ID: 1d94464e3c138d2f04c775b7e209233200df2217008b2569717961af2344b7cf
                                                                            • Opcode Fuzzy Hash: 411e36922d8f60122d4b1dc2d58956ce41121f11ab7ae1f55ba28c6d5dc54aec
                                                                            • Instruction Fuzzy Hash: 95E0C275D0532A8FDF64CFA0C954BDEBBB1AB48340F2081DA8299AB2A1D6745A80DF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A957B0, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a7a49d9898a9c28c377222b7f52a14cedcfad00e612c470b00847d0efceca2ec
                                                                            • Instruction ID: 31890b6d2ddd5dc846e4dfa090a7d8bb461d562bb03cc4efdd1060b18411c761
                                                                            • Opcode Fuzzy Hash: a7a49d9898a9c28c377222b7f52a14cedcfad00e612c470b00847d0efceca2ec
                                                                            • Instruction Fuzzy Hash: 09F0AE7180522ACFDB24CF61CA84BDCB7B1BB59344F4480D9815DA7250D2349F85DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A936E8, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ada220264c986f497abb91f220b34e9bfd9ea51db8fcaf830e56de5f79ec8b4
                                                                            • Instruction ID: 4e7d63d4dfb20e9181068d6ecb7f359a2aded9e67917c8583096c243414c4276
                                                                            • Opcode Fuzzy Hash: 0ada220264c986f497abb91f220b34e9bfd9ea51db8fcaf830e56de5f79ec8b4
                                                                            • Instruction Fuzzy Hash: C6E0E270D00308EFCB54EFB9944539DBBB4AB44204F1081A9C80892240EB3AAA50CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94560, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e357717e3495ef8e0eab14572364026dd3fb5436f357ffab88599341867e015b
                                                                            • Instruction ID: e30eae497d03b3f68e8a6c78bbd545f929775ce5eccb457e936b553d74e277a8
                                                                            • Opcode Fuzzy Hash: e357717e3495ef8e0eab14572364026dd3fb5436f357ffab88599341867e015b
                                                                            • Instruction Fuzzy Hash: 9DD017B0D04308AFCB54EFA9D84479DBBB5AB48300F1081AAC808A3240DB355A41CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A944E0, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d94bffefe93ea09bd6476620cb6df99ac2ed099f994e3e7e0a99241bc8216e4
                                                                            • Instruction ID: e4e59b3d35dae17d4b7acd14d2081e11a1d63084826682a26aa35b371b708d1d
                                                                            • Opcode Fuzzy Hash: 9d94bffefe93ea09bd6476620cb6df99ac2ed099f994e3e7e0a99241bc8216e4
                                                                            • Instruction Fuzzy Hash: 9AD05E70D0034CEFCB54EFF9A4143ACBFF4AB48300F1085EAC84492280EA395640CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94408, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 09b68ab66db5a8faccea70055d7232ea75d3db0588edfc9d767d84c9ddfbb925
                                                                            • Instruction ID: 3845523b7201cb846526a2355142aad1f5ece5b84ee1040243d6ad73ef107914
                                                                            • Opcode Fuzzy Hash: 09b68ab66db5a8faccea70055d7232ea75d3db0588edfc9d767d84c9ddfbb925
                                                                            • Instruction Fuzzy Hash: FED01774D00308AFCB54EFA9D44539CBBF4EB48700F1080AA880893280EA395A40CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94520, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: af14ec2cc46efeea5b96c46d53b9e39edf6722ebbbb60a3ffa86bbb48e2bd70b
                                                                            • Instruction ID: c7cfcbd6b0fd32576a842eec5d504e8dc8f313cc2db336d37be45592f8c5ab91
                                                                            • Opcode Fuzzy Hash: af14ec2cc46efeea5b96c46d53b9e39edf6722ebbbb60a3ffa86bbb48e2bd70b
                                                                            • Instruction Fuzzy Hash: 1DD067B4D04348AFCB55EFE9D45579DBBF4AB48604F1081A9C84893240EA795A55CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E6C3, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fdb18b874b9f6ab09fbadce1bb759250657d95612633b541d7fe0b57ce6246ad
                                                                            • Instruction ID: 867527a7f259c64f5bba0b4193c6294f5a26f8ac99c76c49199487fc9312c44c
                                                                            • Opcode Fuzzy Hash: fdb18b874b9f6ab09fbadce1bb759250657d95612633b541d7fe0b57ce6246ad
                                                                            • Instruction Fuzzy Hash: F9E012B0C0624CDECB10CFA0C0882ADBFB0FF08210F24508AE011B7681D3349282EF16
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B23F4, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293955819.00000000010B2000.00000040.00000001.sdmp, Offset: 010B2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec224be6bd4868a58f74ecca8e1395be8ea627735d9ea0c5281c6673f51a0474
                                                                            • Instruction ID: 6bf4031eddda2e408f37a5c53708ce9974c3c5c1f10a23655e8e61ed5ba23893
                                                                            • Opcode Fuzzy Hash: ec224be6bd4868a58f74ecca8e1395be8ea627735d9ea0c5281c6673f51a0474
                                                                            • Instruction Fuzzy Hash: 89D05E79215A818FE3268A1CC1A8BD53FE4EF51B05F4644FDE8408BA63C768E9D1D200
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A9287D, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 244363d16c47db529c706ee90895da1908689de943956449ad62770e74883dfe
                                                                            • Instruction ID: 116a22a467f975133fc4999612727d3e6bccd8fb2bf82d43609a4620398d202e
                                                                            • Opcode Fuzzy Hash: 244363d16c47db529c706ee90895da1908689de943956449ad62770e74883dfe
                                                                            • Instruction Fuzzy Hash: BCE09279C04328CFCF54CFA5C554AEDBBF5BB09305F10519A8409A7265DB389A49CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E886, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93caf4155a40b1ae51587b0f774dc5ef0ab8b07ba53c4b243f30b396e9abd887
                                                                            • Instruction ID: 41ebb7473fe4c335e196a12610c4ff92ba6aeb1d6b86dc6fd6ec5d12dd978411
                                                                            • Opcode Fuzzy Hash: 93caf4155a40b1ae51587b0f774dc5ef0ab8b07ba53c4b243f30b396e9abd887
                                                                            • Instruction Fuzzy Hash: 47E0B634E02219DFCB60CF60D9C579DBBB1BF8A251F109099A58DA7344DB34AE80CF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46E01, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e6b8c5649394a64c510e6f09f44caf9ad3674e61886aa3f96e85fe95b5a87536
                                                                            • Instruction ID: 0e023eb77b5c6358f215dfa8e1afbf6e37f6a42e81fe7fb9ea3f00d56fce9e42
                                                                            • Opcode Fuzzy Hash: e6b8c5649394a64c510e6f09f44caf9ad3674e61886aa3f96e85fe95b5a87536
                                                                            • Instruction Fuzzy Hash: B2E0127090222ACFDB90EB24CD90E88BBB5BB40200F4092E9E40DA3225DB305E85CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B46BD8, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 260310f8806205949f58d949aed384010dd4bb2d5e57b21970c61f0833c1d08a
                                                                            • Instruction ID: d6bab505755856713ef7a77642ff8e0807dc7627574ac108342f7ad723ed2b87
                                                                            • Opcode Fuzzy Hash: 260310f8806205949f58d949aed384010dd4bb2d5e57b21970c61f0833c1d08a
                                                                            • Instruction Fuzzy Hash: C1D012704043499FC361EFB6E80D71977ACE706216F1044A5E849C3144EF7B5450DF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B23BC, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293955819.00000000010B2000.00000040.00000001.sdmp, Offset: 010B2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d3a2028cf6fc13a926915b052e5640483981b39f47cd55b630c0ff4f20c97ca3
                                                                            • Instruction ID: 65cd58bec7ade0907b317d5cf44d675d994a9809b8bfb7ba83893ca15c6f59fd
                                                                            • Opcode Fuzzy Hash: d3a2028cf6fc13a926915b052e5640483981b39f47cd55b630c0ff4f20c97ca3
                                                                            • Instruction Fuzzy Hash: 72D05E342012818BD715DB0CC5D4F993BD4AB41B00F0684E8AD408B662C3A4E8C1C600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A911F0, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f4339000e59f9d4ac67ba59f8252e5c8222ff803287ee8ca0254e2c33560ffeb
                                                                            • Instruction ID: 9e85428226614a1cc2dc1d94030b1f227431a61ccc46ad7d477f2c1208f10bf2
                                                                            • Opcode Fuzzy Hash: f4339000e59f9d4ac67ba59f8252e5c8222ff803287ee8ca0254e2c33560ffeb
                                                                            • Instruction Fuzzy Hash: 9EE09270D4A228CFDBA0DF61C991B89BBF1FB49740F1090DA944AE7794DE319E808F21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A95805, Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: beeb0fd91d45a5264070555a97da6d382e9c260a6c98dca3e98e20d55c4572bf
                                                                            • Instruction ID: 60457165aae6f31667b920788551001aa8807762b34943e420e82df09baf8f44
                                                                            • Opcode Fuzzy Hash: beeb0fd91d45a5264070555a97da6d382e9c260a6c98dca3e98e20d55c4572bf
                                                                            • Instruction Fuzzy Hash: 12E0BD75E0622A8FCB24CF60CA587E9BBB0AB14300F4044EA8889AA294D7384F80CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E802, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8277d78e159b75c5c4947faf4a4cf4294ec14cebed53599c843e03fa4b7ff3f8
                                                                            • Instruction ID: f2e94c77650e2cd60003cd929d421c092f4bf391157c5289ba76f93a32d4774a
                                                                            • Opcode Fuzzy Hash: 8277d78e159b75c5c4947faf4a4cf4294ec14cebed53599c843e03fa4b7ff3f8
                                                                            • Instruction Fuzzy Hash: 68D06776C05229DFCB04CFA0D5846DCBBB0BB18351F54145A9042A6694D77C5A80CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4BD5E, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f2f0a98769a3e774ba00820233e0857ede043fb73ce09ff800aa0a14d8a9654b
                                                                            • Instruction ID: eb9c2e6cc8cdf24c5314e2e298563980c5a392e0cfbc9fce6967541730847971
                                                                            • Opcode Fuzzy Hash: f2f0a98769a3e774ba00820233e0857ede043fb73ce09ff800aa0a14d8a9654b
                                                                            • Instruction Fuzzy Hash: 37D01730906219DFCB10DB14D8C1B8CB771FB40204F5026A59425A7114DF709A41CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A961D0, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9cf5cb78d3d2e45e8b446f4511ee7dac9fbb9c82d31032c05961a528f0d93f8
                                                                            • Instruction ID: 3183094018d3bc6c5ae00468082b2bb151c8f8c72d63504225e6d75dbf86d2e9
                                                                            • Opcode Fuzzy Hash: f9cf5cb78d3d2e45e8b446f4511ee7dac9fbb9c82d31032c05961a528f0d93f8
                                                                            • Instruction Fuzzy Hash: CDD06CB9C052688BDB25DF61C9487DDBBB1BB19340F4052DA858AB6295C7780FC5CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E5CF, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: edd01ca827887e12167c6ae8286dea52378e0c6e3c152d01b9e05afb48a88ad9
                                                                            • Instruction ID: b9208f2f25be3f06d7ea5a6bc4bf94cb65f1005df76fa846f56cf3fe68dd7729
                                                                            • Opcode Fuzzy Hash: edd01ca827887e12167c6ae8286dea52378e0c6e3c152d01b9e05afb48a88ad9
                                                                            • Instruction Fuzzy Hash: 96D09274C093099FCB10CFA1E1844ADBFB0BB4A211F20102AE055EB281EA385540CF18
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A95E9F, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d3c1368bb2a1bed00ef27d4130493e6b5b87d1f2959a13dacd2bed3680e4cba
                                                                            • Instruction ID: 7dc5e8d628c5656f6490aeebae662dcfd5fd3e6925b933c6056fbb9ea41a0683
                                                                            • Opcode Fuzzy Hash: 9d3c1368bb2a1bed00ef27d4130493e6b5b87d1f2959a13dacd2bed3680e4cba
                                                                            • Instruction Fuzzy Hash: D3D092758112A88BCF20DF60CA052ECBA70AB20320F4042EA809DB61A0D6740AC1CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A93952, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: aaef44d7909e2deb9bb7dcc9d3e77e5a35b3ed81409fb97e8dca4545714a2983
                                                                            • Instruction ID: 55dd19ca0ed8af13928e6cd4f3f8cd6f12b7d031d19ffa98a8f5c57a0280604a
                                                                            • Opcode Fuzzy Hash: aaef44d7909e2deb9bb7dcc9d3e77e5a35b3ed81409fb97e8dca4545714a2983
                                                                            • Instruction Fuzzy Hash: 1ED0C9B0D1525A8ECF14CF91C9806ADFBB0EF41200F00A99A805977255D6706A40CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E7DF, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 35b52c94851a19e3401f728f8524572bfdc3e2af7d430270aaf44be15285c5fa
                                                                            • Instruction ID: c5c3c108174218bb87ec41a219b10122ea884c0d59018501f50aff870805c17f
                                                                            • Opcode Fuzzy Hash: 35b52c94851a19e3401f728f8524572bfdc3e2af7d430270aaf44be15285c5fa
                                                                            • Instruction Fuzzy Hash: DFC08C70829206AFCB008BB0E1C908C7BF0FB06221B0024A4A002AE099CB369280DF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4EB46, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a32a2dfbd4326abf428932cb3d4a14c6666be4d7c6d419bbcf82f53bec4cb17f
                                                                            • Instruction ID: ec17501a31fe6cf95a36ed41a6a1df568e84083300f7ad646c19f418f2818c3c
                                                                            • Opcode Fuzzy Hash: a32a2dfbd4326abf428932cb3d4a14c6666be4d7c6d419bbcf82f53bec4cb17f
                                                                            • Instruction Fuzzy Hash: E9C08C31805208DFD760CFE0F9D845C7BB1EB492227A02585E122D6AE8DB299642CF20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4E867, Relevance: .0, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5fe2a524ec38b77c63a9f298d7cd02e8fabc425aea9fd678e0554c5d5ad48354
                                                                            • Instruction ID: adeecc2a0ded17662f5e7afaa16cf815428f735a76d5d4dc0693f9df43319e6e
                                                                            • Opcode Fuzzy Hash: 5fe2a524ec38b77c63a9f298d7cd02e8fabc425aea9fd678e0554c5d5ad48354
                                                                            • Instruction Fuzzy Hash: 20C09230900209DFC718DFA0EAD4D9D7FB1FB8D321F6052899646A3688CB385982DF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A96681, Relevance: .0, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d35d6ea1231fa21491b82de0e55aee4a568d844230522c5081fb24a01e1d7e3b
                                                                            • Instruction ID: 251dfeb1788061d1a140eae996241f46000d56d09280cc7ae7e4b013094d95c4
                                                                            • Opcode Fuzzy Hash: d35d6ea1231fa21491b82de0e55aee4a568d844230522c5081fb24a01e1d7e3b
                                                                            • Instruction Fuzzy Hash: 2CC02B30C01313CFC7248F92D10554E7BB0BB15301F4020A0410BDA400C3368B40CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 02B4B970, Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: f]Ir
                                                                            • API String ID: 0-3302829692
                                                                            • Opcode ID: a96686b7b204e39d508e93058f0f279dc7c6fea7514928dc27a4ee17f33d3cc7
                                                                            • Instruction ID: 0ba4b1c66aa4b1e3bd7a6d61825c6c33858b43c9bc5e836963db6b9980623223
                                                                            • Opcode Fuzzy Hash: a96686b7b204e39d508e93058f0f279dc7c6fea7514928dc27a4ee17f33d3cc7
                                                                            • Instruction Fuzzy Hash: 4C21F871E016188FEB18CFABD88479EBBB3AFC9310F14C4B6D548AA215DB7059428F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010C2E09, Relevance: .4, Instructions: 441COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.293980068.00000000010C2000.00000040.00000001.sdmp, Offset: 010C2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 95f7b568762cf6be07c8cf6ee4da31668a293e3c441da98248d21fb7bb1f62e0
                                                                            • Instruction ID: 6263f1b4070d8aad390535946b1134f175b4c3772d26cd92b9df430806f81f70
                                                                            • Opcode Fuzzy Hash: 95f7b568762cf6be07c8cf6ee4da31668a293e3c441da98248d21fb7bb1f62e0
                                                                            • Instruction Fuzzy Hash: 875163A580E7C06EE7936779986A5923F755E1B22470F94EBC8C0CF4B3D4880D4AD732
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AD22C2, Relevance: .4, Instructions: 366COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294217374.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7177710481561aa194db23e435735dc1fc1fa9d81853adf4c6ab1d6c0b8ff8d1
                                                                            • Instruction ID: 758dea4e540dfee0cde0a7d8d1ee5d35ac6893d995cccd481131e6719d45d591
                                                                            • Opcode Fuzzy Hash: 7177710481561aa194db23e435735dc1fc1fa9d81853adf4c6ab1d6c0b8ff8d1
                                                                            • Instruction Fuzzy Hash: A6C1E572909340AFC7118F15AC56BA6FFA4EB86630F09C4AFDC5A5B112D739B405CBB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A91F18, Relevance: .3, Instructions: 313COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07240135636200b821d536d187dd1c8ffed8a7c8498d20e2a996df85f2cc2077
                                                                            • Instruction ID: ee6ccb6020cec8e8ee83db7e9be8cdfcc6192b6b197bad94c2c2db49a03ca62f
                                                                            • Opcode Fuzzy Hash: 07240135636200b821d536d187dd1c8ffed8a7c8498d20e2a996df85f2cc2077
                                                                            • Instruction Fuzzy Hash: B1E11674E04259DFCB14CFA6C580AADFBF2BF89304F2091AAD815AB315DB759A42CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A91F08, Relevance: .3, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 104e89317533b560deed22ca3e8340f1a5c007ec01183d6082677355e43a2641
                                                                            • Instruction ID: c4312e450251e9618855268c1856a4d30b31f30112ee364bf3abd804b6833cd4
                                                                            • Opcode Fuzzy Hash: 104e89317533b560deed22ca3e8340f1a5c007ec01183d6082677355e43a2641
                                                                            • Instruction Fuzzy Hash: 59E12774D04259DFCF04DFAAC580AADFBF2BF89304F2491AAD814AB215DB759A42CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4D591, Relevance: .2, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 00d00bae9c45d0770996e4823d2e57dae811ab19304ae81f216de67f24f29fc8
                                                                            • Instruction ID: c39fe5908acd5ae8dea2070811b460d0c59c543198b5e69e56b71414180f9706
                                                                            • Opcode Fuzzy Hash: 00d00bae9c45d0770996e4823d2e57dae811ab19304ae81f216de67f24f29fc8
                                                                            • Instruction Fuzzy Hash: 0A813A74D04259DFDB04DFA5C5905ADFBF2FF89308B24D2AAC424AB21AC7759A02DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4D848, Relevance: .2, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d364e177fb563ac6e31affe1da51737fc7eaf20184f1a8bc038b3a58cb66db6
                                                                            • Instruction ID: 3866614d7e132d47821bf2734b3442f95ff46d0fe0813f249ac83d9d858d6a7c
                                                                            • Opcode Fuzzy Hash: 9d364e177fb563ac6e31affe1da51737fc7eaf20184f1a8bc038b3a58cb66db6
                                                                            • Instruction Fuzzy Hash: 4D712A74D04259DFDB04DFA5C5805ADFBF2FF89309B24D2AAC424AB209C7749A41DF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A94EF9, Relevance: .2, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b22c4a312c8ab8b4ae75d819bb22baf52169b06f1b8811b1ef0a851af9ea3898
                                                                            • Instruction ID: 796e2cc32a3be63dddfbfcb1e278eb904625ccbc626d2243b637968f5f470045
                                                                            • Opcode Fuzzy Hash: b22c4a312c8ab8b4ae75d819bb22baf52169b06f1b8811b1ef0a851af9ea3898
                                                                            • Instruction Fuzzy Hash: 3161C174D1620ADFCF44CFA5D6816AEBBF1BF49300F10996AD429B7254DB309A02CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A92CF8, Relevance: .2, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e87032fd168d91f09a223b06d9a3db42074683289f330e9294df57d058270a1c
                                                                            • Instruction ID: fb83376944b7df0ba4caeec7fe88e7985abf354042581400c038c92ed898657c
                                                                            • Opcode Fuzzy Hash: e87032fd168d91f09a223b06d9a3db42074683289f330e9294df57d058270a1c
                                                                            • Instruction Fuzzy Hash: 1B71FF74D05319DFDF54CFAAC984AADBBF1BF89200F10816AC819AB265DB749A42CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B48309, Relevance: .2, Instructions: 154COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8be549a62a80fb402ab61834d85962f78472d7796586a566788fe563f5dc91ef
                                                                            • Instruction ID: 99864b18f14f7432a333fa125d28ecd9ad9d3a61cb578d6610084aead9881f76
                                                                            • Opcode Fuzzy Hash: 8be549a62a80fb402ab61834d85962f78472d7796586a566788fe563f5dc91ef
                                                                            • Instruction Fuzzy Hash: 0661F574D0520ADFCB04CFA4C9809AEFBF1FB48304F24999AD416BB215DB70AA41DFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4DDAF, Relevance: .2, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 471bb36a68ee52f0bba5ade962cd1d7edff6dce0f1327491b40cfb421a63451d
                                                                            • Instruction ID: ed9d4e23aa3e060556bdbd2b4084beaf9c3b8ec6676a963b8aae9309601b299c
                                                                            • Opcode Fuzzy Hash: 471bb36a68ee52f0bba5ade962cd1d7edff6dce0f1327491b40cfb421a63451d
                                                                            • Instruction Fuzzy Hash: 1B611570E04259DFDB14CFA9C5906ADFBF2BF8A304F24C1AAC459AB216CB349A41DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4DDE0, Relevance: .2, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 58e029c5e89c57f24933ee9bdf782ae76365548bc6d240e6956b216d137a0bd6
                                                                            • Instruction ID: d6f1895b92d9039ed1068fb62e65155ab1f2bc5c3733869ecbb6edff8d1c3f77
                                                                            • Opcode Fuzzy Hash: 58e029c5e89c57f24933ee9bdf782ae76365548bc6d240e6956b216d137a0bd6
                                                                            • Instruction Fuzzy Hash: EB61E374E04259CFDB14CFAAC580AADFBB2BF89304F24C1AAD419AB215CB349A41DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4B530, Relevance: .1, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f2dea38d3487babbd7a91dbd7c0e2077816b4988c33ac62ce472a7b63e3ad25b
                                                                            • Instruction ID: 4df0e3319f54b9dc6566dbdb08454be9ce5bd6ed8189aaaade1fde7b801b33d1
                                                                            • Opcode Fuzzy Hash: f2dea38d3487babbd7a91dbd7c0e2077816b4988c33ac62ce472a7b63e3ad25b
                                                                            • Instruction Fuzzy Hash: 0261F0B4D052199FCF04CFAAD5809AEFBF2FB88304F1099AAD515AB215E7389A01CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02A92CE8, Relevance: .1, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294187789.0000000002A90000.00000040.00000001.sdmp, Offset: 02A90000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a96dd24ad8c6af1899ae19c92cd3414b6a793917d28c8f5a8768b1706c2561d1
                                                                            • Instruction ID: 486452464fdf65ce51c61c09dfd55b7c76ff0c73e16cbac0c9039729b6bb2a37
                                                                            • Opcode Fuzzy Hash: a96dd24ad8c6af1899ae19c92cd3414b6a793917d28c8f5a8768b1706c2561d1
                                                                            • Instruction Fuzzy Hash: 8261E374D04319DFDF54CFAAC980AADBBF1BF89210F10916AC819AB265DB749A42CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4B528, Relevance: .1, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a834eb32e62bf3232923082b2150ba336e10c59bdfc58a4fa869a77059d7d8bd
                                                                            • Instruction ID: 6f1452afd46cb673d076476de7347a4e535ec76046a1cdb1b0422cca3addfec1
                                                                            • Opcode Fuzzy Hash: a834eb32e62bf3232923082b2150ba336e10c59bdfc58a4fa869a77059d7d8bd
                                                                            • Instruction Fuzzy Hash: D551F175D152099FCF04CFAAD5809AEFBF2FB88304F1099AAD515A7215E7389A01CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4AD90, Relevance: .1, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c3b373016f318c3338fe4c8ae5a72b79891ae9f1eefa6e8c8bad8849ee4806be
                                                                            • Instruction ID: ca8f568a1805349eac7d27f2df2f09559b3e8b3b9bbe4f5a62392e0d6741b94f
                                                                            • Opcode Fuzzy Hash: c3b373016f318c3338fe4c8ae5a72b79891ae9f1eefa6e8c8bad8849ee4806be
                                                                            • Instruction Fuzzy Hash: E05105B0D5520ADFCB04CFA8D5909AEFBB1FF48310F60959AD456BB204DB30AA41DFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4AD8A, Relevance: .1, Instructions: 134COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 750515ab805498c0926c4433b2b0760f7f798fc008d2c4bcfa8f47534a3a3dc0
                                                                            • Instruction ID: 66a87173db8ed3da0018a424ee68624e70db06b97f43416a10da510362d72b9e
                                                                            • Opcode Fuzzy Hash: 750515ab805498c0926c4433b2b0760f7f798fc008d2c4bcfa8f47534a3a3dc0
                                                                            • Instruction Fuzzy Hash: B2510570D5120ADFCB04CFA8D5909AEFBF1FF48310F20999AD456AB204DB30AA41DFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4B780, Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07a1562c0bab341f24c2d90c722652e7860218f62557fdf4ec7077c502e62c6f
                                                                            • Instruction ID: 44d1e788be65f7fe52565649f67bdef9cbb5d01dd1e6e91a3845aa256fc0d391
                                                                            • Opcode Fuzzy Hash: 07a1562c0bab341f24c2d90c722652e7860218f62557fdf4ec7077c502e62c6f
                                                                            • Instruction Fuzzy Hash: 26413974D0520ADBDB04CFA5C6819AEFFB2FF89344F2094AAC615BB214DB349A41DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4B77A, Relevance: .1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4a1d950df0febe54dd2bc2bdbcef96d96acce72357e856c6942622d4403bd292
                                                                            • Instruction ID: 5be272ec19ae5c23d6a65b001139fcec42f27b3021156866695463ef28b5549d
                                                                            • Opcode Fuzzy Hash: 4a1d950df0febe54dd2bc2bdbcef96d96acce72357e856c6942622d4403bd292
                                                                            • Instruction Fuzzy Hash: 33412674D0520ADBCB04CFA5C6818AEFFB2FF89344F2094AAC615BB214D7349A41DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4B311, Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 304b1d9f6ea7d64b01f9f661f855b54cc34257303150e46eb83197f3a19e9c3d
                                                                            • Instruction ID: 38baf538752f0254b0323871c7a80e9e7ae3b1f7964f7c1c6feddb8e5f9ee963
                                                                            • Opcode Fuzzy Hash: 304b1d9f6ea7d64b01f9f661f855b54cc34257303150e46eb83197f3a19e9c3d
                                                                            • Instruction Fuzzy Hash: 95410571D0520ADBCB08CFAAC5C15AEFBF1FF89348F10D4AAD511AA254EB349642DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B4B320, Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.294259217.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5fd36864b4e8bdbbfa9486db59b0cfd5f6c99f45289ceb4405d47c2afa708f7c
                                                                            • Instruction ID: efd6fef9f6ed00271f917428807683a09385f64e637ed40ef43906608d04984a
                                                                            • Opcode Fuzzy Hash: 5fd36864b4e8bdbbfa9486db59b0cfd5f6c99f45289ceb4405d47c2afa708f7c
                                                                            • Instruction Fuzzy Hash: BD41F371D0520ADBCB08CFAAC5815AEFBB1FF88748F10D4AAC515AA214EB389641DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: 2name.exe PID: 5828 Parent PID: 4804 2name.exeCOMMON

                                                                            Executed Functions

                                                                            Function 02410118, Relevance: 13.3, Strings: 7, Instructions: 4521COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TD1q$TD1q$`-/q$w/q$w/q$w/q$w/q
                                                                            • API String ID: 0-3896388975
                                                                            • Opcode ID: 4d82dd296c0ff0388ff15bf42ff5bae26cd92b106ba420af075637469fbb1581
                                                                            • Instruction ID: d2e18c13b77d1992caa96442d2525f36f437d63ce73dd19b4a4ac299fe68d91c
                                                                            • Opcode Fuzzy Hash: 4d82dd296c0ff0388ff15bf42ff5bae26cd92b106ba420af075637469fbb1581
                                                                            • Instruction Fuzzy Hash: 07A3D434A02219CFDB25DB24C994BE9B7B2FF89301F5541E8D509AB361CB32AE95CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416138, Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
                                                                            • API String ID: 0-2582972406
                                                                            • Opcode ID: d8deb7227224880d7d785a0a64e55d6870b79f6715b338eb3c0551950cbdef39
                                                                            • Instruction ID: dcc92f82b28f522994e4e0db3c7f10f668c77a8d35b9a1aa8a856664d97a2a28
                                                                            • Opcode Fuzzy Hash: d8deb7227224880d7d785a0a64e55d6870b79f6715b338eb3c0551950cbdef39
                                                                            • Instruction Fuzzy Hash: 4E91D474E002588FDB14DFA9C944A9EBBF2FF89300F25C06AE509AB355DB71A941CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416148, Relevance: 6.4, Strings: 5, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 8}ir$EntryPoint$Invoke$Load$X1kr
                                                                            • API String ID: 0-2582972406
                                                                            • Opcode ID: b00aa93acbc92ec1be5c4474b12ebf3de52e9ac1c76f02462583ae2c6eb9fa41
                                                                            • Instruction ID: 5bd1469b1e3305939aa713e1a8bb8f5c5eddfc44b5ade9a33fd148f80aa19b29
                                                                            • Opcode Fuzzy Hash: b00aa93acbc92ec1be5c4474b12ebf3de52e9ac1c76f02462583ae2c6eb9fa41
                                                                            • Instruction Fuzzy Hash: F591A274E002188FDB58DFA9C944A9EBBF2FF89300F25C06AE509AB355DB71A945CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02411E9D, Relevance: 2.9, Instructions: 2892COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7de20e8de2b49ddf7718e774887b447570fda184db9a609fde6384dceb3d1a0
                                                                            • Instruction ID: 5ffef2c4e3f011c1f2b8bf17d0122cfbccb574b77c17b69bdbf08ce918f9afbb
                                                                            • Opcode Fuzzy Hash: e7de20e8de2b49ddf7718e774887b447570fda184db9a609fde6384dceb3d1a0
                                                                            • Instruction Fuzzy Hash: 6E63B434A02219CFDB65DB24C994FA9B7B2FF89301F5540E8D509AB361CB32AE95CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024167D0, Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: X1kr$X1kr
                                                                            • API String ID: 0-2397868964
                                                                            • Opcode ID: a9a892fcec7b75e207b8125a790b727b7ad215b6b51a74b088b320ea0e7ef7fa
                                                                            • Instruction ID: e9464fe2486fdb21094a3fe7e850fdcc45c6f624f23a2547f33bf923bed19f55
                                                                            • Opcode Fuzzy Hash: a9a892fcec7b75e207b8125a790b727b7ad215b6b51a74b088b320ea0e7ef7fa
                                                                            • Instruction Fuzzy Hash: 6251E4B4E012199FDB08DFAAC580AAEFBF2FF88304F25D166D414A7255D734AA41CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416C10, Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: f]Ir$f]Ir
                                                                            • API String ID: 0-1106439763
                                                                            • Opcode ID: d7704c1524025890a5bc6e0c5093fc5c6054edbcafde37a676d8e3b8bf052b0a
                                                                            • Instruction ID: 54f1451db71a3fbaea9edd5b49b50427d539a371c2696fa14bec906c6ca93e42
                                                                            • Opcode Fuzzy Hash: d7704c1524025890a5bc6e0c5093fc5c6054edbcafde37a676d8e3b8bf052b0a
                                                                            • Instruction Fuzzy Hash: 2A31B471E016188BEB18CF6BD84079EFBF3BFC9210F15C5AAD808AB254E77059428F52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416C08, Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: f]Ir$f]Ir
                                                                            • API String ID: 0-1106439763
                                                                            • Opcode ID: b07107d72ac70c91b303f75fae312d4e68dc7b4214e9ac43bcc17417af29596e
                                                                            • Instruction ID: a4b6b409348ffa555371ea2a588e05c30a86bf3e8836971fa1b5094fe80a40d0
                                                                            • Opcode Fuzzy Hash: b07107d72ac70c91b303f75fae312d4e68dc7b4214e9ac43bcc17417af29596e
                                                                            • Instruction Fuzzy Hash: DC31C971E016588BEB18CF6BD84079EBAF3BFC9310F15C5AAD808AB254E7705941CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD26E7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04BD2767
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: 5536b5713fc8117001429e3a9aab5b639052f9a6c31d37f89701c2b86bcf6602
                                                                            • Instruction ID: 89d433e596b7c022d251ba2b5c767862f899874e4ed5052370403397884c3711
                                                                            • Opcode Fuzzy Hash: 5536b5713fc8117001429e3a9aab5b639052f9a6c31d37f89701c2b86bcf6602
                                                                            • Instruction Fuzzy Hash: F821A1755097C4AFEB228F25DC40B52BFF4EF46310F0885DAE9858F163D271A918DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD27B4, Relevance: 1.6, APIs: 1, Instructions: 62nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04BD2829
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID:
                                                                            • API String ID: 3562636166-0
                                                                            • Opcode ID: f8729342fddeba47f8430478893543bba63ec6273df00ce775df829263de8e39
                                                                            • Instruction ID: e7dfd9f2a5d6ec3a0da0035d4bf75f18d122d7121c1da9ff61b937bd8239e05b
                                                                            • Opcode Fuzzy Hash: f8729342fddeba47f8430478893543bba63ec6273df00ce775df829263de8e39
                                                                            • Instruction Fuzzy Hash: 71218E724097C49FEB128B21DC45A52BFB0EF07324F0984DAE9844F163D265A909DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD271E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04BD2767
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: ed8f541d8945caa843533219b7e02772fc636e6f62b77dd80a55cb6d3629e1b9
                                                                            • Instruction ID: ec387619aba5eb779e4a4873b95f79e2463d5cf260857763991172e85379b2b0
                                                                            • Opcode Fuzzy Hash: ed8f541d8945caa843533219b7e02772fc636e6f62b77dd80a55cb6d3629e1b9
                                                                            • Instruction Fuzzy Hash: 7311A0315006409FEB24CF55D884B56FFE4EF44320F08C4EADE498B622E371E818DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD27EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04BD2829
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID:
                                                                            • API String ID: 3562636166-0
                                                                            • Opcode ID: bba7d9127e8e01b2cd5517f51d51aef93a5aed3df9179b352007830e82456dff
                                                                            • Instruction ID: c03a50705506620f1183ac57446d8ad8a1aa5ccf9a9145591ac1c24a80a69882
                                                                            • Opcode Fuzzy Hash: bba7d9127e8e01b2cd5517f51d51aef93a5aed3df9179b352007830e82456dff
                                                                            • Instruction Fuzzy Hash: 4C01A731500644DFDB208F55D844B11FFA0EF04320F08C0EADE454B215E3B6A419DF72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900070, Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ~VLV
                                                                            • API String ID: 0-475115129
                                                                            • Opcode ID: c21c42ff5f61955f4c0722f55a326682dc22c8f76bc5d5cd526dec179a686648
                                                                            • Instruction ID: 87c9747c04f32693405ed54b960c21de10709a85cd51d64e76c65e887b739242
                                                                            • Opcode Fuzzy Hash: c21c42ff5f61955f4c0722f55a326682dc22c8f76bc5d5cd526dec179a686648
                                                                            • Instruction Fuzzy Hash: 16813574E05229CFDBA4CF65C986799BBB6FB89300F50C4EAC04DA7254EB315A85DF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02414ED8, Relevance: .8, Instructions: 816COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ef595ccf718ba7eabbd114646aeda081dadcc1a4bb9584f251e861ff8dd865a9
                                                                            • Instruction ID: e785df87ea0dbf71132e708ac78663b3013684ce97fd30bb5039fa1c81d9fff5
                                                                            • Opcode Fuzzy Hash: ef595ccf718ba7eabbd114646aeda081dadcc1a4bb9584f251e861ff8dd865a9
                                                                            • Instruction Fuzzy Hash: 4682BB71D05228CFEB24CF96C9483EDFAF5BF89309F5480AAC409A6295D7B50AC9CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02414EC8, Relevance: .5, Instructions: 489COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f68dcd53331571468a72486b1b7074149c9e35b2295937fdd706843651edb475
                                                                            • Instruction ID: 79d803730c7d738a97db0d4657673b2813e5d39434889fa675c3b453eac8a0e5
                                                                            • Opcode Fuzzy Hash: f68dcd53331571468a72486b1b7074149c9e35b2295937fdd706843651edb475
                                                                            • Instruction Fuzzy Hash: C832DC71D05268CFEB69CF96C8583EDFAF5BB84349F5481EAC00966291D7B90AC9CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024194B0, Relevance: .4, Instructions: 382COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 73f172d5f064db8b4dac8c1e95ffaed097edf77a125e8a6636578b9b27e446ea
                                                                            • Instruction ID: 4490d573a53ca8d767760b9f027d5c1bcdaf30e1e0a0fa685d19fcc56e38530a
                                                                            • Opcode Fuzzy Hash: 73f172d5f064db8b4dac8c1e95ffaed097edf77a125e8a6636578b9b27e446ea
                                                                            • Instruction Fuzzy Hash: 02F1E571909246DFD709CFA0C5915EEFBB1FF4A320B24959AC446AB216C735DA83CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024195A0, Relevance: .3, Instructions: 279COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ed0d52831e2ff1bfbd4da54dbff906a9a094369776c45e6d56b28e1efd0d0d59
                                                                            • Instruction ID: d7ddcc90f557b610b26eb5507ad42bc5e66480ab32e3d0cc297935514a604fcd
                                                                            • Opcode Fuzzy Hash: ed0d52831e2ff1bfbd4da54dbff906a9a094369776c45e6d56b28e1efd0d0d59
                                                                            • Instruction Fuzzy Hash: 1BC14C75D0620ADFCB04CFA5C6908AEFBB1FF49350B24A55AC416BB214D731EA81CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241D630, Relevance: .2, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0c2c08d969a2d0c356567b76e4caf67661fcb73ef4fdc742f895272ad625bd30
                                                                            • Instruction ID: fd8b7464279733273f970a0442f23e02161ae19839efb4cc90e5030bf9c14b3a
                                                                            • Opcode Fuzzy Hash: 0c2c08d969a2d0c356567b76e4caf67661fcb73ef4fdc742f895272ad625bd30
                                                                            • Instruction Fuzzy Hash: EFA133B4D0524ADFCB04CFEAC5806AEFBF2FF89214F24951AD414AB259D7349A42CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241D640, Relevance: .2, Instructions: 229COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 332b4b6e364cb8a40d515dca7c84b955a6314be8f7dc2742b2af64a1a327969f
                                                                            • Instruction ID: a8c18f3cd05f61b6894a3763ee3f44851dd7a82782f3faafa1b819fce07abd38
                                                                            • Opcode Fuzzy Hash: 332b4b6e364cb8a40d515dca7c84b955a6314be8f7dc2742b2af64a1a327969f
                                                                            • Instruction Fuzzy Hash: A8A123B4D0520ADFCB04CFEAD5806AEFBF2FF89214F54951AD015AB258D7349A42CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02417650, Relevance: .2, Instructions: 227COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 192510dbd92698c368624fff3db11102503732d9fe4dca45f670c52da7235b41
                                                                            • Instruction ID: 579922c88e6d55481eb194f87679d78ba60fa583130c712991f8edaa6718b27b
                                                                            • Opcode Fuzzy Hash: 192510dbd92698c368624fff3db11102503732d9fe4dca45f670c52da7235b41
                                                                            • Instruction Fuzzy Hash: E4A16974D042889FDB09CFA9C9916EDFFB2FF8A310F1480AAD445A7226DB395946CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024176E8, Relevance: .2, Instructions: 155COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 81d55af2cf2510b1d76589d5aea749a898eac3fcd895f44c1c28d83eebea8662
                                                                            • Instruction ID: 21f243bba589f24463a022ef79ed010fadc3a3407c5facada6f7349dc3e111d5
                                                                            • Opcode Fuzzy Hash: 81d55af2cf2510b1d76589d5aea749a898eac3fcd895f44c1c28d83eebea8662
                                                                            • Instruction Fuzzy Hash: 9361B074E00619DFDB08CFA9C944AADFBB2FF89300F20816AD515AB254DB346A46CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241DAA8, Relevance: .2, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 62bd4aa40e83d9a2442bf8e36d33730825db07da6a9e58ff8ef8ea2170a0a8e5
                                                                            • Instruction ID: a4d6fdda239bf811a3fcbd45fa17ffee4c9eb8596ec6cc5aeab61d97bbdebee0
                                                                            • Opcode Fuzzy Hash: 62bd4aa40e83d9a2442bf8e36d33730825db07da6a9e58ff8ef8ea2170a0a8e5
                                                                            • Instruction Fuzzy Hash: 03518FB0D0521ADFDB04CFAAC5406AEFBF2FF8A210F149656C415BB2A9D3349A41CF65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04901E30, Relevance: .1, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2414b6348ac59e051597249ebf674d72c175e24c3c0de43ee63967ab24efbe0b
                                                                            • Instruction ID: 50a2c934c86a5446860a96f7e6cfbca4ac13d01f997f23cbb46918155a3841eb
                                                                            • Opcode Fuzzy Hash: 2414b6348ac59e051597249ebf674d72c175e24c3c0de43ee63967ab24efbe0b
                                                                            • Instruction Fuzzy Hash: 3961E374E05219CFDB14CFA5D9896AEFBB2FF49300F1085AAD409AB350E7346A81CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04901E21, Relevance: .1, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 62642fb0384f3252927d7d1862ab378d9fd64d61d0e5c0ab296f3c20a9ed3bd5
                                                                            • Instruction ID: 1c7db70a9d75b76774958f7ecaa82d2d820ebd5ac46272e82420016d3725ceb7
                                                                            • Opcode Fuzzy Hash: 62642fb0384f3252927d7d1862ab378d9fd64d61d0e5c0ab296f3c20a9ed3bd5
                                                                            • Instruction Fuzzy Hash: 49610374E05319CFDB14CFA5D98979EBBB2BF49300F2085AAD409AB250E7386A81CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241DAB8, Relevance: .1, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ee5f190ee7144edf6a9bd34861a709856c654d6fbbb3a745e4736105bf1cadc3
                                                                            • Instruction ID: da94cd5684c09527996777d4c18464a43b86eb8f9e4c8a7d23cc25ce6c20f78d
                                                                            • Opcode Fuzzy Hash: ee5f190ee7144edf6a9bd34861a709856c654d6fbbb3a745e4736105bf1cadc3
                                                                            • Instruction Fuzzy Hash: 6E5159B0D0521ADFDB04CFA6C5806AEFBF2FF89210F14965AC015BB258D7349A41CF65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C81E, Relevance: .1, Instructions: 144COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 76422789017fee744d21c3b59b87b1dfa2192321a78a2fd293459ce28fec181a
                                                                            • Instruction ID: 03d17a48dc3649d9b889cb7496134011008eb4ea0bc0ff2b6ca37c79d9e786cf
                                                                            • Opcode Fuzzy Hash: 76422789017fee744d21c3b59b87b1dfa2192321a78a2fd293459ce28fec181a
                                                                            • Instruction Fuzzy Hash: BA519B74D45289CFCB08CFA5D98569EBFB2FF89304B24C0ABC445EB256E7348A06CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02417DD1, Relevance: .1, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5aedb57e032bf5870d7db9966c8b4b840d246d954397710d38ce780f5b51f9dd
                                                                            • Instruction ID: bb3e52cdb30cdafc0023c0f063d9d8f005bd71231506c8b765b6b7f30ecad0db
                                                                            • Opcode Fuzzy Hash: 5aedb57e032bf5870d7db9966c8b4b840d246d954397710d38ce780f5b51f9dd
                                                                            • Instruction Fuzzy Hash: CA5159B5E04649CFDB08CFA5C8405AEFBF2FF89304F14D1AAD419AB261D7349A41CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02417DE0, Relevance: .1, Instructions: 119COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9bc72acef3244bd46e9d06e82eb3b54a713d7a3422f0c4ae57bf47d8181efb5c
                                                                            • Instruction ID: 186c57932b7a1652fae5975035a95319f47c9efb4d230a7a9867805868582d0f
                                                                            • Opcode Fuzzy Hash: 9bc72acef3244bd46e9d06e82eb3b54a713d7a3422f0c4ae57bf47d8181efb5c
                                                                            • Instruction Fuzzy Hash: 584105B5D04219CFDB08CFA6C9446AEFBF2FB89304F14D16AD419BB250D7349A81CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02418710, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4ac1938ec21ac9327a5a0928fde97a00714152dcc76692b187d240f0ad321ef8
                                                                            • Instruction ID: 79abeefc4972041fa6b84070e61f0c722cd785d0e7f95bea329de4b2c0fb6064
                                                                            • Opcode Fuzzy Hash: 4ac1938ec21ac9327a5a0928fde97a00714152dcc76692b187d240f0ad321ef8
                                                                            • Instruction Fuzzy Hash: A721C9B1E006588BEB18CF97D8547DEFBF2AFC9310F14C06AD509AA254DB751945CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02418700, Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2dd246fa487537365e8326c799f0600877b4e24e50fd7aecb37967e0e98f8780
                                                                            • Instruction ID: 30b3f88a8276b469ecf9807bb101e89f94eed0ad9a83cca7d3c8aac1922c79c1
                                                                            • Opcode Fuzzy Hash: 2dd246fa487537365e8326c799f0600877b4e24e50fd7aecb37967e0e98f8780
                                                                            • Instruction Fuzzy Hash: DA21D8B1E006588BEB18CFA6C95479EFBF3AFC9304F14C06AD805AB254DB791945CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02410128, Relevance: 10.4, Strings: 7, Instructions: 1623COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TD1q$TD1q$`-/q$w/q$w/q$w/q$w/q
                                                                            • API String ID: 0-3896388975
                                                                            • Opcode ID: e64dd9f02e65d2388bc48cdf2874079df099cd60e5ab08ea5f932b5944fb2ef4
                                                                            • Instruction ID: fec83b1f866efa580e913e455342f39f26185dae4ee2ca33a2a26f6391ed6475
                                                                            • Opcode Fuzzy Hash: e64dd9f02e65d2388bc48cdf2874079df099cd60e5ab08ea5f932b5944fb2ef4
                                                                            • Instruction Fuzzy Hash: 1903A834A02219CFCB64DB24C994AEDB7B2FF89305F5541E8D5096B364CB32AE95CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024167C0, Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: X1kr$X1kr
                                                                            • API String ID: 0-2397868964
                                                                            • Opcode ID: 9e0b681384ddbfff33f003ccb5b8c538fcb707f8967b1c655ddaaab13114718f
                                                                            • Instruction ID: a2934e38ff7e47e647cb19ef92656ef87b5514e638642273f76059c847b4bb9c
                                                                            • Opcode Fuzzy Hash: 9e0b681384ddbfff33f003ccb5b8c538fcb707f8967b1c655ddaaab13114718f
                                                                            • Instruction Fuzzy Hash: 6741E774E05248DFDB08DFAAD5806AEFBF2BF89300F25C06AD814AB255D7349A41DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD20A2, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameA.ADVAPI32(?,00000E2C), ref: 04BD2169
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID:
                                                                            • API String ID: 2645101109-0
                                                                            • Opcode ID: 13d4c6c795d206d0ec77171e69a0c2046f07c635fb61ebf8212c79661f1fa271
                                                                            • Instruction ID: 7123a1493d1fae4c9d93a491be51db5aee9967947cdb6175b4cb6f25f04ac82b
                                                                            • Opcode Fuzzy Hash: 13d4c6c795d206d0ec77171e69a0c2046f07c635fb61ebf8212c79661f1fa271
                                                                            • Instruction Fuzzy Hash: 24317E7210A3C46FE7138B748C54BA6BFB89F07210F0985DBE984DF1A3D2649849C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD1556, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 04BD15FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: fe6e9eeeb3b2c760c020e2e38ebc0b5f5fcb42ad35ab869cf6c60539078b2e0a
                                                                            • Instruction ID: 49c219674a639ee23ad6367dcfe3a732ec4883d27e53cf1682b0285182b6b31b
                                                                            • Opcode Fuzzy Hash: fe6e9eeeb3b2c760c020e2e38ebc0b5f5fcb42ad35ab869cf6c60539078b2e0a
                                                                            • Instruction Fuzzy Hash: B7318FB1509780AFE712CF25DC84F56FFE8EF06310F0884DAE9849B292D365E909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD1654, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 04BD170A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: f8401d77e3a65cd0469e186f271f25886af5d84886c1914f44f0ff3c1cb691e6
                                                                            • Instruction ID: a422551032db30db637a5391476011085a76a113b98447afc682a734a8aff817
                                                                            • Opcode Fuzzy Hash: f8401d77e3a65cd0469e186f271f25886af5d84886c1914f44f0ff3c1cb691e6
                                                                            • Instruction Fuzzy Hash: C731D7754097C06FD3038B259C51B62BFB8EF47720F0A81DBE9848B5A3E264691AC7B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD21C7, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowA.USER32(?,00000E2C), ref: 04BD226A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FindWindow
                                                                            • String ID:
                                                                            • API String ID: 134000473-0
                                                                            • Opcode ID: ba608eca51b1b115f374f66384f0f64c503a4011cc12644decb46662f19f3741
                                                                            • Instruction ID: 8ae64f3f639663ad2efa19201b5273d140160d56cb5e6eac31d50ef6897f313f
                                                                            • Opcode Fuzzy Hash: ba608eca51b1b115f374f66384f0f64c503a4011cc12644decb46662f19f3741
                                                                            • Instruction Fuzzy Hash: B721A871409380AFEB128F64DC41F96BFA8EF46320F1884DBEA449F192D3786949C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2564, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04BD25E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 70191a36d1ef854179e15282c04b37ec0af0cfeb782dc855d25d949a84c00d9f
                                                                            • Instruction ID: 28e3da5986757a33b66cef8a1433a108277bf2a43567ed4e2b60b7282bd4e8d0
                                                                            • Opcode Fuzzy Hash: 70191a36d1ef854179e15282c04b37ec0af0cfeb782dc855d25d949a84c00d9f
                                                                            • Instruction Fuzzy Hash: 2B2192725093C05FD7168F25DC45B92BFA4EF06220F0984EAED84CB153E264E948C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD158A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 04BD15FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: e4114876484bbb7b9d86220469139dd4f856cccfc2d8f70ab0267dc973b0741c
                                                                            • Instruction ID: 2d8f3028551099400d040dd1ac51cd4ec490fb474e6b0bd07683a556b22b09de
                                                                            • Opcode Fuzzy Hash: e4114876484bbb7b9d86220469139dd4f856cccfc2d8f70ab0267dc973b0741c
                                                                            • Instruction Fuzzy Hash: 09218E71604240AFE720DF29DC85F66FBE8EF04720F1884AAEE499B241E775E804CB75
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2102, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameA.ADVAPI32(?,00000E2C), ref: 04BD2169
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID:
                                                                            • API String ID: 2645101109-0
                                                                            • Opcode ID: 314404bbe2bebf4c92c1f1c875b9982cf977c62e6c36d16614126080abd0a099
                                                                            • Instruction ID: 7d3e51dddfdf934c7da9ae4d308aa79fc4794c4fcff078c3f19e84e12731a930
                                                                            • Opcode Fuzzy Hash: 314404bbe2bebf4c92c1f1c875b9982cf977c62e6c36d16614126080abd0a099
                                                                            • Instruction Fuzzy Hash: 0F11A272500244AFE714DF64DC85FABFB9CEF05720F1485AAEE05DB241E6B4A5058B71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD01D5, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 04BD0257
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 7733c15edf22fd8d2b4737d941eae452aa52341ac8a72d95cd0f544d63a3f9ad
                                                                            • Instruction ID: fd5c7a537e3a6e368fca8d8ad951b64c9996823d8b37057b9b6189bd57c14ccb
                                                                            • Opcode Fuzzy Hash: 7733c15edf22fd8d2b4737d941eae452aa52341ac8a72d95cd0f544d63a3f9ad
                                                                            • Instruction Fuzzy Hash: 5C219071509384AFDB22CF65DC44B52BFF4EF06214F0984DAE9848B163D275E908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD24A8, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04BD2528
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 3ff01ec31f6d64432dda96f25eb4bf2fb2ec2055a85955078852bf12acac300e
                                                                            • Instruction ID: 0e4576d8d7e614d0b79bb47f1ba986e9d6d7ba4617ab980f370fcbe9a615a04a
                                                                            • Opcode Fuzzy Hash: 3ff01ec31f6d64432dda96f25eb4bf2fb2ec2055a85955078852bf12acac300e
                                                                            • Instruction Fuzzy Hash: 6021CC761093C09FDB128F25DC94A96FFF4EF07320F0980DEE9858B163D265A849DB22
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD1733, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 04BD17BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 6fa898b7ae746cb21e8572ea8bda501e5210e0191f0074fd033a6f0ac17db83d
                                                                            • Instruction ID: 2a4d45da01e77b5cdce1dfce6e5286bfb8c9a2fb15f602f6a92918c6eee95cb5
                                                                            • Opcode Fuzzy Hash: 6fa898b7ae746cb21e8572ea8bda501e5210e0191f0074fd033a6f0ac17db83d
                                                                            • Instruction Fuzzy Hash: 5421E771505380AFE721CB14DC85F66FFA8EF46720F1480DAFE445B192D3A4A948C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2901, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04BD2975
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 6b063e5dab8ec5533f42143775545f9753a04edc17a7e535b3c3a125aa189b51
                                                                            • Instruction ID: 21eab21c8668fb2ec0e3d89a5edd9c00e49864b448bda0e04e218bcc654d27c6
                                                                            • Opcode Fuzzy Hash: 6b063e5dab8ec5533f42143775545f9753a04edc17a7e535b3c3a125aa189b51
                                                                            • Instruction Fuzzy Hash: 72218C714093C0AFDB138F25DC44A52FFB4EF17220F0985DAEE848F163D265A819DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD21FE, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowA.USER32(?,00000E2C), ref: 04BD226A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FindWindow
                                                                            • String ID:
                                                                            • API String ID: 134000473-0
                                                                            • Opcode ID: 2056ef0917b5acc1d7c1363e91071df79d22200c858d75b6d9fcf60f274e11c0
                                                                            • Instruction ID: 38fec543447ad678ac553423e60a8be997736ae8b68a4d924dd16a75494d6dd2
                                                                            • Opcode Fuzzy Hash: 2056ef0917b5acc1d7c1363e91071df79d22200c858d75b6d9fcf60f274e11c0
                                                                            • Instruction Fuzzy Hash: 3B11E371500240AFFB25DF14DC81FA6FB98EF45720F1488EAFE449B281E2B4A505CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2407, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04BD246C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: cd7dc347ac5aae5d2681c68240d979f6785c8f00ad2dbe7a338d47b4ac47141e
                                                                            • Instruction ID: d374335e772cc2ec76bcc6e651069abc5298a1d44922f7f2c5b5905329ef0c01
                                                                            • Opcode Fuzzy Hash: cd7dc347ac5aae5d2681c68240d979f6785c8f00ad2dbe7a338d47b4ac47141e
                                                                            • Instruction Fuzzy Hash: 7911E276409780AFDB228F25DC40A52FFB4EF06320F0880DEEE858B163D275A458DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2BEF, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04BD2C59
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 61c77b7550d6a5ecc051e88c3654e40aa52faed1389707161fa190472c3b8644
                                                                            • Instruction ID: 07bfc246692845775825f60e41c352e0a7bc6478fc94973849a3526df007d46a
                                                                            • Opcode Fuzzy Hash: 61c77b7550d6a5ecc051e88c3654e40aa52faed1389707161fa190472c3b8644
                                                                            • Instruction Fuzzy Hash: E311BE75509380AFDB268F15DC45B52FFB4EF06224F08C0DEEE854B163D265A818DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD1756, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 04BD17BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 070ab618bb91c7311117fcc8b92857fe9d509950cba62bfededf4f26dc7f4c9b
                                                                            • Instruction ID: fdc01a81617ae4190908afc720d5bf53e2b19a3c83c87ea56d4be0d7d6efd17e
                                                                            • Opcode Fuzzy Hash: 070ab618bb91c7311117fcc8b92857fe9d509950cba62bfededf4f26dc7f4c9b
                                                                            • Instruction Fuzzy Hash: 9011E1B5600200AFF720DB19DC81FA6FB98DF05720F1484EAEE445A291E6B4B549CA72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2360, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 04BD23BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 9cde85d4e8a8a915e86037baca393bfba5ce52674dc216fbb81967b4ec9f1efc
                                                                            • Instruction ID: b33e62ea3e533c7b250b8c897d7af68bf6664ea2d07b8adafb63d4f5db3962de
                                                                            • Opcode Fuzzy Hash: 9cde85d4e8a8a915e86037baca393bfba5ce52674dc216fbb81967b4ec9f1efc
                                                                            • Instruction Fuzzy Hash: 8A119E755093849FE715CF25DC85F56FFE8EF06220F0980EAED458B262D274E948CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD259E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04BD25E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 36553bae437b738caf21c968d28d004495dfb0f440fb797334162b1de84c974f
                                                                            • Instruction ID: f2c1301d9394c039722746bb06e0d9099a19a57f77b498a906e7de564760e863
                                                                            • Opcode Fuzzy Hash: 36553bae437b738caf21c968d28d004495dfb0f440fb797334162b1de84c974f
                                                                            • Instruction Fuzzy Hash: DE117C71A002409FEB14CF29DC85B56FBD8EF04220F0884EADD09CB252E6B0E404CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD0206, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 04BD0257
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 80e79b9cbafb89a2d750f26c285d6a8c34535d369cb12a111c573a8ef9c311c9
                                                                            • Instruction ID: c51529e4f7d17a1872f6fbdc615a1b1ee70823f8bb648d17fa62f251687bdc88
                                                                            • Opcode Fuzzy Hash: 80e79b9cbafb89a2d750f26c285d6a8c34535d369cb12a111c573a8ef9c311c9
                                                                            • Instruction Fuzzy Hash: 17115E755016049FDB20DF65D884B66FFE8EF44314F0884EADD498B212E3B1E504DF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD24E2, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04BD2528
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: c4e296be49ccb4f80906746337a871520000bfb832212872595ce993d62362ec
                                                                            • Instruction ID: 29ef2e7cd0d078e44e448cb3853c0b5faa299ada71d6467e78ce02044bd16e86
                                                                            • Opcode Fuzzy Hash: c4e296be49ccb4f80906746337a871520000bfb832212872595ce993d62362ec
                                                                            • Instruction Fuzzy Hash: FD016D75600640DFDB258F19D884F66FFE4EF04324F08C0EADE498B662E271E458DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2382, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 04BD23BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: cfd1ed92c16127f9b0889993435369d9409bca3d74af9edb5098a4f8f7923fbf
                                                                            • Instruction ID: a42b3f236907bcb95f62cadc2eda09918693dd22db7e9ec943f3a547b16b4a1c
                                                                            • Opcode Fuzzy Hash: cfd1ed92c16127f9b0889993435369d9409bca3d74af9edb5098a4f8f7923fbf
                                                                            • Instruction Fuzzy Hash: 9C017135604644DFEB14CF19D885B66FFD4EF04320F08C0EADD498B252E6B5E448DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD16BA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 04BD170A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: a76132729f892fc8d8e27eee0495b51143a51e5666e9cd087d0f66c165ebb3b6
                                                                            • Instruction ID: 9d7c01c8ac8d2588cdb180a167a1ec26daf808c0b10e799e1384b1bb4fc53a9d
                                                                            • Opcode Fuzzy Hash: a76132729f892fc8d8e27eee0495b51143a51e5666e9cd087d0f66c165ebb3b6
                                                                            • Instruction Fuzzy Hash: F8016276500604ABD210DF16DC86F26FBA8FB89B20F14815AED085B741E371F516CBE6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD242E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04BD246C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: ac85ddef824d0f0b0c63816abb1471af21747f57746bf501a701c5a2aaf4b31b
                                                                            • Instruction ID: 3215e178a124d806d8426a0386500f1a89354ad1ef06ae2b83c43dc08dc17923
                                                                            • Opcode Fuzzy Hash: ac85ddef824d0f0b0c63816abb1471af21747f57746bf501a701c5a2aaf4b31b
                                                                            • Instruction Fuzzy Hash: 1001B131500640DFDB248F19D884B66FFA0EF04321F08C4EEDE494B662E2B5E418DF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD2C1E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04BD2C59
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 643b40ef819a03fa75d5e385d51f70d5118b2c1e758d0682fdd6deaac5d0627e
                                                                            • Instruction ID: 5e8c4489879240febd56b5ad51fcb346b13d2911b3ab2e5a0e523db2d87142a3
                                                                            • Opcode Fuzzy Hash: 643b40ef819a03fa75d5e385d51f70d5118b2c1e758d0682fdd6deaac5d0627e
                                                                            • Instruction Fuzzy Hash: 8B018435600640DFDB248F15D884B66FFA4EF04320F18C4EEDE454B666E2B5E858DF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BD293A, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04BD2975
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297825630.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 2509b7bde7d5258aedf9e95d6cf902b33986f7dd29f089dcf4e62142a83836e3
                                                                            • Instruction ID: c2cd9cc08343088f17421690db369b9fe0627b8fdbaf1fa6f2d2a05cfadff504
                                                                            • Opcode Fuzzy Hash: 2509b7bde7d5258aedf9e95d6cf902b33986f7dd29f089dcf4e62142a83836e3
                                                                            • Instruction Fuzzy Hash: 73018F31900640DFDB248F15D884B26FFA0EF18320F08C4EADE490B22AE2B5A418DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04901F21, Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #I
                                                                            • API String ID: 0-3691068050
                                                                            • Opcode ID: b25db90375743d2a302fa21c506c2b32cc33069e88ea4a9a026e61f93a700606
                                                                            • Instruction ID: f6ff8d90b2211ebbf7909614ff2bd118982e68d49db851a3175b54e4ce9da2dc
                                                                            • Opcode Fuzzy Hash: b25db90375743d2a302fa21c506c2b32cc33069e88ea4a9a026e61f93a700606
                                                                            • Instruction Fuzzy Hash: A251E374E05219CFCF14CFA5C9896EEBBB2FB4A310F1095AAD509B7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900438, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: en
                                                                            • API String ID: 0-3356363776
                                                                            • Opcode ID: ef0243937a2326a257da9c12026260e4ecb13de2e6ef1cfcadc5dd19844f424a
                                                                            • Instruction ID: 793599263d04192bb513b0674ea4d600fdb9ad4396c2c60f834e7dd80dd1a08f
                                                                            • Opcode Fuzzy Hash: ef0243937a2326a257da9c12026260e4ecb13de2e6ef1cfcadc5dd19844f424a
                                                                            • Instruction Fuzzy Hash: A601C078A412298FDBA4DF65D854BDEB6B2BB4A300F1080EAC459A7380DB319E81CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024164C0, Relevance: .2, Instructions: 208COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b40cd49f87c1c7683ab227aaf13c89dffc7693f64169fc404a166c5def486023
                                                                            • Instruction ID: 914e1c07aa939db5ede782cdab6fdf1338f97dc3e340670c391c61b597f1e38c
                                                                            • Opcode Fuzzy Hash: b40cd49f87c1c7683ab227aaf13c89dffc7693f64169fc404a166c5def486023
                                                                            • Instruction Fuzzy Hash: 8B911470D00229DFDF24CFA5C984BDDBBB6BF85304F5180A9D508AB261DB71AA86CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416990, Relevance: .2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 324a7f1a50574cf400fa0bd4eece17307f40a70d360b133a755260038a65080c
                                                                            • Instruction ID: 14c05b134695caa6642482c1390d5c22a78a376c1248a7d45804cd0e11c682cf
                                                                            • Opcode Fuzzy Hash: 324a7f1a50574cf400fa0bd4eece17307f40a70d360b133a755260038a65080c
                                                                            • Instruction Fuzzy Hash: 12516E70E00259DBDB14DFA9D850BAEBBB6BFC9300F25806AE505BB394DB309C01CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490219C, Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7498f342959dc37ef80754ad240314ea1b6ddb3c479f5774bd9580e2828d1f07
                                                                            • Instruction ID: 59a4ccadb5f872e3cf838e80223f14e80e8ebeca0c1eb46bcbeeba88034967c0
                                                                            • Opcode Fuzzy Hash: 7498f342959dc37ef80754ad240314ea1b6ddb3c479f5774bd9580e2828d1f07
                                                                            • Instruction Fuzzy Hash: 66511974E05219CFCF54CFA5C988AAEBBB2FF09300F1095AAD509B7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902140, Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 666d92c1390d85a5b168c749347464742e1c22f51fcec01b6ca8f401f8435a8e
                                                                            • Instruction ID: 0e0ad55498b6de8c260582e5a4262cafe1597ce1004684c924e9826d4df6d550
                                                                            • Opcode Fuzzy Hash: 666d92c1390d85a5b168c749347464742e1c22f51fcec01b6ca8f401f8435a8e
                                                                            • Instruction Fuzzy Hash: 5E512874E05219CFCF14CFA5D9896AEBBB2FF4A300F1095AAD50AA7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490223E, Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c71d15f7c1b17c249750eecaaba473211b941d1ff2c9a87083372c8f66cf2951
                                                                            • Instruction ID: 23181189546bb6d5480f84e8a5c5bc28639dda66a7f1de453113f0d09e0cf7c3
                                                                            • Opcode Fuzzy Hash: c71d15f7c1b17c249750eecaaba473211b941d1ff2c9a87083372c8f66cf2951
                                                                            • Instruction Fuzzy Hash: 77513974E0421ACFCF14CFA4C884AAEFBB2FF49300F1096AAD455A7250E7346981CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C2CA, Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 38769aa35a93cb185ef36cd78ef584f561931de87e1dc77efec22e093800221f
                                                                            • Instruction ID: 6a9232cfae1f2c79430d0e715339024ac86462728029a092e5499dc45317d26c
                                                                            • Opcode Fuzzy Hash: 38769aa35a93cb185ef36cd78ef584f561931de87e1dc77efec22e093800221f
                                                                            • Instruction Fuzzy Hash: 3C5190349493898FD709DBA8D89528DBFB5FF4A324B2440AEC8C6AB356D6784903CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049021E4, Relevance: .1, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 41b535c705f70346577f4dc02888caa3ff08ff1f3be61b0c7834f5c79656501c
                                                                            • Instruction ID: a732c6f23da90ad0b38766fd106020f13a43bb9597acb6c590b16295ee927f09
                                                                            • Opcode Fuzzy Hash: 41b535c705f70346577f4dc02888caa3ff08ff1f3be61b0c7834f5c79656501c
                                                                            • Instruction Fuzzy Hash: 23512974E05219CFCF14CFA5D9846AEBBB2FF49300F109AAAD54AB7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902309, Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 88e3a95b33ffa3c1669bbf32051eb1f173f2351f5138bf88f3dd4e15dbdbd80c
                                                                            • Instruction ID: e7402cf2c87db80908b9fe4bb80327a0711e812d0fd415889fd4a375c35de183
                                                                            • Opcode Fuzzy Hash: 88e3a95b33ffa3c1669bbf32051eb1f173f2351f5138bf88f3dd4e15dbdbd80c
                                                                            • Instruction Fuzzy Hash: D9511674E05219CFCF54CFA5D884AAEBBB2FF4A300F1095AAD449B7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902346, Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7ca4ab559b0e44ff1a89b2b903750d006da5a518facece4ec1f54328f34ca2ea
                                                                            • Instruction ID: 11109ac64543c81e5b66f169f2e88fbc254bd1d738d5b8607db3469088fd3836
                                                                            • Opcode Fuzzy Hash: 7ca4ab559b0e44ff1a89b2b903750d006da5a518facece4ec1f54328f34ca2ea
                                                                            • Instruction Fuzzy Hash: BF511574E05219CFCF14CFA5C8896AEFBB2FB4A300F1095AAD449A7250E7386A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04901F75, Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4500195f3ac480b85f592c7e253c7fab3437b011c8b45809cf134e17d38e7393
                                                                            • Instruction ID: 4a49f459c13666e4e598cb9b5474b2893ad2c0cd654835679fb57b2c49cf9927
                                                                            • Opcode Fuzzy Hash: 4500195f3ac480b85f592c7e253c7fab3437b011c8b45809cf134e17d38e7393
                                                                            • Instruction Fuzzy Hash: 2D510474E05219CFCF14CFA5D8886AEBBB2FF49300F1095AAD409A7350E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902210, Relevance: .1, Instructions: 119COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 402dc959656ca5526a870dbac469813b54de1c210b4d1319c7c339cb6f521d7b
                                                                            • Instruction ID: 693faec15d67902b5f2a9cd413505a754bf23659c98a2b28365c5edea058dd8c
                                                                            • Opcode Fuzzy Hash: 402dc959656ca5526a870dbac469813b54de1c210b4d1319c7c339cb6f521d7b
                                                                            • Instruction Fuzzy Hash: AB511674E0421ACFCF54CFA5C985AAEBBB2FF49300F1099AAD549B7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902167, Relevance: .1, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5d9a2135bbb2e7fea7624460190cf151d54e3324c04e584974a98a9c484e30fe
                                                                            • Instruction ID: d330b7bac11bec95ecef787b1406bee77c2d7d7a22eec3404eb0e3807d438b6a
                                                                            • Opcode Fuzzy Hash: 5d9a2135bbb2e7fea7624460190cf151d54e3324c04e584974a98a9c484e30fe
                                                                            • Instruction Fuzzy Hash: 3C51F374E05219DFCF14CFA5D988AAEBBB2FF4A300F1095AAD449A7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490225E, Relevance: .1, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f873908558cc73e0539deab8df01370f2bed46727ea20712bda66d45f6b22db
                                                                            • Instruction ID: 4443ddd5335f0d630721af1d6e1413b741ee50e88ed612c700bc300f777c8c18
                                                                            • Opcode Fuzzy Hash: 2f873908558cc73e0539deab8df01370f2bed46727ea20712bda66d45f6b22db
                                                                            • Instruction Fuzzy Hash: 9751F574E15219CFCF14CFA5D984AAEBBB2FF49300F1099AAD449B7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C65B, Relevance: .1, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c81acfb99d8633f81ed0d8f9b8e958865124fb54687ed593967c6f60682459c
                                                                            • Instruction ID: 5069a36dca4ef435d1b322caedaf22e8ac7faddd70455753a64623b5d67c154a
                                                                            • Opcode Fuzzy Hash: 1c81acfb99d8633f81ed0d8f9b8e958865124fb54687ed593967c6f60682459c
                                                                            • Instruction Fuzzy Hash: 32517CB494524ACFCB04DFA4EA8459DBFF1FB49300B2094ABD415EB369E7709A41CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024164B1, Relevance: .1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 18ebdb9a837e23c1f891ce6fffac7d10366d628d731b576eaebb9d2b7b86f4ea
                                                                            • Instruction ID: 24775f49d3a37066b3cf59b3f53407f8bcddff4a84e7336147841e97870adf50
                                                                            • Opcode Fuzzy Hash: 18ebdb9a837e23c1f891ce6fffac7d10366d628d731b576eaebb9d2b7b86f4ea
                                                                            • Instruction Fuzzy Hash: F9413A74D04218CFDB18CFAAC8417EEBBB6FF89304F1181AAD409A7294DB345A85CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902150, Relevance: .1, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea15533581bad2f3d893827dca85b538e6f22808eefd0a534a48ba614914fea9
                                                                            • Instruction ID: ca0eeba01b5cefe3c917c68dc19cc5efe92bb303d0eb50d210c33b8b1a865921
                                                                            • Opcode Fuzzy Hash: ea15533581bad2f3d893827dca85b538e6f22808eefd0a534a48ba614914fea9
                                                                            • Instruction Fuzzy Hash: 3551E674E05219CFCF14CFA5D988AAEBBB2FF4A300F1095AAD449A7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490221A, Relevance: .1, Instructions: 112COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e384c47e9d21ac033ab69ea5d3267c1dc1c0d7e0de1e38b1f592e7b0fdd68898
                                                                            • Instruction ID: fad5604e7fcb5983a9ed1c46085d68dabd0cdee010b53a2576f7ba23f6f4f5a7
                                                                            • Opcode Fuzzy Hash: e384c47e9d21ac033ab69ea5d3267c1dc1c0d7e0de1e38b1f592e7b0fdd68898
                                                                            • Instruction Fuzzy Hash: 4F51F774E05219CFCF14CFA5D9886AEBBB2FF4A300F1095AAD549B7250E7346A81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02415D50, Relevance: .1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a6bcc994bb697f02ccb238e3ea3dcf46ad22b8e69ab8112901c90b096bf2b450
                                                                            • Instruction ID: c3d48f8bb4c9a74c4f746f23498e7adf6b6f59d127d3aa4982bef75a27883065
                                                                            • Opcode Fuzzy Hash: a6bcc994bb697f02ccb238e3ea3dcf46ad22b8e69ab8112901c90b096bf2b450
                                                                            • Instruction Fuzzy Hash: 4C418174E01208DFDB44DFA9D594AADBBF2FF89300F2480AAD819AB360DB345945CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416A50, Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 918d954dfb15c6581e5dc6a7614b62f611297a1b943140541ebdc8a9887d6810
                                                                            • Instruction ID: 898172ed79e4e4c9fdce5d13c7dd8c740daa6c42c865dc22be2d7318393af208
                                                                            • Opcode Fuzzy Hash: 918d954dfb15c6581e5dc6a7614b62f611297a1b943140541ebdc8a9887d6810
                                                                            • Instruction Fuzzy Hash: C741D774E01218DFDB18DFA9D994A9EBBF2BF89300F24906AE905B7394DB305841CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C4F6, Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2989b25e98e24a70a13ca0b4dde145794c07a806c261ea8d7de116a1c3147584
                                                                            • Instruction ID: 29356d251d0b4eaded6dcd5b7d06e2a4c5c9569efe351fd80d713eaf720983d4
                                                                            • Opcode Fuzzy Hash: 2989b25e98e24a70a13ca0b4dde145794c07a806c261ea8d7de116a1c3147584
                                                                            • Instruction Fuzzy Hash: 42419D78945289DFCB04DFA4E98855DBFF2FB49300B2095ABD41AEB368E7709A41CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C475, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bfe68fe088af01a6b32218509608b760158f1d7217b74fea2dfc26a466718893
                                                                            • Instruction ID: 77dba5a2cd70fe63ca2c97713d6119178d1b39b986a6d4eba9fafb46dff0d2f5
                                                                            • Opcode Fuzzy Hash: bfe68fe088af01a6b32218509608b760158f1d7217b74fea2dfc26a466718893
                                                                            • Instruction Fuzzy Hash: 5B413B78A5624ADFCB04DFE4E98499DBFF1FB49300B2095AAD405EB368E7709A41CF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02415D60, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6717142e4974fe67b64d938dfd61baa0d8351d242b90ea0dd49784c4d0975b57
                                                                            • Instruction ID: c4db0bb7325f589f109294a8a0ef3dc938b7b5860637b24156613b3afe1f1aa5
                                                                            • Opcode Fuzzy Hash: 6717142e4974fe67b64d938dfd61baa0d8351d242b90ea0dd49784c4d0975b57
                                                                            • Instruction Fuzzy Hash: FC4172B4E01208DFDB44DFA9C594AAEBBF2FF88300F24806AD819A7354DB356945CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0494146B, Relevance: .1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297358847.0000000004940000.00000040.00000001.sdmp, Offset: 04940000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c9704b11e37d39512a40700b50bcc683c8da7e3e7741802b3cdd70f6b188a30d
                                                                            • Instruction ID: 4b9c2e2db9b034f8d10459e006f062ad7826c28975e9ddf391d0f9790c392506
                                                                            • Opcode Fuzzy Hash: c9704b11e37d39512a40700b50bcc683c8da7e3e7741802b3cdd70f6b188a30d
                                                                            • Instruction Fuzzy Hash: B7314D75608341AFD301CF29DC41A5BFFE4EB89220F14896FF998D7311D375A9458B62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241D370, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e5b599aa2612273e80505a812bd623031c05aa62629ef6fbb09f14eba0f44143
                                                                            • Instruction ID: 58035562636bafe3c8b1dd795ba03659d434fc72d9363802fd09d84dcda2633c
                                                                            • Opcode Fuzzy Hash: e5b599aa2612273e80505a812bd623031c05aa62629ef6fbb09f14eba0f44143
                                                                            • Instruction Fuzzy Hash: 01318DB4D09349DFDB09CFA4C48259EFFB1EF8A200F24C49AC445AB266D3359A46CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490438F, Relevance: .1, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9c42b16f2050ca2e820573d663e3e6ee7a71dc269722e4dfb5273df303106727
                                                                            • Instruction ID: 05d06a3ad9b7658a6a613cb8f7a09a41e22c574aa2a537c18a9d548874a8bffb
                                                                            • Opcode Fuzzy Hash: 9c42b16f2050ca2e820573d663e3e6ee7a71dc269722e4dfb5273df303106727
                                                                            • Instruction Fuzzy Hash: F5410374E5522ADFCB64CF64D984BADBBB2FB49300F0099F9C619A7690E7305A84DF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C5DA, Relevance: .1, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7c32af1378c08f7c05684a0467a97bbf246dbb01eede8d34d03d31f61971428f
                                                                            • Instruction ID: d2ab6f7cb6ece17d927840e696a8878d6539cc31e44121a2f316cb3877836159
                                                                            • Opcode Fuzzy Hash: 7c32af1378c08f7c05684a0467a97bbf246dbb01eede8d34d03d31f61971428f
                                                                            • Instruction Fuzzy Hash: 9F416F74A4124ECFCB04DFA4E98459DBBF2FB49300B1095ABD41AEB368E7709A41CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C368, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9fcc0706d8be47c40a933087df1952df4445dad6b67990d9206583ec57924c2f
                                                                            • Instruction ID: 1247e1bbdc234f3a2c7beeb630457a270c48f4a17eda244a00b6d705a199e9fb
                                                                            • Opcode Fuzzy Hash: 9fcc0706d8be47c40a933087df1952df4445dad6b67990d9206583ec57924c2f
                                                                            • Instruction Fuzzy Hash: 9F316D74A4134ADFCB04DFE4E98459DBBB6FB49301F1084AAD419EB368EB709A41CF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C57D, Relevance: .1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 944db604a4e86f0ee967ca2c6d803a54c113ec85ffd0dc68bd8ab76b00d9dec4
                                                                            • Instruction ID: 2133e94bae8bd2e1d3e67c757df7ccbd2246fedc65627f7e39ac639dc82ff4f9
                                                                            • Opcode Fuzzy Hash: 944db604a4e86f0ee967ca2c6d803a54c113ec85ffd0dc68bd8ab76b00d9dec4
                                                                            • Instruction Fuzzy Hash: 23415B7894524EDFCB04CFA4E9C459DBBF2FB49300B1095AAD41AEB368E7709A41CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04941BD7, Relevance: .1, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297358847.0000000004940000.00000040.00000001.sdmp, Offset: 04940000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7fd281bca5d961c6a05631ae3a54733c54d9be5b7e0143e0bdf17289b14d8be4
                                                                            • Instruction ID: 0030b271666cfa5906372b13c8a1f3257d43aece33dc9d304502d93212b8953b
                                                                            • Opcode Fuzzy Hash: 7fd281bca5d961c6a05631ae3a54733c54d9be5b7e0143e0bdf17289b14d8be4
                                                                            • Instruction Fuzzy Hash: 46212FB5A48301AFD340CF19DC41A5AFBE4EB89660F14896EF98897311D371E9088BA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04903BBF, Relevance: .1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7cb00598be9c679bec7864d61e476717f3c2897268179585736187f1081ea930
                                                                            • Instruction ID: 40b7897d86b39174bdfbed8c66f6329006128017128767f96696929d0c1809f0
                                                                            • Opcode Fuzzy Hash: 7cb00598be9c679bec7864d61e476717f3c2897268179585736187f1081ea930
                                                                            • Instruction Fuzzy Hash: 4B21AD749092899FC715DFB9D8856AEBFB1EB42304F2088BAC8419B292DB319646CB45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02417F89, Relevance: .1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 507993ffddac1d5bf28b73692473dd99c908c480388f2a9e213b3fd71d45d1b7
                                                                            • Instruction ID: d20a7ab452798cbb884938b2ef241441c7fd51e10316f46ce263668623781ec6
                                                                            • Opcode Fuzzy Hash: 507993ffddac1d5bf28b73692473dd99c908c480388f2a9e213b3fd71d45d1b7
                                                                            • Instruction Fuzzy Hash: 743106B4E09209DFDB44CFA6C4809AEFBB1FF49300F10959AD815AB311D3389A41CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02417F98, Relevance: .1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7de34b9aedf332a26725120d56c01ff064a6045ad93c1052f33df290bc42c598
                                                                            • Instruction ID: 9bebceb1da6f95b3800e8a47b39210404f416aed4b6da8e7aa396e5b9cd0a682
                                                                            • Opcode Fuzzy Hash: 7de34b9aedf332a26725120d56c01ff064a6045ad93c1052f33df290bc42c598
                                                                            • Instruction Fuzzy Hash: 5C31E6B8D09209DFDB44CFA6C5809AEFBB1FB49300F10D55AD815AB314D774AA51CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C54B, Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b385d25d7864f6224046c4762ce9367f40519b021f5256b97954e72b53ac6e27
                                                                            • Instruction ID: 4f0e3700e2227a7a4d9bfe87826992c55e57fe7c87108d4c8f9eedc07e7226dc
                                                                            • Opcode Fuzzy Hash: b385d25d7864f6224046c4762ce9367f40519b021f5256b97954e72b53ac6e27
                                                                            • Instruction Fuzzy Hash: B8316A74A4124EDFCB04CFE4EA8459DBFB1FB49300B2095AAD456EB368E7709A41CB05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C904, Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36c83c1521523737e173fb4046b5bc256118252d1375dc63189eab05cee5bc56
                                                                            • Instruction ID: 1db0739bdb3ecd8f85be12abde0e806258844d97ca0381a6f616bd1867ee2699
                                                                            • Opcode Fuzzy Hash: 36c83c1521523737e173fb4046b5bc256118252d1375dc63189eab05cee5bc56
                                                                            • Instruction Fuzzy Hash: EA31D774D04269DFDB10DFA4C580AADFBB2BF49308F24829AD419AB31AD7319E42DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419E78, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 77e0c688d98725fdf79d797c32678fc83a32d5c89c1e439f96bd4c65ba5f741a
                                                                            • Instruction ID: c348491c60aaeb15c1e00be138bd4d089251c89ec6468901a3814cc030fa29e8
                                                                            • Opcode Fuzzy Hash: 77e0c688d98725fdf79d797c32678fc83a32d5c89c1e439f96bd4c65ba5f741a
                                                                            • Instruction Fuzzy Hash: 47212B70D05209DFDB08CF95C590AAEFBB2FB44300F14D55AC41AAB354D730AA81CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419E71, Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 38105f4928ed20c7d60ce56dd5e48c340cc37c783ef4f9acadaf021e3712c186
                                                                            • Instruction ID: 4a4114daf2c01e3ce8a551b716dd981ded5677a4b87cffc64d9ad5326df36bdf
                                                                            • Opcode Fuzzy Hash: 38105f4928ed20c7d60ce56dd5e48c340cc37c783ef4f9acadaf021e3712c186
                                                                            • Instruction Fuzzy Hash: 62211570E05209DFDB08CFA5C590AAEFBB2FF85304F04C59AC816AB255D730AA81CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02410006, Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6795796a6a37b0d714bb30b0dfee9fb6cdc36a47d6c2a0274b3f914857f20685
                                                                            • Instruction ID: 0017ce1718255269e4555f1fadd442e40b9499602aa1e29c0d1d054d1dc5bc9c
                                                                            • Opcode Fuzzy Hash: 6795796a6a37b0d714bb30b0dfee9fb6cdc36a47d6c2a0274b3f914857f20685
                                                                            • Instruction Fuzzy Hash: 6011282048F3C14FC30B97B44866AAA7F709E0322871E95DFC4C0DB0A3D62E485AD762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C438, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 358cc30251e8255479f8d099263c266f56aa4dbade4cc4723b168c4c36241875
                                                                            • Instruction ID: dee8498097eac66a6c7461c3dd27511f9d4cab353a1bc526e7809136a52ec9ed
                                                                            • Opcode Fuzzy Hash: 358cc30251e8255479f8d099263c266f56aa4dbade4cc4723b168c4c36241875
                                                                            • Instruction Fuzzy Hash: 63314F78A4524ADFCB04CFE4E98459DBFF2FB49301B1094AAD406EB368E7709A41CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024180C1, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6deb26c7829f12f6503019bc56802f2d13b5c4478daf81f833af0ad502f0616c
                                                                            • Instruction ID: 99c2c6d89797cfcf19a345e48bf416ddfaaffbc4b3eb58dc2df2f978e77c01cd
                                                                            • Opcode Fuzzy Hash: 6deb26c7829f12f6503019bc56802f2d13b5c4478daf81f833af0ad502f0616c
                                                                            • Instruction Fuzzy Hash: EC3159B4E08209DFDB04CFA9C98099EFBF1BF89300F1485AAC415AB351D334AA41CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C76F, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9e6742761a59b015409748051e6deac7884024eae5f920fc8cfe920c51bd29f0
                                                                            • Instruction ID: a5d9e5843761bbdb4c54ad0b684818dd8707caded1543cb8806aacf46c796b02
                                                                            • Opcode Fuzzy Hash: 9e6742761a59b015409748051e6deac7884024eae5f920fc8cfe920c51bd29f0
                                                                            • Instruction Fuzzy Hash: C3312B78A4524ADFCB04CFE4D9C465DBBB2FB49300B1094AAD415EB368E7749A41CF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C402, Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8fe937e1a58d7356740133a30d4bc25e1ccceb7804846ef39bf9380602188878
                                                                            • Instruction ID: 2db10b2cece7f3d282a2a8f1df94daef6199c25fb76e7baa72ccba5c98d24ea1
                                                                            • Opcode Fuzzy Hash: 8fe937e1a58d7356740133a30d4bc25e1ccceb7804846ef39bf9380602188878
                                                                            • Instruction Fuzzy Hash: BF317E74A4124EDFCB04CFE4E98458DBBB6FF89300B20956AD416EB358EB749A41CF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024180D0, Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1dc0bdbb6d20bfbdfa30a1e885b55873208ea83927e435fde0315fc52a707332
                                                                            • Instruction ID: ad16ab12a03b95b2dd0137af82d8853c3b1f6b9dfe3a4f200261a468055993db
                                                                            • Opcode Fuzzy Hash: 1dc0bdbb6d20bfbdfa30a1e885b55873208ea83927e435fde0315fc52a707332
                                                                            • Instruction Fuzzy Hash: 7221F774E04219DFDB44CF99C9809AEFBF1BB89300F10D59AD415A7214D734AA41CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241F2B0, Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 21425887732b4e769ac365d077c20226e4dee9bf627239056cf4ceec78e4fd7d
                                                                            • Instruction ID: a33ddf55290024c21f51d790d64ff8814ce33481e5b44732cd849fe39df98ffc
                                                                            • Opcode Fuzzy Hash: 21425887732b4e769ac365d077c20226e4dee9bf627239056cf4ceec78e4fd7d
                                                                            • Instruction Fuzzy Hash: 712144B1D09388CFDB04CFA998806EEBBF0EB4A210F15686AC404F7610D3358946CBA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419B50, Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8ee8436d459c0d08521dd89021a4ded77b25a623cf7403100f96ee7853da10f4
                                                                            • Instruction ID: 58dc68f7270a07d067961a3e65cd8c0f1907135e71e656a85b0cb90c37204944
                                                                            • Opcode Fuzzy Hash: 8ee8436d459c0d08521dd89021a4ded77b25a623cf7403100f96ee7853da10f4
                                                                            • Instruction Fuzzy Hash: 6E216D74D1520AEFCB04CFA5C9506AEFBF2FF99320F1499AAC411AB290E7349A51DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905A58, Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5cb8f6f117991640a04e46d492a91a1da2ca6093e62d26feba726d403b56ad2b
                                                                            • Instruction ID: f3a2a1f27364745f7b66b907348351272bce6b584c52c31bd850c87ca5b70132
                                                                            • Opcode Fuzzy Hash: 5cb8f6f117991640a04e46d492a91a1da2ca6093e62d26feba726d403b56ad2b
                                                                            • Instruction Fuzzy Hash: 9A215974E05209EFDB44CFA8D5856ADBBB1FF85210F2085AAD416EB294DA35AA00CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419B60, Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f79f14561883a7c6d6d3a1fd6f341e189c6fa3f4abe3d022eb47bca526e6c4dd
                                                                            • Instruction ID: 8c5da4b719ff9e13144105b5cbff690535d54787ab079ed30df843aaa9ebe0b3
                                                                            • Opcode Fuzzy Hash: f79f14561883a7c6d6d3a1fd6f341e189c6fa3f4abe3d022eb47bca526e6c4dd
                                                                            • Instruction Fuzzy Hash: 79212A74D0520AEFCB04DFA5C5516AEFBF2FB89310F1499AAC405AB254E7349A51DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02460724, Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291982789.0000000002460000.00000040.00000040.sdmp, Offset: 02460000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6729a9b339847064005af8fa29d645d69ea135b4425e98ae7d751f66c04bb789
                                                                            • Instruction ID: 32ebac5cf84571de082d3fe7e6a277a47d3e1f248d790964a7c2ec76d37b2f60
                                                                            • Opcode Fuzzy Hash: 6729a9b339847064005af8fa29d645d69ea135b4425e98ae7d751f66c04bb789
                                                                            • Instruction Fuzzy Hash: 4A213E351497C09FD707CB24C890B56BFB1AF47214F1985EBD8859B6A3C32A980BDB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02415C90, Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fa67272ce28b37700783531a4e4cc98bda027d424a14595fe52387960b530ef8
                                                                            • Instruction ID: e7c6eaa744c8dac51d67fc0f967192bc01051430917d1e879ca40b301605805d
                                                                            • Opcode Fuzzy Hash: fa67272ce28b37700783531a4e4cc98bda027d424a14595fe52387960b530ef8
                                                                            • Instruction Fuzzy Hash: 3F217FB4D05209DFDB04DFA9C5846EEBBF1BB88300F6095AAD404B7350E7749A81CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241D3B0, Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 26fe671fa9cd4a3d15a6e7e60556ac87a2d9eab15aa43ba1c223cdd6886c3878
                                                                            • Instruction ID: d3ddca7565fe9e1535623a844c187e66baf55710bcb495686e93c422a2b75f33
                                                                            • Opcode Fuzzy Hash: 26fe671fa9cd4a3d15a6e7e60556ac87a2d9eab15aa43ba1c223cdd6886c3878
                                                                            • Instruction Fuzzy Hash: 752103B4D05219DBCB08CFA5D5855AEBBF2FB89300F20946AC805B7354D770AA42CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490246C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 914444bb190e0785fce19bf5a9e28ad785cdff190e6c9fdcccb6bc7e17e95908
                                                                            • Instruction ID: 3a9e922c13283f3b5c5e9ffee52e95ae4cbf0dea93244e079b680ec4b200986f
                                                                            • Opcode Fuzzy Hash: 914444bb190e0785fce19bf5a9e28ad785cdff190e6c9fdcccb6bc7e17e95908
                                                                            • Instruction Fuzzy Hash: 271138F6C5A39DAFCB01CB6498895DDBFB0EF66252B02C4EAD4409F462D2786207CF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0246075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291982789.0000000002460000.00000040.00000040.sdmp, Offset: 02460000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0871797bdb80984f232863d4414f9bd5a5e40e134cb896697e71b2d2623f61be
                                                                            • Instruction ID: 65ec01fb1234b972ec56e3528d8e4baa2a7444df6f8c6e412d7e3fc576c65307
                                                                            • Opcode Fuzzy Hash: 0871797bdb80984f232863d4414f9bd5a5e40e134cb896697e71b2d2623f61be
                                                                            • Instruction Fuzzy Hash: 0911D234204644EFD305CB20C988B36BB91BB88709F24D99EE9491B742C777D803CE52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241F2C0, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30fd104d30e049d3501cdd307de0c3ee35372e94d21d889f4f3f49ad085b8c8e
                                                                            • Instruction ID: ecbea1160bfb36efae96fccd37815d47e0f7d22f54fdb20e83d3eadda49e3b9e
                                                                            • Opcode Fuzzy Hash: 30fd104d30e049d3501cdd307de0c3ee35372e94d21d889f4f3f49ad085b8c8e
                                                                            • Instruction Fuzzy Hash: 4711E6B1D193098FCB44CFA9D9845EEFBF4EB4E220F216866C009F6610D7759546CB68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905980, Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3184bc67258b6f248381f2eefe1babe884b2028450ada401590e95f520ce062f
                                                                            • Instruction ID: c500f5a92aac695333a676f7c0f80091417a943562b6ade1f8d88ca5a144fe17
                                                                            • Opcode Fuzzy Hash: 3184bc67258b6f248381f2eefe1babe884b2028450ada401590e95f520ce062f
                                                                            • Instruction Fuzzy Hash: 7E117974D09209EFDB04DFA8D9845AEBFB1FF86310F1085AAD006EB254CB345A04DF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02415E97, Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3d9d0d8b6f318475792a0b726085eef0f7742466c246e63380ccef8a8cf062c8
                                                                            • Instruction ID: 4d1a966d46617bd5f29e8d165cf9396f9b905e4f9edd77b8bb83656cc6a1b6e1
                                                                            • Opcode Fuzzy Hash: 3d9d0d8b6f318475792a0b726085eef0f7742466c246e63380ccef8a8cf062c8
                                                                            • Instruction Fuzzy Hash: 05111974E042499FDB05DFA9C840AAEBBF2EF89300F1081AAD914A7391E7355A51CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04901240, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 816b099063062b4be89fea2f59a1cd593ee23d41d3494fb4d26652b2ed484ca9
                                                                            • Instruction ID: 261bc3951332fb6056c0df1fc1c506987c3c9182d13f12df607f4ee11fc7543f
                                                                            • Opcode Fuzzy Hash: 816b099063062b4be89fea2f59a1cd593ee23d41d3494fb4d26652b2ed484ca9
                                                                            • Instruction Fuzzy Hash: A821A574E05228DFDBA0DF65C889799BBB5BB46301F2081E9C44AA7290DB705EC0CF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905990, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: de3e4b4b0e1e0ce5ef8bfd2e8f79528ac105453d8b883705802786845ed796aa
                                                                            • Instruction ID: 01e0cdcb9a227db004b2b878ec84124db1a2fc9d3017494092e488021ae7985b
                                                                            • Opcode Fuzzy Hash: de3e4b4b0e1e0ce5ef8bfd2e8f79528ac105453d8b883705802786845ed796aa
                                                                            • Instruction Fuzzy Hash: E111CEB4D05209EFDB04CFA8D5805AEBBB5FF85310F11C8AAD00AEB284DB346A00DF65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02415C81, Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: acf0aa22e9790a072e9b5d38e7ec237384d94a07a2a9c74be99128975d0289f8
                                                                            • Instruction ID: e058a1661defa2eaaf850e41fcca54ebfe8fa3ba64bc0bc871658c2edaa912ef
                                                                            • Opcode Fuzzy Hash: acf0aa22e9790a072e9b5d38e7ec237384d94a07a2a9c74be99128975d0289f8
                                                                            • Instruction Fuzzy Hash: 1111F5B4D09649DFDB05DFAAC5446EEBFF1AF8A300F1480AAC805A7351E3344A85CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02415EA8, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0c89dddc2fd157664e6053646aa62d42d63fb489438eab9ba5ee02b636ef331c
                                                                            • Instruction ID: 65f9b2892796790e558d9a8cf078e6135864adf4827751e80370da078e781048
                                                                            • Opcode Fuzzy Hash: 0c89dddc2fd157664e6053646aa62d42d63fb489438eab9ba5ee02b636ef331c
                                                                            • Instruction Fuzzy Hash: 2211D374E006099BDB04DFA9C940AAEBBF2FF89300F208169D914B7394EB356A41CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024605D0, Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291982789.0000000002460000.00000040.00000040.sdmp, Offset: 02460000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e5ccbee61a01f54c29efcca1cb126edcda6d62382cca790ce984f4eaff9f700
                                                                            • Instruction ID: e9c50124ca30d27c1c90b5b4ab3caeffff4b1d1027ba5118d210bcbcc5047f39
                                                                            • Opcode Fuzzy Hash: 6e5ccbee61a01f54c29efcca1cb126edcda6d62382cca790ce984f4eaff9f700
                                                                            • Instruction Fuzzy Hash: 4801D6755097806FD7128F16EC40862FFB8DE87230708C4EFED498B653D269A909CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900688, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b84c9b9f12df0f53d7f18c1bbe75b862cef774f7450f2a14def128657bebda2
                                                                            • Instruction ID: 954315048d39c5cae2c1a6f1f65ad4b8b919021b6d0c356c83e1d0c30ce7d085
                                                                            • Opcode Fuzzy Hash: 0b84c9b9f12df0f53d7f18c1bbe75b862cef774f7450f2a14def128657bebda2
                                                                            • Instruction Fuzzy Hash: 11114074D01268CFCB719F65DC586DEBBB2BB89301F1045EAC44AAA764DB341E81CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04903BD0, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f35dd17dab58e35b7ffb5ab0c1da4ef305b138acfc8eaf02baaf2161626777a
                                                                            • Instruction ID: 6cdb461fe5516807a6bbcbeb334945eb23601e73a487233d13a04bc8d49f609b
                                                                            • Opcode Fuzzy Hash: 6f35dd17dab58e35b7ffb5ab0c1da4ef305b138acfc8eaf02baaf2161626777a
                                                                            • Instruction Fuzzy Hash: 0101D674E08209DFC718CFA5D88166DBB76FB45300F10C4A9CC05A7394DB306A40CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049002A4, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 489225f62649c68e25cbf0235f3b946f99a91450b8974d81de0f6488b4b6ac27
                                                                            • Instruction ID: 52c63e559d34ad6447ecc79a60efa6831d08ba7d12d90986b286a648e79fc3d0
                                                                            • Opcode Fuzzy Hash: 489225f62649c68e25cbf0235f3b946f99a91450b8974d81de0f6488b4b6ac27
                                                                            • Instruction Fuzzy Hash: 7C11C974D4122E8FCB64DF64D89879DBBB1BB59300F2085EAD049A7251D7300A81CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905035, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 562cbf29b14e6b991a4480abf558db62a8cc9ac81c4d39cba2a688bf8c5b1d71
                                                                            • Instruction ID: 417e9fbe4f77175f33b6f3b190718eff6dfaa97b96bce58188fd1c9c5519e743
                                                                            • Opcode Fuzzy Hash: 562cbf29b14e6b991a4480abf558db62a8cc9ac81c4d39cba2a688bf8c5b1d71
                                                                            • Instruction Fuzzy Hash: FE11997490126ADFDB25DF50CE88BDABBB1BB48301F1081D9D50DAA290D7326E80CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419C61, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fcd91d09406239f8c4446bcb7bda5acd14987af437ad4956d0d6f6c9309a38b3
                                                                            • Instruction ID: c0076d90d9ae42a1ac18aa02c6eac24658d6f8a4636e07c2151c19243199f153
                                                                            • Opcode Fuzzy Hash: fcd91d09406239f8c4446bcb7bda5acd14987af437ad4956d0d6f6c9309a38b3
                                                                            • Instruction Fuzzy Hash: 0B01D638A40208AFD705DBA8D955A5DBFF1EF89200F0580D5DD08AB3A2E634A950CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900A93, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 18e64d0a59a1984e888a3797755a5da7f50d7153dae7b5e41a1c709d771739ae
                                                                            • Instruction ID: 731176e3cbcaf2fc221edf577680882efd2eecdfcf31728a334d321d6fab5959
                                                                            • Opcode Fuzzy Hash: 18e64d0a59a1984e888a3797755a5da7f50d7153dae7b5e41a1c709d771739ae
                                                                            • Instruction Fuzzy Hash: 07116D74D402AA8FCB65DF65C8546EEBAB2BB49304F1085EAC949A7340DB301E81CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049008DC, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b5056fc0409c9c986f237ad85e956bc06015b1e9b1d902398aec260284217ec4
                                                                            • Instruction ID: ed86f0d945dc150c4970bafd47dc8bcc1e6cce053b567c5b4517047a6d0a1893
                                                                            • Opcode Fuzzy Hash: b5056fc0409c9c986f237ad85e956bc06015b1e9b1d902398aec260284217ec4
                                                                            • Instruction Fuzzy Hash: DC119274E022289FDB61DF64D8547DEBAB2FB4A300F1085EAD589A7340DB305E81CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04903220, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0137f77cf7aba517958e941ed0aee5eadfd6103caa3ece4543b23f418b4a0f2f
                                                                            • Instruction ID: d6e5dda2844f655d9da407a988f1dae732727d76625b0063b4a4af037b57ee00
                                                                            • Opcode Fuzzy Hash: 0137f77cf7aba517958e941ed0aee5eadfd6103caa3ece4543b23f418b4a0f2f
                                                                            • Instruction Fuzzy Hash: 4F0112B4D0625EDECB20DFE4D944ADDBBB1FB50300F24986A8005AB299E7345A81CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049009A9, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e776f84fac69bff4549eedf9a7866479fb48e5d6bc743d6e201f4252786996ad
                                                                            • Instruction ID: 3fe3aa99750b364602eeaedda7c6cf44ae38796f138663353ac5b41ea0799cac
                                                                            • Opcode Fuzzy Hash: e776f84fac69bff4549eedf9a7866479fb48e5d6bc743d6e201f4252786996ad
                                                                            • Instruction Fuzzy Hash: 57110F74D142688FDF659F25DC487AABBB6FB49702F2481EAD44DA3260DB301E81CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241AF48, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e74e06162ae53dea548819e92bd1ebddfbb465087c2603f00a7223b0c631801d
                                                                            • Instruction ID: 091b5c2c447a9d77219ecc67e6dc98ef12f73cf0d5b7d661425de54f6585eca5
                                                                            • Opcode Fuzzy Hash: e74e06162ae53dea548819e92bd1ebddfbb465087c2603f00a7223b0c631801d
                                                                            • Instruction Fuzzy Hash: E701ECB8D0025A9FCB50DFA9C840AAEFBF5BF48300F14815AE954E7341D7349A41CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241AF43, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91026743d774c6ef04f73bbe0e20c47b2ac8af786241e792e06accbc570d8981
                                                                            • Instruction ID: a56b3870006b8ed7d3e8ae41a05b70c8a47c391a4e6ad1416aeef5f1178522cb
                                                                            • Opcode Fuzzy Hash: 91026743d774c6ef04f73bbe0e20c47b2ac8af786241e792e06accbc570d8981
                                                                            • Instruction Fuzzy Hash: 81011EB490025A9FCB51DFA9C440ABEBFF1BB49314F14819AE865A7381C7349641CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900572, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 202be956cd574e0d91796acc69e388de9b751049b7e4fc64d580a204896c8a15
                                                                            • Instruction ID: 4aae01ac1fafdc3d52be352e213642a94cc2f99e0baa62b806ce822da0278fe2
                                                                            • Opcode Fuzzy Hash: 202be956cd574e0d91796acc69e388de9b751049b7e4fc64d580a204896c8a15
                                                                            • Instruction Fuzzy Hash: 2811F074A002299FDB60DF65D8543DEBBB2BB49300F5085EAC84EA3354EA341E81CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419C70, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 25be5eca16dba0a4781d0a68d85a4267ccd2a4e595c884e12144271403157972
                                                                            • Instruction ID: c10a078dd5b0c5d4e87c08fcee09972577d273334ee60f042cf345bac6f16b04
                                                                            • Opcode Fuzzy Hash: 25be5eca16dba0a4781d0a68d85a4267ccd2a4e595c884e12144271403157972
                                                                            • Instruction Fuzzy Hash: 14F06278A40208AFDB44DBA9D999A5DFBF1FF88200F15C095E908AB361DA35E940CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490038A, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d8b32dc7f2d7dccea7080fcc0333e6b4e6aa86a6ca994cfb017c3f6c3a94e06f
                                                                            • Instruction ID: fcf17f9013107f8ed49ad94629f3ca4e50b2d50ef607e1a669adde15dcf74edc
                                                                            • Opcode Fuzzy Hash: d8b32dc7f2d7dccea7080fcc0333e6b4e6aa86a6ca994cfb017c3f6c3a94e06f
                                                                            • Instruction Fuzzy Hash: 0101D374D4122ADFDB249F61D8887A9B6B2FB05741F1085EAD419AB2A0DB381F81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490055D, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 478d5513ecf5e24ba7e71021583880f022ceee68cdf9b516661dac48dd76b8fc
                                                                            • Instruction ID: 225d4d63357b23e20e0959b90347e70f9aa5a7b511ee54d6d430affd4c75b4ba
                                                                            • Opcode Fuzzy Hash: 478d5513ecf5e24ba7e71021583880f022ceee68cdf9b516661dac48dd76b8fc
                                                                            • Instruction Fuzzy Hash: 07012574D01229AFCB22CF2899543DCBAB1BB4A310F1081EAC89DB7291DB301F81DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02460818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291982789.0000000002460000.00000040.00000040.sdmp, Offset: 02460000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                                            • Instruction ID: d9e030511b8aa1f6c974b9dd2a17775b4130cc7cbde99d962bd288a422c367ad
                                                                            • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                                            • Instruction Fuzzy Hash: 06F0FB35104644DFC205CB40D944B26FBA2FB89718F24CAA9E9490B752C3379813DE81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024100B8, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9f616feb802c72ee726f47ff5fea741286734d28897450fa7c2f079076f5bb59
                                                                            • Instruction ID: a3e3b51a0ddbc2ea2cc7ee78fd3481784a3f9bf72c4c6f4b6b22af2f6687eaf8
                                                                            • Opcode Fuzzy Hash: 9f616feb802c72ee726f47ff5fea741286734d28897450fa7c2f079076f5bb59
                                                                            • Instruction Fuzzy Hash: 3BF0B430A06288DFD706DB64D800AAC7B70FF87304F5554E9D4049B662D7301E05CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02418B54, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a11da25ee18913b808e155f39ca6f5ce0c27c2bc20a660fb13a7310d2251e426
                                                                            • Instruction ID: dcc45bbb48cdc440bb7b1d1c1c20955cf5a52dc9acdeb9ac087c63ad9d01c5ce
                                                                            • Opcode Fuzzy Hash: a11da25ee18913b808e155f39ca6f5ce0c27c2bc20a660fb13a7310d2251e426
                                                                            • Instruction Fuzzy Hash: B6112578A11268CFCBA0CF64C984A9DBBB1BF49310F1050E9E84DA7325DB359E80CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049045F5, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1cd825ff7fb283b506630348cd065489f8e04b670b1523902dcf057683df725b
                                                                            • Instruction ID: e7e0b8d65339d1a13ed0a19dea8b7af3414eec50f3d74b79c548b5cff894f781
                                                                            • Opcode Fuzzy Hash: 1cd825ff7fb283b506630348cd065489f8e04b670b1523902dcf057683df725b
                                                                            • Instruction Fuzzy Hash: A101E870D152299FDB65CB64C884BDCBBB1FF5A300F1080EAD959A7254DB311A81DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490336C, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e55d95bc8d645d7efc71fc1ba69b45784c0fe28f4c5bc943c7163c049291748c
                                                                            • Instruction ID: 2a1009c8d6e6153d59791c077c75b347992822685a860fc4ed2eb84bf6608a08
                                                                            • Opcode Fuzzy Hash: e55d95bc8d645d7efc71fc1ba69b45784c0fe28f4c5bc943c7163c049291748c
                                                                            • Instruction Fuzzy Hash: 9B01F670D06268CEDBA4DF758D947DDBBB1BF85300F1485EAC409A7290EA341A86CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900CAC, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4c64570e3f5ae7ae16f3450db9a2bcec9b2f0a32071755eed5af28f1f7d56db8
                                                                            • Instruction ID: 056e23e68e2e036d9080853a72b7695b168cb189153521640fe837ec11c29af1
                                                                            • Opcode Fuzzy Hash: 4c64570e3f5ae7ae16f3450db9a2bcec9b2f0a32071755eed5af28f1f7d56db8
                                                                            • Instruction Fuzzy Hash: 3501E574D002688FCB66DF25DC5469EBBB6BB89301F1041EAC44AA7291DB300F81CF65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049047C8, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1879f680453793fc4c4e784b086ab72a9558c43ff3bcc7a1d36c89dcbcb9f0d0
                                                                            • Instruction ID: 08077a046a9a5e9fc62e1a90e75dc6ae3258261c7618e454587152d9dc132354
                                                                            • Opcode Fuzzy Hash: 1879f680453793fc4c4e784b086ab72a9558c43ff3bcc7a1d36c89dcbcb9f0d0
                                                                            • Instruction Fuzzy Hash: 8F013CB0D85368DEDB61CF60CD45BDDBBB4BB05704F0084E69609BA280E7702AC5CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04904565, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 080e933d30105e110517b77f4235d1f5f96f1fec4d78eaf0fee91cacb23bc22b
                                                                            • Instruction ID: 8e389c7f4e23e95166afd54a770e3a39fb8fbd67e9a18fe2dc6500b5973787d3
                                                                            • Opcode Fuzzy Hash: 080e933d30105e110517b77f4235d1f5f96f1fec4d78eaf0fee91cacb23bc22b
                                                                            • Instruction Fuzzy Hash: F701D274D142298FDB64CF64CC81BECBBB5FF8A300F0080AAD619A7254DB701A81DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900EBB, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7171660fef591cfa48014a3ac8a014e394a0510f9944174be73df45fdf1c7ac2
                                                                            • Instruction ID: 8304f77fde9f896b07350e0fc7a96e3b02eecc36c3120c551bebbe98466bff07
                                                                            • Opcode Fuzzy Hash: 7171660fef591cfa48014a3ac8a014e394a0510f9944174be73df45fdf1c7ac2
                                                                            • Instruction Fuzzy Hash: EF01D274E002688FCB65DF65CC942DABBB2BB8A300F1085EAC549A3350DB301E81CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490105D, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: acb1a5ecda785168151f7a28c25db1492af0344b3e70b7ee120822f153e0fc74
                                                                            • Instruction ID: 27099436c4c0e3cafc81e44f6f96f1318df54e866ea04e6c1383ba39ffba9468
                                                                            • Opcode Fuzzy Hash: acb1a5ecda785168151f7a28c25db1492af0344b3e70b7ee120822f153e0fc74
                                                                            • Instruction Fuzzy Hash: B301D274E012288FCB76DF65DC6429EBBB6FB49201F2085EAD589A3351DA305F81CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900841, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9e67d4ae4b2a8831d0ff2757eeac3fa686607d7059bc11d1b74e9d67db826754
                                                                            • Instruction ID: e95d2afe56ef8fcc68dca6331d474d7a436d49b4ee0f4fbc681e9050ed0e4552
                                                                            • Opcode Fuzzy Hash: 9e67d4ae4b2a8831d0ff2757eeac3fa686607d7059bc11d1b74e9d67db826754
                                                                            • Instruction Fuzzy Hash: 85019A74A00228CFCBB6DF65C8547AEBAB6BB45300F1095EAD54DAB354DA341F85CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04900D71, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ffd709a717f7744418e8399ef546b69ce3b67477965d4fa5dd0ac326332a35d8
                                                                            • Instruction ID: 65883243fc5e770e3854b4ed0bd9adc57be2d48cd179a92a7243198259e95d01
                                                                            • Opcode Fuzzy Hash: ffd709a717f7744418e8399ef546b69ce3b67477965d4fa5dd0ac326332a35d8
                                                                            • Instruction Fuzzy Hash: 5701C8B8D002298FDB60DF68D8586AEBBB1FB49300F1081EAD5AAA3351DA305D81DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905AA9, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 24e425b83d7decb4ba34541889f191a369bfa1212440b91aa7bd360ad3ca4869
                                                                            • Instruction ID: 13da9235bbb2c8f57a259b2e514ec6db4b8626c87a7ebf87260e5b74f603c978
                                                                            • Opcode Fuzzy Hash: 24e425b83d7decb4ba34541889f191a369bfa1212440b91aa7bd360ad3ca4869
                                                                            • Instruction Fuzzy Hash: 80E0DFB0D5E2889FCF09DBB85C5569C7F70EB06314F1142FEC8089B2A2E2368506CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490251F, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: db662939e98db976746a3c7f3590f2472dd88672ac59e20ddf538ef3457eb2e7
                                                                            • Instruction ID: ab1e4ef433bce53d5ed790a5754c98c883867a28cf17681f77b24249b3492a87
                                                                            • Opcode Fuzzy Hash: db662939e98db976746a3c7f3590f2472dd88672ac59e20ddf538ef3457eb2e7
                                                                            • Instruction Fuzzy Hash: 66F058B0C083899FCB02EFA8C84069CBBB1AF46300F4084EAC84497262E7319A45DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024605F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291982789.0000000002460000.00000040.00000040.sdmp, Offset: 02460000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 12d2847d657eac33b8af5def7524c9c9179fa8444ddef5410ee6c39bf9c609ef
                                                                            • Instruction ID: e4b3352d4b711af00613d38457e3ee12fb2c8cb79a506765d5541f47bde5aeb0
                                                                            • Opcode Fuzzy Hash: 12d2847d657eac33b8af5def7524c9c9179fa8444ddef5410ee6c39bf9c609ef
                                                                            • Instruction Fuzzy Hash: 22E09276A006008BD650DF0BEC81452F7D8EB88630B18C07FDD0D8B711E275B505CEA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902E69, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f21befa3fc64764a9741010b3e516dc20dc1648e7e3a222beaab8d94ea5f1137
                                                                            • Instruction ID: fe120d636b598ca15c7d92fa36e235fa80580e0f6e01e319afb3a790bcffd424
                                                                            • Opcode Fuzzy Hash: f21befa3fc64764a9741010b3e516dc20dc1648e7e3a222beaab8d94ea5f1137
                                                                            • Instruction Fuzzy Hash: 55F06D789493999FD71AEBB8580579C7FB0AB02600F0040FAC844CB2D2D338DA16CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04941CCB, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297358847.0000000004940000.00000040.00000001.sdmp, Offset: 04940000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7a406adff5dffeb77526a5539d8cd0535f502011f32fe6dfea55afe3fb5c5a50
                                                                            • Instruction ID: 15888df6b1be0bceff3145055f620beecc10247d979937c227ea8f48d2797cd7
                                                                            • Opcode Fuzzy Hash: 7a406adff5dffeb77526a5539d8cd0535f502011f32fe6dfea55afe3fb5c5a50
                                                                            • Instruction Fuzzy Hash: 49E0D8B2A4130067D2109F069C85F53FB98DB44A30F14C56BEE081B342D1B1B5148AE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04941577, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297358847.0000000004940000.00000040.00000001.sdmp, Offset: 04940000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 617328a5f21fcbc64bf211149b5f9bbde8276e24d762b839b8b2be75ee1c85b8
                                                                            • Instruction ID: 38182e4b7689ac379b618f5ad83657a564eeef77270076a64c6ea60353996c21
                                                                            • Opcode Fuzzy Hash: 617328a5f21fcbc64bf211149b5f9bbde8276e24d762b839b8b2be75ee1c85b8
                                                                            • Instruction Fuzzy Hash: 56E0D872A0120067D2109F069C85F53FB98DB40A30F14C567EE081B306D1B2B514CAE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 024100C8, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f1a768b381e7dbf849ba64fcf1584cdd6668133ff0e863fc5f0808eb8c31edc6
                                                                            • Instruction ID: 96fb528aa732d295aa05b756c05d49413d7d7816e31a8537e40882b44158e769
                                                                            • Opcode Fuzzy Hash: f1a768b381e7dbf849ba64fcf1584cdd6668133ff0e863fc5f0808eb8c31edc6
                                                                            • Instruction Fuzzy Hash: 50E0ED30A01108DBCB04EFA9D945AADB7B5FF85304F6055B9D80867361EB716E01DB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049004D9, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ff08e66858f1fcd4494d2622e93b0beab89b6577b4dabb5ba5d11f9b7ec2faa2
                                                                            • Instruction ID: 45abfdea230e44a620113cefc22606b9fe02e5a49f8efc9ed7a0d181f319935b
                                                                            • Opcode Fuzzy Hash: ff08e66858f1fcd4494d2622e93b0beab89b6577b4dabb5ba5d11f9b7ec2faa2
                                                                            • Instruction Fuzzy Hash: 81F0A9789052288FCB65DF25D8947AA7BB6FB45711F1080EAE44AA7250D6341F81CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902CF0, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1c0d4431659bf9a321b30bc8a016dd7673ada81ab16b937dbe0325ad332c28a
                                                                            • Instruction ID: ea4fc1868a5f6024acd3541da123a463398b2165a118a500f50354d0b96ae53c
                                                                            • Opcode Fuzzy Hash: a1c0d4431659bf9a321b30bc8a016dd7673ada81ab16b937dbe0325ad332c28a
                                                                            • Instruction Fuzzy Hash: A9F0ED30D00348EFC714EBA4E80539CBBB0AF40200F2080FEC8089B382D638A91ACF86
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0490326E, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dbfba170cb404f18e194f60e72be7ecabb446a19b7bba7fe446d53c657d72ec0
                                                                            • Instruction ID: a155e0d5b6facec6a4097e087932642ad1365c3839ec6d3ab19c4761d4b3b149
                                                                            • Opcode Fuzzy Hash: dbfba170cb404f18e194f60e72be7ecabb446a19b7bba7fe446d53c657d72ec0
                                                                            • Instruction Fuzzy Hash: 66F0D474D0626EDFDB20DFE4D551AADBBB2FF40300F50596A801AAB295E7301A81DF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02410070, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7a2bdfe3088af8368d8f95ca5578dfbce58b87688e00624845e3d5457c5677c
                                                                            • Instruction ID: 50d8a277e928dfffee7e888748b881be78eb73173b1e1486d909408940e2eb1f
                                                                            • Opcode Fuzzy Hash: f7a2bdfe3088af8368d8f95ca5578dfbce58b87688e00624845e3d5457c5677c
                                                                            • Instruction Fuzzy Hash: B9E08C70983208D7C798FBF8951273FB368EB42600F0418A9860263241CE715E60DAA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902EB1, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ebddc180d38decfa2d3aa3c918d5ecf36915c66eea40205b6f6aa133b173337
                                                                            • Instruction ID: ed3fd6efac91f9d942d1d4518efa2f8e779817d8b09447f5f9181ef685abecaa
                                                                            • Opcode Fuzzy Hash: 0ebddc180d38decfa2d3aa3c918d5ecf36915c66eea40205b6f6aa133b173337
                                                                            • Instruction Fuzzy Hash: 72E09AB8D49348AFC706EBB4984539DBFB0AF42304F0045EEC804DB292E739AA55CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902E27, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ab3a36a73b4937514d75f4b84cf82589fa3e5944fb74283a62d1eacc559100c1
                                                                            • Instruction ID: fa91ca91a2593c9648f4211ba03ebacc5215c122e5ea7075769c963193f4fb44
                                                                            • Opcode Fuzzy Hash: ab3a36a73b4937514d75f4b84cf82589fa3e5944fb74283a62d1eacc559100c1
                                                                            • Instruction Fuzzy Hash: 12E06570804348AFCB05DBB4984439CBBB4AB02600F0040EAC844D72A1E3399959CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416BC7, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 541b3420815e4997500f9e171272090830b778c371ad997274f7cdc72bc61287
                                                                            • Instruction ID: 1cc78f9a5d6935d0863d4aa3d072045db98f323e6065c22c5e2587c0f8b3a57d
                                                                            • Opcode Fuzzy Hash: 541b3420815e4997500f9e171272090830b778c371ad997274f7cdc72bc61287
                                                                            • Instruction Fuzzy Hash: 2FE046705093859FD302AB799C0A7153FB8AB03205B4A05E6D848C7162DA358818DBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049024E0, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c822921499584b62473719903be5bc26fc24b4613a9e86d49c8ddca97b1ff32b
                                                                            • Instruction ID: 04c09c5a5de705e8dce5e64cdc2172e14cd93f997599827ff89dae9fced12dd9
                                                                            • Opcode Fuzzy Hash: c822921499584b62473719903be5bc26fc24b4613a9e86d49c8ddca97b1ff32b
                                                                            • Instruction Fuzzy Hash: A6E01AB4D04218AFCB44EFA8C8406AEBBF4FB49300F1085AAD814E7340D7359A80DF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902DE8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7cebc21815bb079295082f9350b4de82b4842568f783dc1b58fbac953ac660b3
                                                                            • Instruction ID: 421ba88bb283acf44ca08d4eeea374860db71a2e7a898cd4440c0a232c9acef8
                                                                            • Opcode Fuzzy Hash: 7cebc21815bb079295082f9350b4de82b4842568f783dc1b58fbac953ac660b3
                                                                            • Instruction Fuzzy Hash: 0BE01AB4D49349AFC745DBA4980AB9DBFB4AB06600F0541FA8C049B2A2E6345A19DF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241F359, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f68585b0ffbac25276de2aa4035d763aa85da4ae4ffe7cbb6696b6cb65e3112b
                                                                            • Instruction ID: 4dc945ff42694be8f5ce5dfddabf75f17b925331111212294138edef628818d8
                                                                            • Opcode Fuzzy Hash: f68585b0ffbac25276de2aa4035d763aa85da4ae4ffe7cbb6696b6cb65e3112b
                                                                            • Instruction Fuzzy Hash: 47E09275E56119EBCB00DBA8F8808DDBBB1FB49314B20A526E905A2214EB71991A8B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902530, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b7f5fc5fd48e79fc18bebe7c0db3dbc5b24a521be90deb927bf5a2548c60022
                                                                            • Instruction ID: 9d859603c1a059aef409c8fb84d21b3fd0247194cf3daf2143fdd771de03b6f1
                                                                            • Opcode Fuzzy Hash: 0b7f5fc5fd48e79fc18bebe7c0db3dbc5b24a521be90deb927bf5a2548c60022
                                                                            • Instruction Fuzzy Hash: 75E012B4D04309EFCB44EFA8C845AADBBB5FB48300F1085AAD814A3350E731AA91DF84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049049F7, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 81ae5117ab80bbd14632e16ce56e03b6667abd02e951ccfb614a35e57551b384
                                                                            • Instruction ID: b49a5c0aedb1d9d4e61029017f8c12d43cae786478fdcf252cfe1a90e0d0186c
                                                                            • Opcode Fuzzy Hash: 81ae5117ab80bbd14632e16ce56e03b6667abd02e951ccfb614a35e57551b384
                                                                            • Instruction Fuzzy Hash: CDF0DF74808368CFDB21DF20C9447ECBB71FB05341F4086E8918DAA280D3345AC1DF02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902D00, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37840162bf8a22676522f26f8ef7be04a88aa98c06ac41efe893cdb19bda2e29
                                                                            • Instruction ID: 868c27046b54f34081503dcab00334bddd496b3006dd0f870e6b43154800bf29
                                                                            • Opcode Fuzzy Hash: 37840162bf8a22676522f26f8ef7be04a88aa98c06ac41efe893cdb19bda2e29
                                                                            • Instruction Fuzzy Hash: 54E0B675E10208AFCB58EBA9D44579DB7B4AB44600F2081A99809A7380EA35AA58DF86
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04904F04, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1e5c7959617203d5259d32b590402805444f5a4bb89edff7ab38fa737dee459f
                                                                            • Instruction ID: f5f8cd77a44a8d871c64dbb2b933765693f0d630fe14e1d130ed4b436c2d93fe
                                                                            • Opcode Fuzzy Hash: 1e5c7959617203d5259d32b590402805444f5a4bb89edff7ab38fa737dee459f
                                                                            • Instruction Fuzzy Hash: 3CE01A75817328DFCB24CF60C945BDDBBB0FB56306F10A0E5C149AA291DA3816859F40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04904FE7, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61543ae4d3d6ea5491f26b6ab6562461afa23fc7428027474d16867bb504fad7
                                                                            • Instruction ID: 28416288ddade4a581bfdb7d989903bb62cb7b5299c8d148d3feb9ec905b9ad7
                                                                            • Opcode Fuzzy Hash: 61543ae4d3d6ea5491f26b6ab6562461afa23fc7428027474d16867bb504fad7
                                                                            • Instruction Fuzzy Hash: C4E0E5B18022289FCB24DFA1C944BDDBBB5AB44300F2094E9D219A6195E238AA80CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02418ABD, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 297d69e1220b285b3122e84843486d433ceb27b423063b2c6492fe22b5d51446
                                                                            • Instruction ID: 36b9b2ba0b742f06647a759491097e2cf46e522e74d94a6dbf931235d3318f8f
                                                                            • Opcode Fuzzy Hash: 297d69e1220b285b3122e84843486d433ceb27b423063b2c6492fe22b5d51446
                                                                            • Instruction Fuzzy Hash: F0E01A34905A59CFDB50CF94C5C099DBBB1FF54350F12A195D416AB259CB70F984CF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902EC0, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30edea9590d4a925844e98176bacb108b199be5af0dff1d274e9d750d2038bcf
                                                                            • Instruction ID: 60fa4a1aa9b526c058600e7a3123ec93c9ad83cc691e5cb086c07eba4459ff09
                                                                            • Opcode Fuzzy Hash: 30edea9590d4a925844e98176bacb108b199be5af0dff1d274e9d750d2038bcf
                                                                            • Instruction Fuzzy Hash: 44E0E274D10308AFCB54EFB8940939DBBB4AB44304F1081AAC808A7240E735AA94CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902E38, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d5a8950c215c805050e0273194691eb001ccbd1b732e4a7cfcda632f0749100b
                                                                            • Instruction ID: 5d8af659ed12a5a00a2e6fa8458d7f615ad77331735614eacae947463dd757f6
                                                                            • Opcode Fuzzy Hash: d5a8950c215c805050e0273194691eb001ccbd1b732e4a7cfcda632f0749100b
                                                                            • Instruction Fuzzy Hash: B2E0E274D10308AFCB58EFB8D40939CBBB4AB04700F1084AAD808A7290E735AA94CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902E78, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d39b911eb262c02d96f3c77d302f3b1717f5420420b28178cf0db622f6d3642d
                                                                            • Instruction ID: 70f2700ac1b1bd3c29c80711644d4fe62c799356bd52a9d3a8df8d769cdffd54
                                                                            • Opcode Fuzzy Hash: d39b911eb262c02d96f3c77d302f3b1717f5420420b28178cf0db622f6d3642d
                                                                            • Instruction Fuzzy Hash: DDE01778D04308AFCB68EFB994093ADBBF4AB05301F1081FAC84496280E739AA54CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905AB8, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07dd3e418ff96ed2b3fadd99c437f6f6eb3d4c870c72055f4b6a0e6f566cf105
                                                                            • Instruction ID: e2b03590deb06eab2df026577aafada43cc1f0cbabc5d3a642d66b3b93ff4469
                                                                            • Opcode Fuzzy Hash: 07dd3e418ff96ed2b3fadd99c437f6f6eb3d4c870c72055f4b6a0e6f566cf105
                                                                            • Instruction Fuzzy Hash: 0BD05E708053089FCB04EBB8980435C7BB4AB01301F2044BDC80457290E7319944CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04902DF8, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da586f15b4b23558c071958c2b8b74590876543053e33b1625f241d575ef0c47
                                                                            • Instruction ID: a4909849829573e01e5051ad4e7daa92698d59c4801b777854b9a6c808a3d893
                                                                            • Opcode Fuzzy Hash: da586f15b4b23558c071958c2b8b74590876543053e33b1625f241d575ef0c47
                                                                            • Instruction Fuzzy Hash: 44D01774D00208AFCB44EFE8D80979CBBB8AB05300F0081B98808AB380E7346A55CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241EFDB, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 607b49725ffc4384a52ece5f6f85e594e8b15a79047a79c4517bcdaf360b980f
                                                                            • Instruction ID: c43f298a1de5fe874ccb64061dfce869e6598ef4c65146f77ccee73a5b0090fa
                                                                            • Opcode Fuzzy Hash: 607b49725ffc4384a52ece5f6f85e594e8b15a79047a79c4517bcdaf360b980f
                                                                            • Instruction Fuzzy Hash: 41E0C270C05249CEDB60CFB5C0886ADBFB0EF04218F31461AD561A3295C3340186CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049048AE, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a442abf409d259b5355b36d5cad3671348b1b2abaada4ea25ecf88a8299b7457
                                                                            • Instruction ID: 353b99e621b47118be047e16a49063e086c9a8d9d94fb398381e01353bb4ffaa
                                                                            • Opcode Fuzzy Hash: a442abf409d259b5355b36d5cad3671348b1b2abaada4ea25ecf88a8299b7457
                                                                            • Instruction Fuzzy Hash: 19E09975C052289FCF21DFA0CA40BEDBBB6BB58304F1091E99299A3252D3355BA0DF05
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416BD8, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 97057ee487714dedec79b42a70b9e9449f37b9dcac7051d980bb6912980be9c3
                                                                            • Instruction ID: efa4da332ab8ec81ff94ac5e69a559c7e4b259b4a9da979b94a7db511a537219
                                                                            • Opcode Fuzzy Hash: 97057ee487714dedec79b42a70b9e9449f37b9dcac7051d980bb6912980be9c3
                                                                            • Instruction Fuzzy Hash: 62D0C9745082099FC310EBB5EC0971A77ACF706216F4144659409D3160EF319448DE91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02416FDC, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9e5ec01827b63d9afd0eceb53903c83d60ba834410b1893d3e8875ca047ec63d
                                                                            • Instruction ID: eff1e192191b673bbe8fa0d73a038ab9e736c81569d7194f764d74af3a3dbc0e
                                                                            • Opcode Fuzzy Hash: 9e5ec01827b63d9afd0eceb53903c83d60ba834410b1893d3e8875ca047ec63d
                                                                            • Instruction Fuzzy Hash: 80E0127090221A8FDB90CF24CE90A8CBBB1FB00300F0042EAE409A3264EB309E88CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C6AE, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 31e7381cef7272c56dd4dc9a7d7b0bffea9d76de0ff82b9079cbe7aa58718503
                                                                            • Instruction ID: ba65d0b44c57900d2ef792e13b6d734885ca2f1a78b03e18469b4ce98e026109
                                                                            • Opcode Fuzzy Hash: 31e7381cef7272c56dd4dc9a7d7b0bffea9d76de0ff82b9079cbe7aa58718503
                                                                            • Instruction Fuzzy Hash: 25D05E30D4120DDBCB00DF94D84008DBFB0FB48300B108826D021E6314D7B09602CF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905315, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e88b85aa01c77ffd56fcfab64a047636e301be17abc8315b80e32d460fff29fe
                                                                            • Instruction ID: bb9627e228c13c778151832c6e854acfba6cfebc787b22d39717e8e6feb62edc
                                                                            • Opcode Fuzzy Hash: e88b85aa01c77ffd56fcfab64a047636e301be17abc8315b80e32d460fff29fe
                                                                            • Instruction Fuzzy Hash: C1D0177091522A8FCB64DB14CA8579DF7B1BB86300F1055E9C508A3240E2306E809F00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02419004, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 15a420d090dd69d270483a935c07befcbe6b728025457305d875c9a233ca8d35
                                                                            • Instruction ID: d79f686be231cc4f13d4c1bf4c10c9ef8bbb8051cb1dabdb2347001d270a2797
                                                                            • Opcode Fuzzy Hash: 15a420d090dd69d270483a935c07befcbe6b728025457305d875c9a233ca8d35
                                                                            • Instruction Fuzzy Hash: A2D0C978404610CFCB549F24DAA89997BB2FF56711B2001E6D81A5B2AACB318981DF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241C093, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dfb13597aefc508150601ec5e0f11072eafdc2d0a41efd09e5eca5584647f4ee
                                                                            • Instruction ID: ad6b1a4f7174100ad4302b07f194f4dbd35628766925f6b379c4d57fe9dc3555
                                                                            • Opcode Fuzzy Hash: dfb13597aefc508150601ec5e0f11072eafdc2d0a41efd09e5eca5584647f4ee
                                                                            • Instruction Fuzzy Hash: 12D05E30D0221A9FCBC0DB24D880A9CB77AFB01204F10659A941DA6128EF70AACACF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04905187, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3e6214fd760828587ad67cb063c52ecbb86cf2aee16b4c6c9b4d7f1ffd27ad4e
                                                                            • Instruction ID: 92850cbdf3b6bcd1deb07b80d989570169c24ee680285f5d358766c36d809273
                                                                            • Opcode Fuzzy Hash: 3e6214fd760828587ad67cb063c52ecbb86cf2aee16b4c6c9b4d7f1ffd27ad4e
                                                                            • Instruction Fuzzy Hash: DAD0C9799122288FCF20DF24CA006EDBB70AF52321F0456EA81A9BA1D1D2700AC1DF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049015C1, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cda25d14db8b7671ab18fbabfc73b95e75e9417c792fd98e5ab948c8ce20f872
                                                                            • Instruction ID: 9d8fce5562ac96f7fc965ef4e7be2108d9812a4f5ccf1f2d3e199af6b9ac0a4d
                                                                            • Opcode Fuzzy Hash: cda25d14db8b7671ab18fbabfc73b95e75e9417c792fd98e5ab948c8ce20f872
                                                                            • Instruction Fuzzy Hash: 5FD0677890512A8FCBA4DF60CD89798BBF0BB14300F4055D6844DA2250DB305E80DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241EF76, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 16241dd3b981a1367f66bf2e769ec0c5dea06ff2b969152b1dc800cae10f9480
                                                                            • Instruction ID: 11500a3cbab9caf3075ac35aab2c7822aee53837e1623b17e98647ff378e6bdd
                                                                            • Opcode Fuzzy Hash: 16241dd3b981a1367f66bf2e769ec0c5dea06ff2b969152b1dc800cae10f9480
                                                                            • Instruction Fuzzy Hash: E5C0123CC2A289AA87008FA0DA8069CBEB0E72A231B102B02942AA20D8D73081C5C608
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241EC5F, Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: baa49b806609bb3eca9055aedfde06bf41af71c8d5490b2edc29e769c2dec663
                                                                            • Instruction ID: 5ff9087eb815004333ce90d3d702171acf70bda90478691d883feab39066381d
                                                                            • Opcode Fuzzy Hash: baa49b806609bb3eca9055aedfde06bf41af71c8d5490b2edc29e769c2dec663
                                                                            • Instruction Fuzzy Hash: ABD0E979C1A349DECB51CFE0E29419EFFF0BA59311F205456D446E5254E2384745CB10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 049052F1, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f2739ba46d2244da16a446b3fa75163cd48323b7286a7ff4bf673449d7422224
                                                                            • Instruction ID: 14acb9161632feb8469e06b403f0bbcc7820e81fb46d73ed483e186aa0cfe41c
                                                                            • Opcode Fuzzy Hash: f2739ba46d2244da16a446b3fa75163cd48323b7286a7ff4bf673449d7422224
                                                                            • Instruction Fuzzy Hash: BCC08C748062238EC320CE608644269BA30EB03281F006CA0811AE6014D37082908A08
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04901853, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.297273336.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 00ba51c758645b70598536939f4680271167878dc97c8ba3204137c4e7a27a66
                                                                            • Instruction ID: ff82023f074d1f68398804138351f3050e83a89a6aa8c20c64995bed41a98b17
                                                                            • Opcode Fuzzy Hash: 00ba51c758645b70598536939f4680271167878dc97c8ba3204137c4e7a27a66
                                                                            • Instruction Fuzzy Hash: F8D0C97C9062688FCB708F608D44B99BBB0BF56300F0040D6C19DA2241D7340A80DF02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0241F063, Relevance: .0, Instructions: 7COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.291828856.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7541b280c25186fdec32f8c770a85767a32853f076df633d7d2b2a099e856ed5
                                                                            • Instruction ID: a73af40946a4be9479bb40ff422e5e69e2a7e42b32eb87c8e8529b15eab0f9b4
                                                                            • Opcode Fuzzy Hash: 7541b280c25186fdec32f8c770a85767a32853f076df633d7d2b2a099e856ed5
                                                                            • Instruction Fuzzy Hash: 98C08C30816202DBC340CF90F98082C7F71A74E2207002446E003A2264D3209580CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Analysis Process: 2name.exe PID: 5004 Parent PID: 5828 2name.exeCOMMON

                                                                            Executed Functions

                                                                            Function 015F0CB0, Relevance: 1.6, Instructions: 1618COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0350df371e928d9306a849a0aeac78d122551b30a54894c0dc2e93c18ead75ca
                                                                            • Instruction ID: 4de2e3776966eee077051da2dda6df5817107d9c37582eb6d3ab622716f7e2c6
                                                                            • Opcode Fuzzy Hash: 0350df371e928d9306a849a0aeac78d122551b30a54894c0dc2e93c18ead75ca
                                                                            • Instruction Fuzzy Hash: 89C2C2307083C18FD716977888A46793FB2AF86304F1981EED585CF697EA6ACC46C752
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F0006, Relevance: 4.1, Strings: 3, Instructions: 341COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr$:@Dr$KDBM
                                                                            • API String ID: 0-1736680475
                                                                            • Opcode ID: baf5608ea0ac740f4c32e2aa8c5ad9e4c7b1d44793af50fe09589111c0178e15
                                                                            • Instruction ID: 4f0a105745e0990bc5549c10c329e23d96bdfcf636bde60e065b2d4a97d3d434
                                                                            • Opcode Fuzzy Hash: baf5608ea0ac740f4c32e2aa8c5ad9e4c7b1d44793af50fe09589111c0178e15
                                                                            • Instruction Fuzzy Hash: 8CD16D30204241DFC710EBB8E45AA5A7FA9FF88314F10951DE6C9CB699CF7A5C85CB22
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC0FE5, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ClassInfo
                                                                            • String ID: xqT
                                                                            • API String ID: 3534257612-780308692
                                                                            • Opcode ID: dd4a8051628c688627300fe48338bff504c2e54abfa3abc181b5d799586876e9
                                                                            • Instruction ID: b7df86787ebd71771e8b174161a3de70198d6b71b3136167679c0c4f25a80419
                                                                            • Opcode Fuzzy Hash: dd4a8051628c688627300fe48338bff504c2e54abfa3abc181b5d799586876e9
                                                                            • Instruction Fuzzy Hash: 6B314A7650E3C09FD7138B21DC60A52BFB4AF07210B0E84DBD985CF2A3D6699908CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F3190, Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: a617bbcbcb0f41e603d3eaa0ac0da5f4f952d1f48544fa864da4918df43fd823
                                                                            • Instruction ID: 8077203a3442603f5aae194f885e4762b984c5620677773d076a48d7d74e7e83
                                                                            • Opcode Fuzzy Hash: a617bbcbcb0f41e603d3eaa0ac0da5f4f952d1f48544fa864da4918df43fd823
                                                                            • Instruction Fuzzy Hash: 9612D330B043818FEB569B78C814A6D7FB6BF85300F1580AAE645DF2A2EA75DC46CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F4078, Relevance: 1.7, Strings: 1, Instructions: 446COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: tq
                                                                            • API String ID: 0-2372698852
                                                                            • Opcode ID: 32bb050a5a63b72dc751c0b6d2da2057ea5dac1ea185f6f82c28345bfa50fc64
                                                                            • Instruction ID: b4aff7c84dacfed877c5133404f19c4fdcb5c23742c085804a2b9fa79e1c274f
                                                                            • Opcode Fuzzy Hash: 32bb050a5a63b72dc751c0b6d2da2057ea5dac1ea185f6f82c28345bfa50fc64
                                                                            • Instruction Fuzzy Hash: 41F19C35B002458FDB15ABB8C454AAE7BF3BF88300F14846AE505DB2A5EF3ADD46CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2719, Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenFileMappingW.KERNELBASE(?,?), ref: 05CC2829
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileMappingOpen
                                                                            • String ID:
                                                                            • API String ID: 1680863896-0
                                                                            • Opcode ID: c8a23317f7d5303658047d707d57b3d0163f4ffce1670339a78241367b9babe9
                                                                            • Instruction ID: 919da368f173e8223107a6966ed19b54abd56dad833cda8e8cbcde97dd1ef87d
                                                                            • Opcode Fuzzy Hash: c8a23317f7d5303658047d707d57b3d0163f4ffce1670339a78241367b9babe9
                                                                            • Instruction Fuzzy Hash: 2D41E3725093806FE712CB25DC45F92FFB8EF02620F0884DBE984DF293D265A908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2259, Relevance: 1.6, APIs: 1, Instructions: 111networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Socket
                                                                            • String ID:
                                                                            • API String ID: 38366605-0
                                                                            • Opcode ID: 5e80ece52eb86c294fd485b869b4eccf1f6b4cb83c8881beba3d7cbbb19b3dc9
                                                                            • Instruction ID: b49cf7481e393076b764bfbfc51399adf0b71740ef37fa297cca66edbb9723af
                                                                            • Opcode Fuzzy Hash: 5e80ece52eb86c294fd485b869b4eccf1f6b4cb83c8881beba3d7cbbb19b3dc9
                                                                            • Instruction Fuzzy Hash: 73416D7540D7C0AFD7238B659C54B66BFB4EF07210F0989DBE9C58F1A3C2259909CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1C76, Relevance: 1.6, APIs: 1, Instructions: 104fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05CC1D35
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 258c66e02587d2f8b9b73a12e039eaea0d269e07bb27ca8ef1074939c31dacae
                                                                            • Instruction ID: 0d9bad6e1891291eb80d9c4da537227b1f5db1bee3653c3d5c0b9cd5115eaca0
                                                                            • Opcode Fuzzy Hash: 258c66e02587d2f8b9b73a12e039eaea0d269e07bb27ca8ef1074939c31dacae
                                                                            • Instruction Fuzzy Hash: 8B31A071504780AFE722CF65DC44FA2BFE8EF46210F08849EE9858B253D325A909DB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2FFF, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • getaddrinfo.WS2_32(?,00000E2C), ref: 05CC30D7
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: getaddrinfo
                                                                            • String ID:
                                                                            • API String ID: 300660673-0
                                                                            • Opcode ID: fc45d21b9fd3dd6985cfe14b0e7178c4a91d9ada6605ff51c5e8d3948ed687c4
                                                                            • Instruction ID: a6a0bcdc38f8191b7eed8bf803e14c140a6f23a738695416633c70cc8b87b235
                                                                            • Opcode Fuzzy Hash: fc45d21b9fd3dd6985cfe14b0e7178c4a91d9ada6605ff51c5e8d3948ed687c4
                                                                            • Instruction Fuzzy Hash: 7831C3B1004340BFE7228B60DC44FA6BFACEF46710F14899AFA849B192D375A909CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2E04, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05CC2EA3
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: c43a6110582121edb6ef7180f73fac023eee98376d0bc643f21fe0651a0cb0a1
                                                                            • Instruction ID: fb7e7f792920c01f6a51676ade4009133d1a0d63f1d7b695d6c777689f24d143
                                                                            • Opcode Fuzzy Hash: c43a6110582121edb6ef7180f73fac023eee98376d0bc643f21fe0651a0cb0a1
                                                                            • Instruction Fuzzy Hash: CD31C272404344AFEB228B65DC44F67BFACEF46320F0488AEF985DB152D234A919CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC33B3, Relevance: 1.6, APIs: 1, Instructions: 93encryptionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CertGetCertificateChain.CRYPT32(?,00000E2C,?,?), ref: 05CC3476
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CertCertificateChain
                                                                            • String ID:
                                                                            • API String ID: 3019455780-0
                                                                            • Opcode ID: bec65f0b1fb2ce13d45f4e087a1dd271113a75ccd33886cc1fe738719563b092
                                                                            • Instruction ID: 24af2bc2961ecfd7da9a6b220e84c022170adf4d0a6e0f7e7303ed458c344de5
                                                                            • Opcode Fuzzy Hash: bec65f0b1fb2ce13d45f4e087a1dd271113a75ccd33886cc1fe738719563b092
                                                                            • Instruction Fuzzy Hash: 9A31907240D3C45FD7038B258C61B62BFB4EF47614F1E84CBD8848F1A3D624A919C7A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC32B5, Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAIoctl.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC3369
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Ioctl
                                                                            • String ID:
                                                                            • API String ID: 3041054344-0
                                                                            • Opcode ID: 5ea001f0abae30237f7a837b0703fd211626ac425fbb22e0704882133a7645e3
                                                                            • Instruction ID: ab7ea72c8ea2687f65a6db44b2235d362b0ff29d5cbbfa77918f0359ce2bbc8f
                                                                            • Opcode Fuzzy Hash: 5ea001f0abae30237f7a837b0703fd211626ac425fbb22e0704882133a7645e3
                                                                            • Instruction Fuzzy Hash: FC318371009780AFE7228F65DC40F52BFB8EF06710F08889BE9858B162D334A909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC25E8, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 05CC267F
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DescriptorSecurity$ConvertString
                                                                            • String ID:
                                                                            • API String ID: 3907675253-0
                                                                            • Opcode ID: 06ec39b7b972b7bc510c10d74a331b60eec07bd9c15caba28635af26d630b4a5
                                                                            • Instruction ID: 85be1dfb6fb6223a0dbe2a2e13aad1693a49159ca0b770922ad9a60fdb089c56
                                                                            • Opcode Fuzzy Hash: 06ec39b7b972b7bc510c10d74a331b60eec07bd9c15caba28635af26d630b4a5
                                                                            • Instruction Fuzzy Hash: FC31BF72504344AFEB218B25DC45F67BFA8EF46310F0888ABE984DB152D224E908CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC24EA, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2594
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 2339c13a7ef3c0d51536bd947be87caeeb73544388bd09cf7fb3ee652e35154f
                                                                            • Instruction ID: 61ac99e0a15fc6cfa6dc37b60ffb3e5f8b7b80a8ea2460ca6c64306cf67704b3
                                                                            • Opcode Fuzzy Hash: 2339c13a7ef3c0d51536bd947be87caeeb73544388bd09cf7fb3ee652e35154f
                                                                            • Instruction Fuzzy Hash: BF318076509380AFDB22CB25DC50F93BFB8EF06310F0884DBE9859B253D264A509CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2880, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileView
                                                                            • String ID:
                                                                            • API String ID: 3314676101-0
                                                                            • Opcode ID: 9bd77805c16214058893ddaf535e731f1b32cf0bd33d3a1a64fc7dc3df1189a5
                                                                            • Instruction ID: 1809a7948029284116af05011a90efa51ce809551a3cf44e9157d945c7e473d5
                                                                            • Opcode Fuzzy Hash: 9bd77805c16214058893ddaf535e731f1b32cf0bd33d3a1a64fc7dc3df1189a5
                                                                            • Instruction Fuzzy Hash: A631C2B2404780AFE722CB65DC45F96FFF8EF06320F08859EE9849B252D365A509CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2C2C, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • shutdown.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: shutdown
                                                                            • String ID:
                                                                            • API String ID: 2510479042-0
                                                                            • Opcode ID: 5ddf5fa2a31cb9f71082b334a2c3b1d78361c47e9586da69f3392e9e0e9f0291
                                                                            • Instruction ID: 16e3f31ccf6cdb0da8ff7387e1aa14fcd03034f4ffddcdea6f00114e13f22056
                                                                            • Opcode Fuzzy Hash: 5ddf5fa2a31cb9f71082b334a2c3b1d78361c47e9586da69f3392e9e0e9f0291
                                                                            • Instruction Fuzzy Hash: 3A21E4B5405780AFE7128B14DC85FA6BFA8FF02320F0984EBE9849F192D2789906C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2B35, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 05CC2BD5
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: 8a18571b3cb4c9d8259071f4d3bfe9866edfd3e94233e323359f8c3be9153df0
                                                                            • Instruction ID: be2c1889da496b69da5b4c2ca0f1e95fcf0ddf986ced82aada38d29aaf33dd3c
                                                                            • Opcode Fuzzy Hash: 8a18571b3cb4c9d8259071f4d3bfe9866edfd3e94233e323359f8c3be9153df0
                                                                            • Instruction Fuzzy Hash: 83317FB1509380AFE722CF25CD45F56FFE8EF05210F08849EE985DB292D365E908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC3032, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • getaddrinfo.WS2_32(?,00000E2C), ref: 05CC30D7
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: getaddrinfo
                                                                            • String ID:
                                                                            • API String ID: 300660673-0
                                                                            • Opcode ID: 5ccc8398ff4a782873f7bb59bcc45293c18b2e7d5225bb1ddfcd4ef81c5e74b8
                                                                            • Instruction ID: 15e25001269cde4779a9765770d5d2018ea58b90a62ce7809ed717b535bd82ab
                                                                            • Opcode Fuzzy Hash: 5ccc8398ff4a782873f7bb59bcc45293c18b2e7d5225bb1ddfcd4ef81c5e74b8
                                                                            • Instruction Fuzzy Hash: 4B21F371100300BFFB21DB24DC85FA6FBACEF44710F10889AFE459A141D6B5A504CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1D8C, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC1E21
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: fb7246189ad9397b64233d98d6981949106ed96862655d4d61bce154c31de27c
                                                                            • Instruction ID: 44341095b5a82d6c90f789043bcd2053b12aecaac0414ce5339da72d75fc7447
                                                                            • Opcode Fuzzy Hash: fb7246189ad9397b64233d98d6981949106ed96862655d4d61bce154c31de27c
                                                                            • Instruction Fuzzy Hash: 4D21FB754093806FE7128B25DC41FA2BFACEF47720F1884DBEE848B193D2646909C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2E26, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05CC2EA3
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 5f3c980f884448bbc9e7696e1635af526064adf77805436b29a13866fd536b0c
                                                                            • Instruction ID: 806d580bae5faad55ab8eba21185037a8810b2fb15840fcbf277a52b2c335a52
                                                                            • Opcode Fuzzy Hash: 5f3c980f884448bbc9e7696e1635af526064adf77805436b29a13866fd536b0c
                                                                            • Instruction Fuzzy Hash: 6521BD72500204AFEB21DF69DC44FABBBACEF05320F04886FEA85DB251D674A5088B61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2D10, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessTimes.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2D99
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ProcessTimes
                                                                            • String ID:
                                                                            • API String ID: 1995159646-0
                                                                            • Opcode ID: 99642ca39b4c30d981c86a3975a72fa3bdf43156c63da33d9bf49064c49efdbd
                                                                            • Instruction ID: fbd3466922088c6ce73d1d3aa07829bfb95b10aa1c36ed3436e66bb0c9a9adc5
                                                                            • Opcode Fuzzy Hash: 99642ca39b4c30d981c86a3975a72fa3bdf43156c63da33d9bf49064c49efdbd
                                                                            • Instruction Fuzzy Hash: E221B572105340AFDB228F25DC44F67BFB8EF46310F08849BE9859B152C235A545CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC426B, Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC42F2
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CertCertificateChainPolicyVerify
                                                                            • String ID:
                                                                            • API String ID: 3930008701-0
                                                                            • Opcode ID: 046a9490d203c2a5c334a5ab28c6fc608b2be6ce772adddc5f5cc7fb1e34c1db
                                                                            • Instruction ID: e7dd8e2546369721708da469b04b576793c46d484369b1951c91bc7f8d05b008
                                                                            • Opcode Fuzzy Hash: 046a9490d203c2a5c334a5ab28c6fc608b2be6ce772adddc5f5cc7fb1e34c1db
                                                                            • Instruction Fuzzy Hash: 5D21B272104380AFEB118B25DC45FA6FFB8EF46310F08849BED849B152C264A945CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC04F0, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05CC058B
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 019caa7ac36f6d1e7fd0e63c4bc3057802a2da6a51ecb661ae39c2ca716fa3ff
                                                                            • Instruction ID: dae5363108766758847b6d410ad959a4de6402b8e47f24e9d5e6cbc537724a76
                                                                            • Opcode Fuzzy Hash: 019caa7ac36f6d1e7fd0e63c4bc3057802a2da6a51ecb661ae39c2ca716fa3ff
                                                                            • Instruction Fuzzy Hash: E021DA71005380AFE7228B15CC45FA6FFB8EF06724F1884DAED859F192C269A949CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1CB6, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05CC1D35
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 4e5591a59f21ee841ae7e02d69dfdee85b6b4bba923bfa4add97518e71403b4c
                                                                            • Instruction ID: 13a02bafa93778cd9a861988d686bcb8c39139a0f4fc823580c4722f2dc98b44
                                                                            • Opcode Fuzzy Hash: 4e5591a59f21ee841ae7e02d69dfdee85b6b4bba923bfa4add97518e71403b4c
                                                                            • Instruction Fuzzy Hash: 25219C71500644AFE722CF66C944F66FFE8EF04220F1888AEEA858B252D775E904CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC260E, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 05CC267F
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DescriptorSecurity$ConvertString
                                                                            • String ID:
                                                                            • API String ID: 3907675253-0
                                                                            • Opcode ID: 09ae3c4734d946733914a36609a0fc2743f995b95134621d827dc2aa88a61787
                                                                            • Instruction ID: 2757bb0908815b00d6095893edffb3e956c33a4cfc69ff654510968cfd7362fc
                                                                            • Opcode Fuzzy Hash: 09ae3c4734d946733914a36609a0fc2743f995b95134621d827dc2aa88a61787
                                                                            • Instruction Fuzzy Hash: 39215E76500204AFEB20DF29DD45F6ABBACEB44710F1488AAED85DB241D664E5058B71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC31E2, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ioctlsocket.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC326B
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ioctlsocket
                                                                            • String ID:
                                                                            • API String ID: 3577187118-0
                                                                            • Opcode ID: e66f6e4578172ca61d899edf6566397400b3eaa9ded09c1057ac62c0250288e5
                                                                            • Instruction ID: 51988000e103558ae73f4b02712588c5778a330ff0df1a4735e2435466c12700
                                                                            • Opcode Fuzzy Hash: e66f6e4578172ca61d899edf6566397400b3eaa9ded09c1057ac62c0250288e5
                                                                            • Instruction Fuzzy Hash: CE21B3714093C4AFEB128B65DC44F96BFB8EF46314F0884DBEA84DF153C264A509C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC357C, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC3611
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdaptersAddresses
                                                                            • String ID:
                                                                            • API String ID: 2506852604-0
                                                                            • Opcode ID: 6986bcf5848bb84dcc3616a3f91539d2bb350a9b088e9de9a9bb92a8be23f828
                                                                            • Instruction ID: bd077676f9aeaf94ada9fa1a122754ae830396379ca8811b6e17083dfeee3981
                                                                            • Opcode Fuzzy Hash: 6986bcf5848bb84dcc3616a3f91539d2bb350a9b088e9de9a9bb92a8be23f828
                                                                            • Instruction Fuzzy Hash: 0D21C872409384AFDB228B15DC45FA6FFB8EF06714F09C4DBE9849B253C265A508CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC237B, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • setsockopt.WS2_32(?,?,?,?,?), ref: 05CC23F8
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: setsockopt
                                                                            • String ID:
                                                                            • API String ID: 3981526788-0
                                                                            • Opcode ID: 52311aaccea162b3331d8537150cd4c597602b4fb7f0121b1edaec27219db2f1
                                                                            • Instruction ID: b4d9f4d901cfdd94318adea804c3a45dfdda616397c9d60920ec7d455dd87f1e
                                                                            • Opcode Fuzzy Hash: 52311aaccea162b3331d8537150cd4c597602b4fb7f0121b1edaec27219db2f1
                                                                            • Instruction Fuzzy Hash: FB21AE750093C0AFDB128F65DD84A96BFB4EF07320F0D89DADAC48F163C225A959CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC34AE, Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAEventSelect.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC3532
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: EventSelect
                                                                            • String ID:
                                                                            • API String ID: 31538577-0
                                                                            • Opcode ID: e56c53ea58e89e757aa9fc95b87b642a48244bb6b2b3c792df14762c39ea79b4
                                                                            • Instruction ID: fa45e82d8c523897c8368d3ae7f655087dd0d17b3f503ea3a6cb11a7d50e0cbe
                                                                            • Opcode Fuzzy Hash: e56c53ea58e89e757aa9fc95b87b642a48244bb6b2b3c792df14762c39ea79b4
                                                                            • Instruction Fuzzy Hash: BB217F72405384AFE722CB65DC44F97BFACEF46710F0888ABEA459B252D264A508CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC4352, Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC43DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CertCertificateChainPolicyVerify
                                                                            • String ID:
                                                                            • API String ID: 3930008701-0
                                                                            • Opcode ID: 385f12400e49b6b46e530d1b3b72cb2fe243e8c25ed22977b57408eca1c7cbe2
                                                                            • Instruction ID: 3253eb087a12b3066ec351a091b863dd7c52c6842714a89bdfc2ee5695e221c0
                                                                            • Opcode Fuzzy Hash: 385f12400e49b6b46e530d1b3b72cb2fe243e8c25ed22977b57408eca1c7cbe2
                                                                            • Instruction Fuzzy Hash: D0218071408380AFEB22CB65DC44F66FFB8EF46314F1885ABED449B152D265A508CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2B62, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 05CC2BD5
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: e7b715350fc2716053a7f47bed85889a615e6b74c95ed1b19d2cd65e8018b7c0
                                                                            • Instruction ID: fa309ae23f0f9aaf15b9a4437c447785da049ed01491549651a5025f54afb597
                                                                            • Opcode Fuzzy Hash: e7b715350fc2716053a7f47bed85889a615e6b74c95ed1b19d2cd65e8018b7c0
                                                                            • Instruction Fuzzy Hash: C121AC75500240AFE720DF25C985F66FFE8EF04210F1888AEED89CB241D6B4E904CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC32EE, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAIoctl.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC3369
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Ioctl
                                                                            • String ID:
                                                                            • API String ID: 3041054344-0
                                                                            • Opcode ID: 63d9fe9ce3db941d071384bf086572b034c699432d1ea7126de72a09440b9230
                                                                            • Instruction ID: abc3286e164ee0bb8e52b28a86d2c335550025c86f73b1f50c3ff6c8ba7a3cd2
                                                                            • Opcode Fuzzy Hash: 63d9fe9ce3db941d071384bf086572b034c699432d1ea7126de72a09440b9230
                                                                            • Instruction Fuzzy Hash: F3216D71500644AFEB21CF59DC80F66FFE8EF44710F0889AAEE458B251D674E545CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1F3E, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadFile.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC1FBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 0d2c562d11b7796e09eab75a664728b618682c9d3af0b02f6cb6fdc6dde85ca2
                                                                            • Instruction ID: 2b34c4a1a1bfd6705eadbf6f0fe6072271790ff806dc0bbee79e8b2990f5d769
                                                                            • Opcode Fuzzy Hash: 0d2c562d11b7796e09eab75a664728b618682c9d3af0b02f6cb6fdc6dde85ca2
                                                                            • Instruction Fuzzy Hash: E9216F72405384AFEB228F65DC44F97FFB8EF46310F18849BEA859B152C265A509CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC364E, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05CC36D2
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Connect
                                                                            • String ID:
                                                                            • API String ID: 3144859779-0
                                                                            • Opcode ID: 3052b5d6dac52530d4ad30cc495cc1343b7ab0037a60a0949f6940f6950b2bac
                                                                            • Instruction ID: af2416a755b8a01f286c2964f2b7aca09bf45b1fa6c00fecc0099e0c2cd461d5
                                                                            • Opcode Fuzzy Hash: 3052b5d6dac52530d4ad30cc495cc1343b7ab0037a60a0949f6940f6950b2bac
                                                                            • Instruction Fuzzy Hash: E72190754093C0AFDB22CF61D844A92FFF4FF06210F0988DEE9858B163D275A919DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC27BE, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenFileMappingW.KERNELBASE(?,?), ref: 05CC2829
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileMappingOpen
                                                                            • String ID:
                                                                            • API String ID: 1680863896-0
                                                                            • Opcode ID: 75cb2e04c2ff540f2e1b0446cf17a4f74c3136de3758b64ee79864b0ba7e0bb2
                                                                            • Instruction ID: facafc6b2608a248952b2d95942ab7cc7b90ecce4da7ec8374bc7c984a294f8c
                                                                            • Opcode Fuzzy Hash: 75cb2e04c2ff540f2e1b0446cf17a4f74c3136de3758b64ee79864b0ba7e0bb2
                                                                            • Instruction Fuzzy Hash: 01219D76500200AFE720DF25DC45BA6FFA8EF44720F1484AEEE858B242D775E904CB75
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC20B3, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetNetworkParams.IPHLPAPI(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2134
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: NetworkParams
                                                                            • String ID:
                                                                            • API String ID: 2134775280-0
                                                                            • Opcode ID: 11dfde9ba860b8567171a0db377cecb25f97264baa7b980f3ad467c4e8daef90
                                                                            • Instruction ID: 98dabcb296cf16d25b8d5b98695817c278bbfa38401016bf00e81003fa1c5a43
                                                                            • Opcode Fuzzy Hash: 11dfde9ba860b8567171a0db377cecb25f97264baa7b980f3ad467c4e8daef90
                                                                            • Instruction Fuzzy Hash: 0721B771408384AFE7128B15DC44F96FFB8EF46324F0884DBEE849F253C265A549CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC28BE, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileView
                                                                            • String ID:
                                                                            • API String ID: 3314676101-0
                                                                            • Opcode ID: e83a3269a8ae435d908117bf13b91d37a6ac97fe3c35e20c71d4c894633c6833
                                                                            • Instruction ID: c6a87a5e6994d96bb2cc0780daa79801f765d8b88cae8716aad030066b9bab8b
                                                                            • Opcode Fuzzy Hash: e83a3269a8ae435d908117bf13b91d37a6ac97fe3c35e20c71d4c894633c6833
                                                                            • Instruction Fuzzy Hash: F821AE71500200AFE721CF65DD44FA6FFE8EF09720F14849EEA859B251D775E508CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC22B6, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Socket
                                                                            • String ID:
                                                                            • API String ID: 38366605-0
                                                                            • Opcode ID: 9ff0ce971057355bb841ae9c53a6b6d0cdc049edbbb5509ac9f6d807a84ea01c
                                                                            • Instruction ID: d201f187dd25e64b9052c41cc68bf42bd08082c081b831cd228d7f64186f8295
                                                                            • Opcode Fuzzy Hash: 9ff0ce971057355bb841ae9c53a6b6d0cdc049edbbb5509ac9f6d807a84ea01c
                                                                            • Instruction Fuzzy Hash: 6021CF71400600AFEB21DF65DD44F66FFE8EF04710F1888AEEE859A252C775A404CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2522, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2594
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 23791340438adf12eb19f4212ca9403f7e16f0b76f6a6e08034acf690e627bc3
                                                                            • Instruction ID: 59dd386dcc2ca80b919b9110355751afe5ef43d1f4c94ea290a4417548f37503
                                                                            • Opcode Fuzzy Hash: 23791340438adf12eb19f4212ca9403f7e16f0b76f6a6e08034acf690e627bc3
                                                                            • Instruction Fuzzy Hash: 64117C76500604AFEB20CF55DC81F67FFE9EF09710F1888AAEE869B251D664E508CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1249, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05CC12C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: 3a2d386415ca345f39e8befd1302bb9e715553fafb7aa16a0d16063e48c535b1
                                                                            • Instruction ID: 0dfd79cf873f2bc32df78efbbfd6b940b4be9ae4c349096ef15b77afd7c191f4
                                                                            • Opcode Fuzzy Hash: 3a2d386415ca345f39e8befd1302bb9e715553fafb7aa16a0d16063e48c535b1
                                                                            • Instruction Fuzzy Hash: D0219075509380AFDB228B26DC44B62BFF8EF06214F0C84CAED85DB253D265A909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2D3A, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessTimes.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2D99
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ProcessTimes
                                                                            • String ID:
                                                                            • API String ID: 1995159646-0
                                                                            • Opcode ID: bc61d139703287ffc583eaba3e310c7cd88bd5808da5f5826ff71d657b6610cd
                                                                            • Instruction ID: 71f7dcd11c1980d8a07a89c6660bdc8e1b27cd7d2c95da3bb3d3a9d832381f27
                                                                            • Opcode Fuzzy Hash: bc61d139703287ffc583eaba3e310c7cd88bd5808da5f5826ff71d657b6610cd
                                                                            • Instruction Fuzzy Hash: 3211D072500600AFEB21CF65DC40FABFFA8EF14320F1488ABEE499B251C674A405CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC34CE, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAEventSelect.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC3532
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: EventSelect
                                                                            • String ID:
                                                                            • API String ID: 31538577-0
                                                                            • Opcode ID: a05621d8ad0289367ee400c300e4ffd73ed68e2b4aa8c8ee3b775d8fa559a097
                                                                            • Instruction ID: 9558df1405fecfa43ab820c3ceded04f5561d0350f1453f87063c00ecceaefd7
                                                                            • Opcode Fuzzy Hash: a05621d8ad0289367ee400c300e4ffd73ed68e2b4aa8c8ee3b775d8fa559a097
                                                                            • Instruction Fuzzy Hash: 1C11D072500204AFEB20CB65DC84FABFFACEF05720F14C8ABEA05DB201D674A5048B71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC4296, Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC42F2
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CertCertificateChainPolicyVerify
                                                                            • String ID:
                                                                            • API String ID: 3930008701-0
                                                                            • Opcode ID: 9928621162fef7966375148fc578a89a7fdbf01aba6bfb68b9806363c7e36a2d
                                                                            • Instruction ID: 607e91092d0f05498bcdbdf475bbb8909ee2c29910c0488ebafec8a2dac8bfc7
                                                                            • Opcode Fuzzy Hash: 9928621162fef7966375148fc578a89a7fdbf01aba6bfb68b9806363c7e36a2d
                                                                            • Instruction Fuzzy Hash: 49119071500600AFEB208F65DC85FAAFFA8EF45321F18C8ABEE459A241D674A505CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1F5E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadFile.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC1FBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: eb7592ae0f60edc5bcb0ff0067c5bb0b117928bd3d369cf83418218625b5b8e4
                                                                            • Instruction ID: d09a7ad74cd8a3a0ff891dda6a7ea9cc70f1c5610cc78ac7b69de177f9f474e9
                                                                            • Opcode Fuzzy Hash: eb7592ae0f60edc5bcb0ff0067c5bb0b117928bd3d369cf83418218625b5b8e4
                                                                            • Instruction Fuzzy Hash: 9911B271400200EFEB21CF56DC40F66FFA8EF45310F1889ABEE459B251C674A505CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC437E, Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC43DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CertCertificateChainPolicyVerify
                                                                            • String ID:
                                                                            • API String ID: 3930008701-0
                                                                            • Opcode ID: 7912f2f549bf4ccb41eb4e4f8e38b14ff347b6d78e558fd08776296b5b86afe4
                                                                            • Instruction ID: cf49ea63a0b88d9e2e269a78f25ebfc17ef9b5fafd98a2df0ae7a0e4927cbcf5
                                                                            • Opcode Fuzzy Hash: 7912f2f549bf4ccb41eb4e4f8e38b14ff347b6d78e558fd08776296b5b86afe4
                                                                            • Instruction Fuzzy Hash: 7F11BC71500200EFEB20CF25DD80FA6FFA8EF44321F18C8ABEE499B241D674A5088B71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC3212, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ioctlsocket.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC326B
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ioctlsocket
                                                                            • String ID:
                                                                            • API String ID: 3577187118-0
                                                                            • Opcode ID: 98f8088a5415e6fec0ffdbd6e4422242aa1d7d0daaa774c6f1d44f9b9c6422d3
                                                                            • Instruction ID: 2adfccf92999e60a3bb8a0093ed529b40ea57584c01576a9f98638bafaa7c6cc
                                                                            • Opcode Fuzzy Hash: 98f8088a5415e6fec0ffdbd6e4422242aa1d7d0daaa774c6f1d44f9b9c6422d3
                                                                            • Instruction Fuzzy Hash: 4A110671400244AFEB11CF59DC40F66FFA8EF45720F14C8ABEE499B242C674A504CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC2C6A, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • shutdown.WS2_32(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: shutdown
                                                                            • String ID:
                                                                            • API String ID: 2510479042-0
                                                                            • Opcode ID: 439adb790da34d87de4f380280ee0081ab2914cdee26575324f65cf6962c89a3
                                                                            • Instruction ID: 50ee5201382b980e388d92cd02fcb4c683b985e6fb3817693b49f01a6f666d8a
                                                                            • Opcode Fuzzy Hash: 439adb790da34d87de4f380280ee0081ab2914cdee26575324f65cf6962c89a3
                                                                            • Instruction Fuzzy Hash: 2F11E575500204AFEB10CF19DC84FA6FFA8EF45320F14C8ABEE499B241D678A505CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC35B2, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC3611
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdaptersAddresses
                                                                            • String ID:
                                                                            • API String ID: 2506852604-0
                                                                            • Opcode ID: ce51ae9fa20b20507b028a989d6ceb02fe2c865ac23d8164a3ba5a9677d4f640
                                                                            • Instruction ID: c5931409bd25a37f507d0930827264a95f76e1c8f3ee7ae74f80267681137ab0
                                                                            • Opcode Fuzzy Hash: ce51ae9fa20b20507b028a989d6ceb02fe2c865ac23d8164a3ba5a9677d4f640
                                                                            • Instruction Fuzzy Hash: E311A071400644EEEB218F15DD41FA7FFA8EF05B20F14C89BEE459B251C675A509CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC0522, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 05CC058B
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 06e3dc5ef3b307ff4b0961a71c333ecddc307f00bcc2b9f99065d804c9a5accb
                                                                            • Instruction ID: 2325a2d355b8881bfd912bdfd9c89ac3fd60e2b0fa22290e4307b7e8ae12d6d7
                                                                            • Opcode Fuzzy Hash: 06e3dc5ef3b307ff4b0961a71c333ecddc307f00bcc2b9f99065d804c9a5accb
                                                                            • Instruction Fuzzy Hash: 88112171100300EFE720DB15DC85FBAFFA8EF05720F14849AEE04AB281C6B8A508CBB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1AE4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalMemoryStatusEx.KERNELBASE(?), ref: 05CC1B38
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: GlobalMemoryStatus
                                                                            • String ID:
                                                                            • API String ID: 1890195054-0
                                                                            • Opcode ID: 868ea1f6f772d2861bcffb10553669772829e3316f0f0729a26758ff973caf4a
                                                                            • Instruction ID: 60a66e2395364f13d597ef6a06b5d369e5e8c11613a48c35744c0a4fffada66d
                                                                            • Opcode Fuzzy Hash: 868ea1f6f772d2861bcffb10553669772829e3316f0f0729a26758ff973caf4a
                                                                            • Instruction Fuzzy Hash: 8C119471509380AFD7128F25DC54B52BFA4DF46220F0884DBED458F653D2759918CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC20DE, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetNetworkParams.IPHLPAPI(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC2134
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: NetworkParams
                                                                            • String ID:
                                                                            • API String ID: 2134775280-0
                                                                            • Opcode ID: 0cfbe8cc12cf4550122266dcbbab6be3037b152e579c501e24db1d1754bdc8b3
                                                                            • Instruction ID: b1118649a9eed2c6e9d1bbaae59db71d9b379b8d1ef2f4a59ee6b91627b17183
                                                                            • Opcode Fuzzy Hash: 0cfbe8cc12cf4550122266dcbbab6be3037b152e579c501e24db1d1754bdc8b3
                                                                            • Instruction Fuzzy Hash: 3F01C475500604AEEB11CB15DC85F6BFFA8EF05720F14C49BEE499B241D674A909CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1DCE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E2C,CC371464,00000000,00000000,00000000,00000000), ref: 05CC1E21
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: 2c26017e8c24d05b16ab8dcbea543e63f7b82004b03f40740041ee8ed6f6ebe9
                                                                            • Instruction ID: 0243625c9363fac97a12ce4b8b05d3230ccda3481045b0c82f63c2a5cf2a1a6f
                                                                            • Opcode Fuzzy Hash: 2c26017e8c24d05b16ab8dcbea543e63f7b82004b03f40740041ee8ed6f6ebe9
                                                                            • Instruction Fuzzy Hash: 08018471500604AEE720DB16DD45F66FFA8DF45720F18C49BEE459B242D668A504CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC3686, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05CC36D2
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Connect
                                                                            • String ID:
                                                                            • API String ID: 3144859779-0
                                                                            • Opcode ID: b882c3f1d0fec937817e84a695bb146cefea47ee793457fd1f96c77e932bec3c
                                                                            • Instruction ID: 904180a8b21b8b6918ebfe80c40750a7d3e2002a703688d5c9e8b87f16bf8e47
                                                                            • Opcode Fuzzy Hash: b882c3f1d0fec937817e84a695bb146cefea47ee793457fd1f96c77e932bec3c
                                                                            • Instruction Fuzzy Hash: 8B119A714006409FDB20CF56E844B62FFE4FF08610F08C8AADE498B222D775E518DF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1046, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ClassInfo
                                                                            • String ID:
                                                                            • API String ID: 3534257612-0
                                                                            • Opcode ID: dd61e5809d0ab1e0b3b8b393772c3b12482615dc5526938e2ac2672bff50637d
                                                                            • Instruction ID: 781b9ddc9068394f5c4a067f2498d2e26c3a0d39657c20d86b2ed2092ce7efc0
                                                                            • Opcode Fuzzy Hash: dd61e5809d0ab1e0b3b8b393772c3b12482615dc5526938e2ac2672bff50637d
                                                                            • Instruction Fuzzy Hash: 3B016D756046409FDB20CF2AD985B66FFE8EF04620F0CC4AEED49CB252D665E508CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC3426, Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CertGetCertificateChain.CRYPT32(?,00000E2C,?,?), ref: 05CC3476
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CertCertificateChain
                                                                            • String ID:
                                                                            • API String ID: 3019455780-0
                                                                            • Opcode ID: f4a93b3affb07c0c7e08bbb04f42faf9469779a4f00177aee4117802cc375fc1
                                                                            • Instruction ID: 2eeaf3226a46cfe35e9b72a6de42459c84fc1aded8fadaffce25c13f27f00f35
                                                                            • Opcode Fuzzy Hash: f4a93b3affb07c0c7e08bbb04f42faf9469779a4f00177aee4117802cc375fc1
                                                                            • Instruction Fuzzy Hash: CE019E72500200ABD610DF16DD81B26FBA8EB88A20F14812AED088B641E735B915CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC127A, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05CC12C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: a29e1c04727f93f7c1e3de14c0284d6b29c83373dc45ef4547461e6150c3f029
                                                                            • Instruction ID: 75bb2180b85bb5adebea90714a419c093a551b853749abdd07a6ade751afc748
                                                                            • Opcode Fuzzy Hash: a29e1c04727f93f7c1e3de14c0284d6b29c83373dc45ef4547461e6150c3f029
                                                                            • Instruction Fuzzy Hash: 1C0169795006409FDB20DE1AD884B62FFE8EF04620F0CC49AED4ADB202D275E508CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC23BA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • setsockopt.WS2_32(?,?,?,?,?), ref: 05CC23F8
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: setsockopt
                                                                            • String ID:
                                                                            • API String ID: 3981526788-0
                                                                            • Opcode ID: 032c9e294ad417566809bde0304dde08e146575451d65a270d9a211a2f967848
                                                                            • Instruction ID: a56edf30b9ff22b370e932e06679aaacf7559a1b4eaf22dc0fd4b96528ff2642
                                                                            • Opcode Fuzzy Hash: 032c9e294ad417566809bde0304dde08e146575451d65a270d9a211a2f967848
                                                                            • Instruction Fuzzy Hash: DA018C75400640DFDB21CF56E844B66FFA4EF04320F08C8AEDE898B212D275A418DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CC1B06, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalMemoryStatusEx.KERNELBASE(?), ref: 05CC1B38
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481657713.0000000005CC0000.00000040.00000001.sdmp, Offset: 05CC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: GlobalMemoryStatus
                                                                            • String ID:
                                                                            • API String ID: 1890195054-0
                                                                            • Opcode ID: d38e88ff52ef2f384cc150ccce1b3bcd2e1be2dcd9cdd0b8f70a24754d1979cf
                                                                            • Instruction ID: 9b25397d7f4c550a126a552e3990f8737213b69fb574e0ecf71be9c632e5a752
                                                                            • Opcode Fuzzy Hash: d38e88ff52ef2f384cc150ccce1b3bcd2e1be2dcd9cdd0b8f70a24754d1979cf
                                                                            • Instruction Fuzzy Hash: 98018FB55006409FDB10CF2AD8857A6FFA4EF44220F18C4EFDD498B252E6B9A518CFB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F39D0, Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: 1d6018ffef7febda8645a9a3f11f758f30bef58323d1f04428e68d7c0ad699be
                                                                            • Instruction ID: dbb9f47b724d808f94458dac2773f061ecb2515b54bb3830391c1e56d8e96e17
                                                                            • Opcode Fuzzy Hash: 1d6018ffef7febda8645a9a3f11f758f30bef58323d1f04428e68d7c0ad699be
                                                                            • Instruction Fuzzy Hash: 63717130B000449BEF6596BCC454B6E7EDAFB8D310F50442EE24ACB796DEA9CD81D762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F39E0, Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: ab7d2ce9f4a6935cf8f5b8ebc6016e5f988eb5d79a331a79cde8b1db3b06c329
                                                                            • Instruction ID: 9019d37eff59dbfb1da1b3fd63230dd3464983568a3a5068289a9b8db62e15ff
                                                                            • Opcode Fuzzy Hash: ab7d2ce9f4a6935cf8f5b8ebc6016e5f988eb5d79a331a79cde8b1db3b06c329
                                                                            • Instruction Fuzzy Hash: 1A716030B000449BEF65A6BDC454B6E7DDAFB8C310F50442EE24ACB795DEA9CD81C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2CE0, Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: 705ea8e217db21539a12bd645344ea66dcb6b0224e650a7761856de6bbafe334
                                                                            • Instruction ID: bc589987374c9673630628a47125e8241c4527e18e849421bc4930d35e5bc27f
                                                                            • Opcode Fuzzy Hash: 705ea8e217db21539a12bd645344ea66dcb6b0224e650a7761856de6bbafe334
                                                                            • Instruction Fuzzy Hash: 3B51A7707002008FEF265A7CD45572E7A9AFB89315F25093EEA06CF796DE6ACC828751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2CF0, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@Dr
                                                                            • API String ID: 0-3830894600
                                                                            • Opcode ID: 7e2d1df9cb4db79355ec17cf7c394189df911a6a82d32c062fc63554060903bf
                                                                            • Instruction ID: db36fa532b43e74f0893bf4d6f006ff7a14ccd875a798d4d83ad8c56c1d09faa
                                                                            • Opcode Fuzzy Hash: 7e2d1df9cb4db79355ec17cf7c394189df911a6a82d32c062fc63554060903bf
                                                                            • Instruction Fuzzy Hash: 3E519170B002008FEF365A7DD49472E7A9AFB89315F60093DE70ACB795DE6ACC828751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F3D08, Relevance: .3, Instructions: 286COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1bb0683d6add0a57b7ae03bf26a16ee95e4c898f2e42e3f7d4a5af74fdc7b7e4
                                                                            • Instruction ID: c45e02a9344b76718fb0707ef0e0c38fbe4afc68e37d041ea495f2fd406cb0dd
                                                                            • Opcode Fuzzy Hash: 1bb0683d6add0a57b7ae03bf26a16ee95e4c898f2e42e3f7d4a5af74fdc7b7e4
                                                                            • Instruction Fuzzy Hash: D1A1EF31B042418FEBA5AB7C84546BE7BE2BF85350F1584BED645CF292EA35CC06CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F1A4A, Relevance: .3, Instructions: 252COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ab90df10373247a3c2423ccc1ccc885c6b6e93b11a4f77a2b0be3622e31a984b
                                                                            • Instruction ID: c3cfafc49036af94cfbc3612272ef9ce779db861f5cc08a06d8c9c9bc7381935
                                                                            • Opcode Fuzzy Hash: ab90df10373247a3c2423ccc1ccc885c6b6e93b11a4f77a2b0be3622e31a984b
                                                                            • Instruction Fuzzy Hash: 6391E1347005408BDB29AB78D4A936E7AA2FBC5310F14452ED2839F794DE3A8C86C796
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F1A89, Relevance: .2, Instructions: 242COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 735eed1f6e05092a4c53acab444da44734f9b4211858724f05703bf39863b231
                                                                            • Instruction ID: 42c9a7ad8272839676dfeee623e531972d2357c6e1c812a6fcfd7da5409f7345
                                                                            • Opcode Fuzzy Hash: 735eed1f6e05092a4c53acab444da44734f9b4211858724f05703bf39863b231
                                                                            • Instruction Fuzzy Hash: 7A81F434B00540CBDB29AB78D4A936E7AA2FFC5310F14452DD287AF794DE3A8C85C796
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2210, Relevance: .2, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 71aa5918bdbec0c6cbd7834b961408ecbff2d94628b45559ed0edc5f5ff4a7f5
                                                                            • Instruction ID: 1cdf4d7c71c8357c648e6d23e6b0c48b372756338d35ce668a7a0b9d7c227fe2
                                                                            • Opcode Fuzzy Hash: 71aa5918bdbec0c6cbd7834b961408ecbff2d94628b45559ed0edc5f5ff4a7f5
                                                                            • Instruction Fuzzy Hash: 5961B0706483868FDB169B7884287AD7FF2AF86304F2540BED645DF292EA75CC46CB11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F3800, Relevance: .2, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd2521fb8b6ce642bb99300e5a3f9e53a2ca691ee998db6c7cad911ef9864b88
                                                                            • Instruction ID: 7bb9e29ae43c6c54c83f2c1b557caae918ddad1c6fb377dfc3384affc673aea5
                                                                            • Opcode Fuzzy Hash: bd2521fb8b6ce642bb99300e5a3f9e53a2ca691ee998db6c7cad911ef9864b88
                                                                            • Instruction Fuzzy Hash: D651E131A052459FEB51DFA8C894AAEBBB2FF85310F1584BAE608DF262E735DC05C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F0770, Relevance: .2, Instructions: 163COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 211e03f5b39002787041d0d32dc84cf0dbc4c41aa10801e171065764281ddbcd
                                                                            • Instruction ID: a25203b8ff3d13a9c4488708744473596e7da191e488a26a0fd61347771fa3c2
                                                                            • Opcode Fuzzy Hash: 211e03f5b39002787041d0d32dc84cf0dbc4c41aa10801e171065764281ddbcd
                                                                            • Instruction Fuzzy Hash: C351B33074D3C28FD306873988646B97FB6AF96304B1980EBE144CF6A3EA65CC4AC751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F1F18, Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 366e69ccd12ba5791c97655343dc9c08d8eef5f638e0f4af9de5ec9bf092ee46
                                                                            • Instruction ID: 53be414b96f29a8de97ea5a2e99fd8b556f179a0673bc7832caa9568f2cc328a
                                                                            • Opcode Fuzzy Hash: 366e69ccd12ba5791c97655343dc9c08d8eef5f638e0f4af9de5ec9bf092ee46
                                                                            • Instruction Fuzzy Hash: E741EB31F002059FCF219BB998946AEBBB5FBC9220F24087EE655DB281EB358C05C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2FFA, Relevance: .1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1af95977a6e0bdb84edbd865bb228c634e4981b54b3fe32c68e86e567596d966
                                                                            • Instruction ID: 717a6eb2e32cc25a05aaa2c47e39524dbdf106f59b7755a6b84a90faad80a9ae
                                                                            • Opcode Fuzzy Hash: 1af95977a6e0bdb84edbd865bb228c634e4981b54b3fe32c68e86e567596d966
                                                                            • Instruction Fuzzy Hash: F7412E74B002559FEB61DE6CC890B6E7BA9FB86704F10086AE642DF391D771EC05CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2081, Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65e30f343ce4b3305ac02a073965931d227f2dba3137a7e9a31e12a8509f07a0
                                                                            • Instruction ID: 6abaa9084405a203922a941815323180411a42afdcdc35e1056306d040dafa08
                                                                            • Opcode Fuzzy Hash: 65e30f343ce4b3305ac02a073965931d227f2dba3137a7e9a31e12a8509f07a0
                                                                            • Instruction Fuzzy Hash: 73315774F002149BDB54EBB5D859BAE7BF6AFC8740F10852DE602EB284DE759C40CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2090, Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3af62ae68c4a5dac497dc9580a79e1731afa7f20ff1ff12359cec529cc632440
                                                                            • Instruction ID: e87864b0105b0283d42a9071c63a812f8ba72e3274c0442453778b558f49f213
                                                                            • Opcode Fuzzy Hash: 3af62ae68c4a5dac497dc9580a79e1731afa7f20ff1ff12359cec529cc632440
                                                                            • Instruction Fuzzy Hash: 55312774F002149BDB54EBB5D859BAE7AF6AFC8740F108429E606EB384EE759C40CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F0900, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1d4025051d61306fbbee6c6cba134d72ad9cc49188d7cb5831b878fa8e1127aa
                                                                            • Instruction ID: 2813c72418e6a5cd9d9f22388fc234fdba51c3ce6b3da60009d1030a8e6d3e7d
                                                                            • Opcode Fuzzy Hash: 1d4025051d61306fbbee6c6cba134d72ad9cc49188d7cb5831b878fa8e1127aa
                                                                            • Instruction Fuzzy Hash: 963187347006415FEB31865DD5C072AB7A7FB86320F28892EF69ACBB93D721EC418741
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F0910, Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 50801d43598ed679d45fe9c1cece7c406f0e98837ac575bd3039b28c52f583d6
                                                                            • Instruction ID: 1f499021c51be9624cbdb217192e594bf52a1310a6053dd3e988ee864d15f982
                                                                            • Opcode Fuzzy Hash: 50801d43598ed679d45fe9c1cece7c406f0e98837ac575bd3039b28c52f583d6
                                                                            • Instruction Fuzzy Hash: 782124347005015BEF35855DD6C072EB397FB49220F28892EF69ECBB92E724EC418741
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F1E3D, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 376b482308585137ab317f94ed126cfc9531419558d61e9e5e56f6b03ee92874
                                                                            • Instruction ID: 469dfcfbd9b5cce415ac3823882882fbb239f1e2b7ea5722c4b9d781ebd473ac
                                                                            • Opcode Fuzzy Hash: 376b482308585137ab317f94ed126cfc9531419558d61e9e5e56f6b03ee92874
                                                                            • Instruction Fuzzy Hash: 2421D831909784CFCF16DF7448911AC7FB1EF46240B0944EBCA85EF253D6398945CBA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CD300E, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481676430.0000000005CD0000.00000040.00000001.sdmp, Offset: 05CD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 580bc9feff5900543bb50c4b81e3c2907e4fadcf856f413270803a02688fa581
                                                                            • Instruction ID: c87fa4160b14718d74607da6d21283b1ca982465e8f35cc584b74d4b388a1d53
                                                                            • Opcode Fuzzy Hash: 580bc9feff5900543bb50c4b81e3c2907e4fadcf856f413270803a02688fa581
                                                                            • Instruction Fuzzy Hash: 9921B4B5608341AFD340CF19D880A5BFBE4EB89664F14896EF988D7311D275E9148FA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CD3A80, Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481676430.0000000005CD0000.00000040.00000001.sdmp, Offset: 05CD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f2d3841e139de83dda0c06981ef8c775f33a98802cbc4b12b35d1f5b5cadcbbe
                                                                            • Instruction ID: 8a1e1319093744d16229690e1a4852c942d0a9228e9e577b7c8a3bbf543d8f1a
                                                                            • Opcode Fuzzy Hash: f2d3841e139de83dda0c06981ef8c775f33a98802cbc4b12b35d1f5b5cadcbbe
                                                                            • Instruction Fuzzy Hash: 5611B8B5608301AFD340CF19D880A5BFBE4FB88664F14896EF998D7311D275EA148FA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02EB075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473513206.0000000002EB0000.00000040.00000040.sdmp, Offset: 02EB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e48047143afb5b2c4181d41fde7c7b0827f961f0f40cdc08594a67a8a1c8722
                                                                            • Instruction ID: cca8cf22053220b4747e850060a4fde2c61cf641f358ab3d3709ee3a20f96364
                                                                            • Opcode Fuzzy Hash: 6e48047143afb5b2c4181d41fde7c7b0827f961f0f40cdc08594a67a8a1c8722
                                                                            • Instruction Fuzzy Hash: 6C11E434244284EFD716DB20D984BA7FB95AF88708F24D5ACE9491BA53C777E803CE51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F1E68, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4b8b5d76f7bfbb7cfce3e6c1d2a9555b078869ec922d97b2efcd7dda72153ead
                                                                            • Instruction ID: 5cb109381bd411331a774978859c80ed45e44d6dec6dfba04cca2705346dde22
                                                                            • Opcode Fuzzy Hash: 4b8b5d76f7bfbb7cfce3e6c1d2a9555b078869ec922d97b2efcd7dda72153ead
                                                                            • Instruction Fuzzy Hash: 99014031E00215CFCF25EFB889801ADBBF5EB88250B55447ECA49FB251D639E9418BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02EB05D3, Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473513206.0000000002EB0000.00000040.00000040.sdmp, Offset: 02EB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8fb31186b674b4b4e10967581a9edac46c220265ca4b8b579988040a4cb5e94f
                                                                            • Instruction ID: f4e2ae57a4e9121bbc6f8d5a76c3728ac52ff07e7621baa43e60e4541ab5f88f
                                                                            • Opcode Fuzzy Hash: 8fb31186b674b4b4e10967581a9edac46c220265ca4b8b579988040a4cb5e94f
                                                                            • Instruction Fuzzy Hash: FEF0A9765097806FD7128B16EC40863FFB8DF86630709C49FED49CB652D129A909CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02EB074C, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473513206.0000000002EB0000.00000040.00000040.sdmp, Offset: 02EB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd0e814960cd1ed61640a1851bbeda662cb0b07903f6ff54cad5f1e574d9522a
                                                                            • Instruction ID: b5eb3c2c232e413aa4421068e3c5b8063bf4035f59684f7997e928292f4c740c
                                                                            • Opcode Fuzzy Hash: bd0e814960cd1ed61640a1851bbeda662cb0b07903f6ff54cad5f1e574d9522a
                                                                            • Instruction Fuzzy Hash: 911130351492849FC717DB10D990B56BFB1AF46708F28C6EED8895B6A3C33A9806CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2F2A, Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 77715fae3c313017cc316d47dab9c11510852b7498fa659aa09ad2049065763b
                                                                            • Instruction ID: ce5b0089998ea31cce2d2b2543e020612758e16652a819fecf3ef43c6f5d6e6f
                                                                            • Opcode Fuzzy Hash: 77715fae3c313017cc316d47dab9c11510852b7498fa659aa09ad2049065763b
                                                                            • Instruction Fuzzy Hash: AB013C34308346CFCB44AB34C45845DBFEAFF85314B108A6DEA9A87255EFB5AC45DB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F4615, Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4ee4340d38567f46c1cbd71dc7d6fa6e658ac2964d228640e0a883861098964c
                                                                            • Instruction ID: d52484ced49c2fcb653895ca52bccae4db1a96a606be87950bcc03481f9eaa31
                                                                            • Opcode Fuzzy Hash: 4ee4340d38567f46c1cbd71dc7d6fa6e658ac2964d228640e0a883861098964c
                                                                            • Instruction Fuzzy Hash: DAF08C71B002149BCB06AB28D4182AE77A2FFC4315B10802AE9028F3A5CF3ACD42CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F3FC7, Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf59bdf22f1d7975eb0abf2367c333a67d13126d291ea64f7f9a0957e372a32b
                                                                            • Instruction ID: b4dd182a16317ab61a9f1a57b70eb82ad16963b022ec6ede1a9b385fed3373cb
                                                                            • Opcode Fuzzy Hash: cf59bdf22f1d7975eb0abf2367c333a67d13126d291ea64f7f9a0957e372a32b
                                                                            • Instruction Fuzzy Hash: 40F0F672A014208BC710BF7CA05416DB7E5EB88214F12487DDA9ADB384DF314D248382
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02EB0818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473513206.0000000002EB0000.00000040.00000040.sdmp, Offset: 02EB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                                            • Instruction ID: fce198a8069b152238139d41c939204338a5841ddb99b2ef353ddfb918bd6171
                                                                            • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                                            • Instruction Fuzzy Hash: C1F06D35144640DFC302DF00D940B66FBA2EB89718F24C6ADE9480BB52C337E813DE81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02EB05F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473513206.0000000002EB0000.00000040.00000040.sdmp, Offset: 02EB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d3f69cfcd05e36266bbff6022167b8323901b47d61df16b77bd5d199613e102b
                                                                            • Instruction ID: 64013299dfa6fa7aa4293429a0e5e30c7048b1926219504e457014dc757e44a5
                                                                            • Opcode Fuzzy Hash: d3f69cfcd05e36266bbff6022167b8323901b47d61df16b77bd5d199613e102b
                                                                            • Instruction Fuzzy Hash: DBE06D766006008B9650CF0BEC41452F7A8EB88630B18C06FDC0D8B701E539B504CEA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CD3AEB, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481676430.0000000005CD0000.00000040.00000001.sdmp, Offset: 05CD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30adb98f1514e2be2447e2f2f057725c52916463ab9013e7b2e9eda34971b44e
                                                                            • Instruction ID: 79914eb5329551215c6474b43656466779636b55af34a4ea5440719af69b9f2f
                                                                            • Opcode Fuzzy Hash: 30adb98f1514e2be2447e2f2f057725c52916463ab9013e7b2e9eda34971b44e
                                                                            • Instruction Fuzzy Hash: 4DE0D8B255030067D2108F06AC45B53FB98DB44A30F18C56BED0C5B302D175B514CAE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CD3083, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481676430.0000000005CD0000.00000040.00000001.sdmp, Offset: 05CD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4e86d15556185d862356fb7b7963c12ca8f524ce95b69ec07f2a6048165456d0
                                                                            • Instruction ID: fc2a368f3bb85bcfe60cb2e99a7e369b82d5a676e2534d1069035ba0f52584fb
                                                                            • Opcode Fuzzy Hash: 4e86d15556185d862356fb7b7963c12ca8f524ce95b69ec07f2a6048165456d0
                                                                            • Instruction Fuzzy Hash: 4BE0D87260130067D2108F06AC45B53FB98DB40A30F18C557EE0C5F302D175B5148AE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05CD3397, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.481676430.0000000005CD0000.00000040.00000001.sdmp, Offset: 05CD0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d6f54de1ec23133db28334c9f0c405ee560113098363b282485f72d42549e2b
                                                                            • Instruction ID: b54f19dce2a897214aeeb1699755b8a6f4042d870fcabb1b19823ec4dcd4198a
                                                                            • Opcode Fuzzy Hash: 2d6f54de1ec23133db28334c9f0c405ee560113098363b282485f72d42549e2b
                                                                            • Instruction Fuzzy Hash: 87E0D87290030067D2109F06AC45B53FB98DB40A30F18C557EE0D5B302D176B514CEE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2FD8, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 446717bd0d9cf77efad54771c514210b93815a15cbaa2d99fec54d9c4cae4432
                                                                            • Instruction ID: 562fadb4ce62f074ff4a3ca6fd63cb229ad56be83690b0b616963a3d0550d4c5
                                                                            • Opcode Fuzzy Hash: 446717bd0d9cf77efad54771c514210b93815a15cbaa2d99fec54d9c4cae4432
                                                                            • Instruction Fuzzy Hash: 94E04F382883818FDBAA6778A4202653FA9BB47314B5500DFD385CF2B2DA26D842C721
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2CB1, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9e5e4476fb0ac23ae4e077f80f4a87afbc93f7229889a810edfd3a477a993e07
                                                                            • Instruction ID: 797f47fb223def4fcc68bbd9640b774eb37d2c085587f2d6e6c87ea08a16cb2b
                                                                            • Opcode Fuzzy Hash: 9e5e4476fb0ac23ae4e077f80f4a87afbc93f7229889a810edfd3a477a993e07
                                                                            • Instruction Fuzzy Hash: 32E0173424D3D40FC706ABBC56248A83FA59E4B20831905EFE2C5CBB72D86698068B55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F3008, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 122ed1fde1d3910b543e82f2285eebd87e6d1ac65d8065bb1d47eaafed2c41ef
                                                                            • Instruction ID: 0293503a36c130e1c4053a72f8c6bd7107756a6b5ddca569d55f582a4a307c44
                                                                            • Opcode Fuzzy Hash: 122ed1fde1d3910b543e82f2285eebd87e6d1ac65d8065bb1d47eaafed2c41ef
                                                                            • Instruction Fuzzy Hash: BED0C9306002048BEB655A68A55572E335DF745318F20086AD606CB242EA77EC80D750
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015F2CC0, Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.473175580.00000000015F0000.00000040.00000001.sdmp, Offset: 015F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 90bfc116d6a02b2143d743c009552c89046b12e3a27d94a205836a42ab262365
                                                                            • Instruction ID: c7eac7ac1031877dceb3545812970f570837b3787975f7c66b7e11df3ccb1122
                                                                            • Opcode Fuzzy Hash: 90bfc116d6a02b2143d743c009552c89046b12e3a27d94a205836a42ab262365
                                                                            • Instruction Fuzzy Hash: B9C012317142244B8B04ABB9A0048A97BDCDB8A22030000AEE64AC7B10E9A2AC004B84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Analysis Process: file1.exe PID: 4076 Parent PID: 5784 file1.exeCOMMON

                                                                            Executed Functions

                                                                            Function 054CAD38, Relevance: 2.2, Strings: 1, Instructions: 907COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: r
                                                                            • API String ID: 0-1812594589
                                                                            • Opcode ID: 483c7b444e3024213927509dbbb5003a2e856addb71eb060ab627bbea82e946e
                                                                            • Instruction ID: db16dfc31ce853539a42cbe46953942f628adb8567a170bc6772db9632388b52
                                                                            • Opcode Fuzzy Hash: 483c7b444e3024213927509dbbb5003a2e856addb71eb060ab627bbea82e946e
                                                                            • Instruction Fuzzy Hash: 8B824774A00609DFCB54CF68C585AAEBBB2FF88310F55C5AAD45AAB751D730E881CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C2D58, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $>_Ir
                                                                            • API String ID: 0-1787506450
                                                                            • Opcode ID: 3d3f5a287838fd837aa9d76931ca462ea17b6f0f43df566889a08502f6386d9a
                                                                            • Instruction ID: 60964e66243614535495c8a55eec7cf3bc2e4aa5dc7e8f282b29710478062057
                                                                            • Opcode Fuzzy Hash: 3d3f5a287838fd837aa9d76931ca462ea17b6f0f43df566889a08502f6386d9a
                                                                            • Instruction Fuzzy Hash: F941817CE082559BCB94DB69C8405FEBFA3BBC2215B1584BBC495AB605C6F1D8438741
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CD947, Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: lir
                                                                            • API String ID: 0-3872640509
                                                                            • Opcode ID: c3860680453cf9fe5aacc0048695f66d1cc14e715fd5949b03cdf5d70eb60630
                                                                            • Instruction ID: 003c7d0eea2fb267f379a7446ef73d02ee3b608f58d89ce4632dd9b2e3023ce4
                                                                            • Opcode Fuzzy Hash: c3860680453cf9fe5aacc0048695f66d1cc14e715fd5949b03cdf5d70eb60630
                                                                            • Instruction Fuzzy Hash: D5219C39A08254CBCB94DA6894047EEBBE6BBC8210F1441BFD44AEB340DB31A8428791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C6D28, Relevance: .2, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9ca3a48d60a8232b379c718f90eac46f9e5dc9dd37eb7473736251ea9c6afd3
                                                                            • Instruction ID: 7cb645570abcd1a1f215483e7f1e979deb082a21c6d3966296b5697487c16dbb
                                                                            • Opcode Fuzzy Hash: a9ca3a48d60a8232b379c718f90eac46f9e5dc9dd37eb7473736251ea9c6afd3
                                                                            • Instruction Fuzzy Hash: B2516135B042158BCB58DBBDC4549AEBBF3BFC4300B2585AEC406AB395DE74AC42CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C7D68, Relevance: .1, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0d1aaf4a5bbd52e9137487c88a6a40c182af503a3b9a97418b9ee976fed1874c
                                                                            • Instruction ID: 8f92ded23c2d35e9716f709c5ac119b76c09cd740387ef60454de4c42cc539a5
                                                                            • Opcode Fuzzy Hash: 0d1aaf4a5bbd52e9137487c88a6a40c182af503a3b9a97418b9ee976fed1874c
                                                                            • Instruction Fuzzy Hash: CE51D379D00218CFCB58CFA9D5845EDBBF1FB88310F2085AED55AA7294E7316946CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C6D18, Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f3a7eb266b002e6f99f2a8ba6174d5484aac6cc35dca103e03b3b84fc4a163ee
                                                                            • Instruction ID: ad3dd8e73c2797568372c9a28e8dc97fd813b8b4f27e4c8957ca1d3f1f1f1953
                                                                            • Opcode Fuzzy Hash: f3a7eb266b002e6f99f2a8ba6174d5484aac6cc35dca103e03b3b84fc4a163ee
                                                                            • Instruction Fuzzy Hash: 8F314C75E042198BCB48DBB9D4549EEBBF3AFC4310B15856EC806AB355DA30AD46CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CE528, Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 77e2868faef56034da70138560a7f55907ab9ab4a762f046e8e497c60a7ac0e3
                                                                            • Instruction ID: 3eaa159016039cb081bfe60933bb4234e7e71ba2d71d5980dc8eace56050786d
                                                                            • Opcode Fuzzy Hash: 77e2868faef56034da70138560a7f55907ab9ab4a762f046e8e497c60a7ac0e3
                                                                            • Instruction Fuzzy Hash: F8411A34A05B50CFD37ACB6AC5407A6BBE6BFC4305F5488AEC09786BA0DB75E452CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C8108, Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3a1482148dad07566843ba7bc250b2d5a5138e44677fe781a216a95f06054706
                                                                            • Instruction ID: 6eb172752f50fe93b3d1ccdd58865d148b82172923e9bb4df24bd5bc11e0dfb0
                                                                            • Opcode Fuzzy Hash: 3a1482148dad07566843ba7bc250b2d5a5138e44677fe781a216a95f06054706
                                                                            • Instruction Fuzzy Hash: 92313834B14205DFCB99EBB9E4684A93FA3FBD525175585AAE002CB390DF788D02CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CA178, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c51c7d54609ba01222e22a964ae4a4f391b1c04da79411838bfc7c27fd9f3d3e
                                                                            • Instruction ID: 22ffcfa82b28e3603c8616ab9c8ffc7c990b3f56a5d03fbe38b10e365eed452d
                                                                            • Opcode Fuzzy Hash: c51c7d54609ba01222e22a964ae4a4f391b1c04da79411838bfc7c27fd9f3d3e
                                                                            • Instruction Fuzzy Hash: 3111B174B0421D9BCB58DA6AD840AEF7FB7BBC4640F5044AED503AB380EF719C028790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C4511, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: db251badf45b24062004565ab13baedd0bb913ccb7d80c776e407b4a52fb8043
                                                                            • Instruction ID: 4b313758d1c6be65aaf09a8e808ca7a0c84627893a1a9f359ac7cab77cd349db
                                                                            • Opcode Fuzzy Hash: db251badf45b24062004565ab13baedd0bb913ccb7d80c776e407b4a52fb8043
                                                                            • Instruction Fuzzy Hash: DE11E736F081108BCF45DA6D94201FFBBA69FC6221F0541BFDA469B390DAA59846C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CA17E, Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b85481c80a64f79bdc7eb942d47ba85cf99bc3ef91ba777036e84b155af95e25
                                                                            • Instruction ID: 4a48d946302ce4656823001b168aed63b65da5d07b62b2d8b60e21440671f45a
                                                                            • Opcode Fuzzy Hash: b85481c80a64f79bdc7eb942d47ba85cf99bc3ef91ba777036e84b155af95e25
                                                                            • Instruction Fuzzy Hash: AE115174B1411A9BCB58DA69D840AEE7BB7BBD4740F5045AED502AB380EF7198018790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C7D58, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 82172200707fcb4759a5e3b8b5c1b3e36cad7d959fd468822ace66b464b92ea8
                                                                            • Instruction ID: f5b1febdeed015be5240d2d4c7541f8863055bfc4d5f6744e3491a2fc892f4c7
                                                                            • Opcode Fuzzy Hash: 82172200707fcb4759a5e3b8b5c1b3e36cad7d959fd468822ace66b464b92ea8
                                                                            • Instruction Fuzzy Hash: 5C1149369042049FDB55CB68D444AEABFF2EB88300F1144FED552AB2A1E771694ACB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CA540, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bb644920aff207dbc23d205144938ee3d1eb07237f67213e5a084955037319e2
                                                                            • Instruction ID: d06fe2f2774e3d6b79b143d2106f8d3da5b49bf3a9a632cde648b5eb33fd4418
                                                                            • Opcode Fuzzy Hash: bb644920aff207dbc23d205144938ee3d1eb07237f67213e5a084955037319e2
                                                                            • Instruction Fuzzy Hash: 9B017C75F002099FCB90EBBAA8057EEBFF4FB84210F1081BAD609D7640EB3459008BD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CFD3F, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 00d7f335d42888da3b6548f4395b4c0ad65f501a89606afad378e94604e88d6c
                                                                            • Instruction ID: 2581695eeccaddb21886f128792392cbc9f46304168b0c243f6e33d1559c3184
                                                                            • Opcode Fuzzy Hash: 00d7f335d42888da3b6548f4395b4c0ad65f501a89606afad378e94604e88d6c
                                                                            • Instruction Fuzzy Hash: 3DF0C236800218BFCB92DFB4C845AEDBFF6EF4D210F0480ABE449D6211D6358616DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C0908, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e69226f398fd97fcf76eb0afb5366c954ecfd27e6b352e0dde28e17ae196ebfa
                                                                            • Instruction ID: 8780777adf7afe7bf6f3bea46c91476b4196a55fe07505c4084073d4a8b0f2fa
                                                                            • Opcode Fuzzy Hash: e69226f398fd97fcf76eb0afb5366c954ecfd27e6b352e0dde28e17ae196ebfa
                                                                            • Instruction Fuzzy Hash: BEF0BE34919280DFD7909AF848286EF3FE68BC6250B0604EB884B9B311D9684C438241
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C0918, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3fe6602f5b59bd0f6ac83e865885f23d0408f78d383ff4065256f4e140da4111
                                                                            • Instruction ID: 69c5cde7f96145f2759be78c2d03b1319a26631a04d7e687b34f87568d19f091
                                                                            • Opcode Fuzzy Hash: 3fe6602f5b59bd0f6ac83e865885f23d0408f78d383ff4065256f4e140da4111
                                                                            • Instruction Fuzzy Hash: 50E0E53AE19218DA9B9099F898086EFBFAA97C5250F0044AB9A0FAB300D970480642D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CFD50, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a106cd2ff4686c4a8bfbf1e73699d38516325069dd8cafe3a2cca626c41f2628
                                                                            • Instruction ID: fa2bf58a456d28bb0050d7bce6a5df578e8d2d1d4bf1c298fc4e8c322bbb1162
                                                                            • Opcode Fuzzy Hash: a106cd2ff4686c4a8bfbf1e73699d38516325069dd8cafe3a2cca626c41f2628
                                                                            • Instruction Fuzzy Hash: DDF0B435900218FFCB81DFA5C8009EDBFF6EF4C210B0080ABE558D7120D6358624DF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CED07, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 167bc7628d317ada403297f982d0e935252fe7683e1fb7caf495765e3f0a19f6
                                                                            • Instruction ID: f7509209c76e2be854c8deb686d6d187a1e4e0e7943b3f1db621234d2460599f
                                                                            • Opcode Fuzzy Hash: 167bc7628d317ada403297f982d0e935252fe7683e1fb7caf495765e3f0a19f6
                                                                            • Instruction Fuzzy Hash: 19E08C357082181BEB08D5A8D85276A7BCAFBC6558B09886EA50ADF381C952DC0283D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054C0170, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0eab0fedac9f3a3523b60b502b2249bb2f42af5369544ee1685e783dfe431be
                                                                            • Instruction ID: c13e481cc1ecce7a751b7eb99fe353b087822ddf7f6e11118fb49b688ef6b596
                                                                            • Opcode Fuzzy Hash: a0eab0fedac9f3a3523b60b502b2249bb2f42af5369544ee1685e783dfe431be
                                                                            • Instruction Fuzzy Hash: 76E0C270A053408FC71A9BB4A02A0B83FB1EE4A25130604BFC486CF662DA368893CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CFD08, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 47561f56a3f584ddd5fc02fd6937c88e0f704db39a15e8f2e77888b457beb3ca
                                                                            • Instruction ID: 44f11c171ffa6190e20e063da7a3f4b9e649abde6cdc74239c196a7325a5a550
                                                                            • Opcode Fuzzy Hash: 47561f56a3f584ddd5fc02fd6937c88e0f704db39a15e8f2e77888b457beb3ca
                                                                            • Instruction Fuzzy Hash: 7AD097B17003212BE314453EFC067D33BAA8BC8700F12C0923409DF1C1D8A42C0A83E3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CED18, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4a09e76df00e4a87f3248013cfaea728618aced958df20e97b546261b1197412
                                                                            • Instruction ID: 9fd5937acff021b55142c7a8094401ff96d79cf9ed2a75ee86ce8c55d5429ac7
                                                                            • Opcode Fuzzy Hash: 4a09e76df00e4a87f3248013cfaea728618aced958df20e97b546261b1197412
                                                                            • Instruction Fuzzy Hash: DCD05E357401185B6A08E5ACC81197A73CEEBC5554304885EE50ADB340CD62DC0283D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CED50, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5bad44c7c23f46d715bdebb12409a55148eb01cf019b542880474d4e87ad6afd
                                                                            • Instruction ID: a75329c268da3579872573a1a0e45a857ece3bae9f1317a165720c929ab89060
                                                                            • Opcode Fuzzy Hash: 5bad44c7c23f46d715bdebb12409a55148eb01cf019b542880474d4e87ad6afd
                                                                            • Instruction Fuzzy Hash: 10D01221D0EBCC0FEF4663B4B81A30CBFE85B82555F8B41D79449CE183E97458088766
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054CED60, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000015.00000002.479321308.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c477bd677ef36afc3c969f818be5d24a8ce762cbf568272f4ce5f585a1a035e5
                                                                            • Instruction ID: e4608222e45594adf2a33bcb6c8eff35277aec5f44b9f70e4dab905b7c9f2844
                                                                            • Opcode Fuzzy Hash: c477bd677ef36afc3c969f818be5d24a8ce762cbf568272f4ce5f585a1a035e5
                                                                            • Instruction Fuzzy Hash: 79B01224E4270C4BDDD433F1700C11CBBCC19C081078000AA991D4B201BE74A4044695
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions