Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report DOCS.exe

Overview

General Information

Sample Name:DOCS.exe
Analysis ID:452541
MD5:8e2aa51f45393d980a4d9b20947976b6
SHA1:44742c0e7752ece4ed49c40d0f1b4e893c291005
SHA256:02e6972eec66f1f2b9898fa662d59c1f47856f180dad385d766399ecaf763f5b
Tags:AgentTeslaexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the hosts file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • DOCS.exe (PID: 4992 cmdline: 'C:\Users\user\Desktop\DOCS.exe' MD5: 8E2AA51F45393D980A4D9B20947976B6)
    • DOCS.exe (PID: 5928 cmdline: C:\Users\user\Desktop\DOCS.exe MD5: 8E2AA51F45393D980A4D9B20947976B6)
  • NXLun.exe (PID: 5372 cmdline: 'C:\Users\user\AppData\Roaming\NXLun\NXLun.exe' MD5: 8E2AA51F45393D980A4D9B20947976B6)
    • NXLun.exe (PID: 5388 cmdline: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe MD5: 8E2AA51F45393D980A4D9B20947976B6)
  • NXLun.exe (PID: 1660 cmdline: 'C:\Users\user\AppData\Roaming\NXLun\NXLun.exe' MD5: 8E2AA51F45393D980A4D9B20947976B6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 18 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.DOCS.exe.4045b60.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              1.2.DOCS.exe.4045b60.6.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                1.2.DOCS.exe.4085b80.8.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  1.2.DOCS.exe.4085b80.8.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    1.2.DOCS.exe.4045b60.6.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 23 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeReversingLabs: Detection: 52%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: DOCS.exeVirustotal: Detection: 41%Perma Link
                      Source: DOCS.exeReversingLabs: Detection: 52%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeJoe Sandbox ML: detected
                      Machine Learning detection for sampleShow sources
                      Source: DOCS.exeJoe Sandbox ML: detected
                      Source: 4.2.DOCS.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 18.2.NXLun.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: DOCS.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: DOCS.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: RunPE.pdb source: DOCS.exe, NXLun.exe, 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp
                      Source: global trafficTCP traffic: 192.168.2.7:49738 -> 208.91.199.225:587
                      Source: global trafficTCP traffic: 192.168.2.7:49738 -> 208.91.199.225:587
                      Source: unknownDNS traffic detected: queries for: us2.smtp.mailhostbox.com
                      Source: DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                      Source: NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpString found in binary or memory: http://hFHvHh.com
                      Source: DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0A
                      Source: DOCS.exe, 00000004.00000002.506101125.0000000002EC6000.00000004.00000001.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                      Source: DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%$
                      Source: NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                      Source: DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
                      Source: DOCS.exe, 00000004.00000002.506391286.0000000002EED000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.506031808.0000000002EC0000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.505417799.0000000002E89000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.506468128.0000000002EF5000.00000004.00000001.sdmpString found in binary or memory: https://wiYfivfC8nSIDolSjnz.org
                      Source: DOCS.exe, 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, NXLun.exe, 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: NXLun.exe, 00000011.00000002.336441928.0000000000BF8000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      Spam, unwanted Advertisements and Ransom Demands:

                      barindex
                      Modifies the hosts fileShow sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_052D3F501_2_052D3F50
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_052C86F91_2_052C86F9
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_02C854401_2_02C85440
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_02C85A881_2_02C85A88
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_02C83F681_2_02C83F68
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_02C854311_2_02C85431
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_02C83F581_2_02C83F58
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F530234_2_00F53023
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F507D04_2_00F507D0
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F56B684_2_00F56B68
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F51F884_2_00F51F88
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F572C04_2_00F572C0
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F59C504_2_00F59C50
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F5CFD84_2_00F5CFD8
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F8A2084_2_00F8A208
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F856A04_2_00F856A0
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00FD47A04_2_00FD47A0
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00FD47904_2_00FD4790
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00FD47724_2_00FD4772
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D2D68817_2_04D2D688
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D2685017_2_04D26850
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D26FF817_2_04D26FF8
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D26FE817_2_04D26FE8
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 18_2_02E647A018_2_02E647A0
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 18_2_02E63E5818_2_02E63E58
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 18_2_02E6477218_2_02E64772
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 18_2_02E6473018_2_02E64730
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 20_2_030C543120_2_030C5431
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 20_2_030C5A8820_2_030C5A88
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 20_2_030C3F5820_2_030C3F58
                      Source: DOCS.exeBinary or memory string: OriginalFilename vs DOCS.exe
                      Source: DOCS.exe, 00000001.00000002.241023078.0000000000962000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSymlink-Maker.exe< vs DOCS.exe
                      Source: DOCS.exe, 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPE.dll" vs DOCS.exe
                      Source: DOCS.exe, 00000001.00000002.243031996.0000000003E8C000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWallpaperChanger.dllB vs DOCS.exe
                      Source: DOCS.exe, 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameufAxLJHDduVRtbIELqoQRnLFzE.exe4 vs DOCS.exe
                      Source: DOCS.exe, 00000004.00000002.496448083.00000000007B2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSymlink-Maker.exe< vs DOCS.exe
                      Source: DOCS.exe, 00000004.00000002.510065671.0000000005FB0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs DOCS.exe
                      Source: DOCS.exe, 00000004.00000002.496583189.0000000000B58000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs DOCS.exe
                      Source: DOCS.exe, 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameufAxLJHDduVRtbIELqoQRnLFzE.exe4 vs DOCS.exe
                      Source: DOCS.exeBinary or memory string: OriginalFilenameSymlink-Maker.exe< vs DOCS.exe
                      Source: DOCS.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: DOCS.exe, Regedit.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: DOCS.exe, Regedit.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 1.0.DOCS.exe.890000.0.unpack, Regedit.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 1.0.DOCS.exe.890000.0.unpack, Regedit.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 1.2.DOCS.exe.890000.0.unpack, Regedit.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 1.2.DOCS.exe.890000.0.unpack, Regedit.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: NXLun.exe.4.dr, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: NXLun.exe.4.dr, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 4.0.DOCS.exe.6e0000.0.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 4.0.DOCS.exe.6e0000.0.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 17.0.NXLun.exe.3a0000.0.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 17.0.NXLun.exe.3a0000.0.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 17.2.NXLun.exe.3a0000.0.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 17.2.NXLun.exe.3a0000.0.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 1.2.DOCS.exe.890000.0.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 1.2.DOCS.exe.890000.0.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 1.0.DOCS.exe.890000.0.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 1.0.DOCS.exe.890000.0.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 4.2.DOCS.exe.6e0000.1.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 4.2.DOCS.exe.6e0000.1.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: DOCS.exe, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: DOCS.exe, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 18.0.NXLun.exe.a30000.0.unpack, Regedit.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 18.0.NXLun.exe.a30000.0.unpack, Regedit.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@7/6@1/1
                      Source: C:\Users\user\Desktop\DOCS.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DOCS.exe.logJump to behavior
                      Source: DOCS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\DOCS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DOCS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DOCS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: DOCS.exeVirustotal: Detection: 41%
                      Source: DOCS.exeReversingLabs: Detection: 52%
                      Source: C:\Users\user\Desktop\DOCS.exeFile read: C:\Users\user\Desktop\DOCS.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\DOCS.exe 'C:\Users\user\Desktop\DOCS.exe'
                      Source: C:\Users\user\Desktop\DOCS.exeProcess created: C:\Users\user\Desktop\DOCS.exe C:\Users\user\Desktop\DOCS.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe 'C:\Users\user\AppData\Roaming\NXLun\NXLun.exe'
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess created: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe 'C:\Users\user\AppData\Roaming\NXLun\NXLun.exe'
                      Source: C:\Users\user\Desktop\DOCS.exeProcess created: C:\Users\user\Desktop\DOCS.exe C:\Users\user\Desktop\DOCS.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess created: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe C:\Users\user\AppData\Roaming\NXLun\NXLun.exeJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: DOCS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: DOCS.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: RunPE.pdb source: DOCS.exe, NXLun.exe, 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp
                      Source: DOCS.exeStatic PE information: 0x91B5E3D7 [Thu Jun 20 04:11:03 2047 UTC]
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_052C513D pushfd ; retf 1_2_052C5143
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_052C4D87 push ebx; iretd 1_2_052C4D88
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_052C936D push es; iretd 1_2_052C936E
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_052C76F5 push ss; retf 1_2_052C7892
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 1_2_02C8C032 push edx; retf 1_2_02C8C02A
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D29092 push E0E8CE8Bh; ret 17_2_04D2909D
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D2E9C2 pushad ; ret 17_2_04D2E9C9
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D265E3 push 2400025Eh; retf 17_2_04D265F1
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeCode function: 17_2_04D2EE73 push ebp; retf 17_2_04D2EE78
                      Source: C:\Users\user\Desktop\DOCS.exeFile created: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeJump to dropped file
                      Source: C:\Users\user\Desktop\DOCS.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NXLunJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NXLunJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\DOCS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\DOCS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\DOCS.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeWindow / User API: threadDelayed 1070Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeWindow / User API: threadDelayed 8785Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeWindow / User API: threadDelayed 9549Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exe TID: 1232Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exe TID: 5072Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exe TID: 5712Thread sleep count: 1070 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exe TID: 5712Thread sleep count: 8785 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe TID: 4644Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe TID: 4840Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe TID: 4520Thread sleep count: 296 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe TID: 4520Thread sleep count: 9549 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DOCS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DOCS.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: NXLun.exeBinary or memory string: 3oEK0R7Nl5u1+kFZIzuylTq5IlSverUm3tJvbDoGCqNlts9V00GfVjTuJYdbQ18DniAOJNJ3hmmLJ7Lnt4nVuOFzn56MTpkwqqGN8dutXcbdfZ9RnrQemUuZykL0LGjQpW
                      Source: DOCS.exe, 00000004.00000002.510536562.00000000064B0000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\DOCS.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeCode function: 4_2_00F5A3B0 LdrInitializeThunk,4_2_00F5A3B0
                      Source: C:\Users\user\Desktop\DOCS.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Modifies the hosts fileShow sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeProcess created: C:\Users\user\Desktop\DOCS.exe C:\Users\user\Desktop\DOCS.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeProcess created: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe C:\Users\user\AppData\Roaming\NXLun\NXLun.exeJump to behavior
                      Source: DOCS.exe, 00000004.00000002.501242387.0000000001570000.00000002.00000001.sdmp, NXLun.exe, 00000012.00000002.500083454.00000000018E0000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
                      Source: DOCS.exe, 00000004.00000002.501242387.0000000001570000.00000002.00000001.sdmp, NXLun.exe, 00000012.00000002.500083454.00000000018E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: DOCS.exe, 00000004.00000002.501242387.0000000001570000.00000002.00000001.sdmp, NXLun.exe, 00000012.00000002.500083454.00000000018E0000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: DOCS.exe, 00000004.00000002.501242387.0000000001570000.00000002.00000001.sdmp, NXLun.exe, 00000012.00000002.500083454.00000000018E0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Users\user\Desktop\DOCS.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Users\user\Desktop\DOCS.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings:

                      barindex
                      Modifies the hosts fileShow sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.DOCS.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NXLun.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4025b40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c75b40.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.DOCS.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.2dc55d4.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NXLun.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4025b40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c75b40.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.2dd4408.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.2a15758.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.2a2458c.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.241626967.0000000002CB1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DOCS.exe PID: 5928, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DOCS.exe PID: 4992, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NXLun.exe PID: 5388, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NXLun.exe PID: 5372, type: MEMORY
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\DOCS.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\Desktop\DOCS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DOCS.exe PID: 5928, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NXLun.exe PID: 5388, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.DOCS.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NXLun.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4025b40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c75b40.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4045b60.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.DOCS.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.2dc55d4.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3cd5b80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NXLun.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4085b80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.4025b40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c75b40.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.3c95b60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.DOCS.exe.2dd4408.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.2a15758.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.NXLun.exe.2a2458c.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.241626967.0000000002CB1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DOCS.exe PID: 5928, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DOCS.exe PID: 4992, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NXLun.exe PID: 5388, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NXLun.exe PID: 5372, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Registry Run Keys / Startup Folder1Process Injection12File and Directory Permissions Modification1OS Credential Dumping2System Information Discovery114Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Disable or Modify Tools1Input Capture1Query Registry1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Credentials in Registry1Security Software Discovery211SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput Capture1Scheduled TransferApplication Layer Protocol11SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsVirtualization/Sandbox Evasion131SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonTimestomp1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion131Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection12/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Hidden Files and Directories1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 452541 Sample: DOCS.exe Startdate: 22/07/2021 Architecture: WINDOWS Score: 100 39 Multi AV Scanner detection for submitted file 2->39 41 Yara detected AgentTesla 2->41 43 Yara detected AgentTesla 2->43 45 Machine Learning detection for sample 2->45 6 DOCS.exe 3 2->6         started        10 NXLun.exe 3 2->10         started        12 NXLun.exe 2->12         started        process3 file4 21 C:\Users\user\AppData\Local\...\DOCS.exe.log, ASCII 6->21 dropped 47 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 6->47 49 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 6->49 14 DOCS.exe 2 5 6->14         started        51 Multi AV Scanner detection for dropped file 10->51 53 Machine Learning detection for dropped file 10->53 19 NXLun.exe 2 10->19         started        signatures5 process6 dnsIp7 29 us2.smtp.mailhostbox.com 208.91.199.225, 49738, 587 PUBLIC-DOMAIN-REGISTRYUS United States 14->29 23 C:\Users\user\AppData\Roaming\...23XLun.exe, PE32 14->23 dropped 25 C:\Users\user\...25XLun.exe:Zone.Identifier, ASCII 14->25 dropped 31 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->31 33 Tries to steal Mail credentials (via file access) 14->33 35 Tries to harvest and steal ftp login credentials 14->35 37 3 other signatures 14->37 27 C:\Windows\System32\drivers\etc\hosts, ASCII 19->27 dropped file8 signatures9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      DOCS.exe41%VirustotalBrowse
                      DOCS.exe52%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      DOCS.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\NXLun\NXLun.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\NXLun\NXLun.exe52%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      4.2.DOCS.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      18.2.NXLun.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://ocsp.sectigo.com0A0%URL Reputationsafe
                      http://ocsp.sectigo.com0A0%URL Reputationsafe
                      http://ocsp.sectigo.com0A0%URL Reputationsafe
                      http://ocsp.sectigo.com0A0%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://hFHvHh.com0%Avira URL Cloudsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://wiYfivfC8nSIDolSjnz.org0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://api.ipify.org%$0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      us2.smtp.mailhostbox.com
                      		208.91.199.225
                      		truefalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://127.0.0.1:HTTP/1.1DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://ocsp.sectigo.com0ADOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://api.ipify.org%GETMozilla/5.0NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        http://DynDns.comDynDNSNXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://hFHvHh.comNXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sectigo.com/CPS0DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://us2.smtp.mailhostbox.comDOCS.exe, 00000004.00000002.506101125.0000000002EC6000.00000004.00000001.sdmpfalse
                          		high
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haDOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://wiYfivfC8nSIDolSjnz.orgDOCS.exe, 00000004.00000002.506391286.0000000002EED000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.506031808.0000000002EC0000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.505417799.0000000002E89000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.506468128.0000000002EF5000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipDOCS.exe, 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, NXLun.exe, 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://api.ipify.org%$DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          208.91.199.225
                          		us2.smtp.mailhostbox.comUnited States
                          		394695PUBLIC-DOMAIN-REGISTRYUSfalse

                          General Information

                          Joe Sandbox Version:33.0.0 White Diamond
                          Analysis ID:452541
                          Start date:22.07.2021
                          Start time:15:03:17
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 13m 32s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:DOCS.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:29
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.adwa.spyw.evad.winEXE@7/6@1/1
                          EGA Information:Failed
                          HDC Information:Failed
                          HCA Information:
                          • Successful, ratio: 99%
                          • Number of executed functions: 220
                          • Number of non-executed functions: 1
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                          • Excluded IPs from analysis (whitelisted): 104.43.193.48, 23.211.6.115, 104.43.139.144, 13.64.90.137, 23.211.4.86, 20.82.209.183, 173.222.108.210, 173.222.108.226, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211
                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          15:04:29API Interceptor744x Sleep call for process: DOCS.exe modified
                          15:04:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NXLun C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          15:04:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NXLun C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          15:05:22API Interceptor391x Sleep call for process: NXLun.exe modified

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASN

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DOCS.exe.log
                          Process:C:\Users\user\Desktop\DOCS.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):886
                          Entropy (8bit):5.325593152230861
                          Encrypted:false
                          SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhgLE4qE4j:MIHK5HKXE1qHxviYHKhQnogLHqHj
                          MD5:68C56F3AE303DE073F0E946D68CC9989
                          SHA1:800140D71D44A869334051D2FE455E68FFB8A492
                          SHA-256:55AC389B15756DE1C06EE870CF36F9A6A269C11651A4B0C98838D618C90DE773
                          SHA-512:04232F108F22B6A72AB17126D3A6955079DF62069685F7CEA4E4823AC8B808C07644F26D0BD1B460DAE36E3DE165D65A82EEA68F1330A0F274BB130799DE0300
                          Malicious:true
                          Reputation:unknown
                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NXLun.exe.log
                          Process:C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):886
                          Entropy (8bit):5.325593152230861
                          Encrypted:false
                          SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhgLE4qE4j:MIHK5HKXE1qHxviYHKhQnogLHqHj
                          MD5:68C56F3AE303DE073F0E946D68CC9989
                          SHA1:800140D71D44A869334051D2FE455E68FFB8A492
                          SHA-256:55AC389B15756DE1C06EE870CF36F9A6A269C11651A4B0C98838D618C90DE773
                          SHA-512:04232F108F22B6A72AB17126D3A6955079DF62069685F7CEA4E4823AC8B808C07644F26D0BD1B460DAE36E3DE165D65A82EEA68F1330A0F274BB130799DE0300
                          Malicious:false
                          Reputation:unknown
                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                          C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          Process:C:\Users\user\Desktop\DOCS.exe
                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):850432
                          Entropy (8bit):4.084228889752601
                          Encrypted:false
                          SSDEEP:12288:KWyWaA3xU+8SeWYL6dKsEP19309tXzWhMlDf1xqispXhS4bc1Paz+WJWskVCyjUp:KnfVrt9MTGZSC8keQ
                          MD5:8E2AA51F45393D980A4D9B20947976B6
                          SHA1:44742C0E7752ECE4ED49C40D0F1B4E893C291005
                          SHA-256:02E6972EEC66F1F2B9898FA662D59C1F47856F180DAD385D766399ECAF763F5B
                          SHA-512:2FE59FF635022207464B42F82331A78C0864FAE60A91C9348D98DAD386F853F0100D029FBFA49086FC46D95AF6E11108F004E1189E5B9EEAB6540049746B072C
                          Malicious:true
                          Antivirus:
                          • Antivirus: Joe Sandbox ML, Detection: 100%
                          • Antivirus: ReversingLabs, Detection: 52%
                          Reputation:unknown
                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...................0.............^.... ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................@.......H......../..8...........d...p...........................................".('....*6.~....((...&*..*".(p....*.(q........*".(.....*&.(p.....*".......*".(.....*Vs....(....t.........*...0............}......}.....(.......(.......}......}.....{.....o.......o.....+_..(.......(....-.r...p+.r...p..(....-..(....+..(......s........o.....o....&.{....o......o ...&...(!...-...........o".....*......@.l........0.............{....o.....+v..(........(......{.....(#......(...........,"...}....r.
                          C:\Users\user\AppData\Roaming\NXLun\NXLun.exe:Zone.Identifier
                          Process:C:\Users\user\Desktop\DOCS.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):26
                          Entropy (8bit):3.95006375643621
                          Encrypted:false
                          SSDEEP:3:ggPYV:rPYV
                          MD5:187F488E27DB4AF347237FE461A079AD
                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                          Malicious:true
                          Reputation:unknown
                          Preview: [ZoneTransfer]....ZoneId=0
                          C:\Windows\System32\drivers\etc\hosts
                          Process:C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:modified
                          Size (bytes):11
                          Entropy (8bit):2.663532754804255
                          Encrypted:false
                          SSDEEP:3:iLE:iLE
                          MD5:B24D295C1F84ECBFB566103374FB91C5
                          SHA1:6A750D3F8B45C240637332071D34B403FA1FF55A
                          SHA-256:4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4
                          SHA-512:9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA
                          Malicious:true
                          Reputation:unknown
                          Preview: ..127.0.0.1

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):4.084228889752601
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          • Win32 Executable (generic) a (10002005/4) 49.78%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          • DOS Executable Generic (2002/1) 0.01%
                          File name:DOCS.exe
                          File size:850432
                          MD5:8e2aa51f45393d980a4d9b20947976b6
                          SHA1:44742c0e7752ece4ed49c40d0f1b4e893c291005
                          SHA256:02e6972eec66f1f2b9898fa662d59c1f47856f180dad385d766399ecaf763f5b
                          SHA512:2fe59ff635022207464b42f82331a78c0864fae60a91c9348d98dad386f853f0100d029fbfa49086fc46d95af6e11108f004e1189e5b9eeab6540049746b072c
                          SSDEEP:12288:KWyWaA3xU+8SeWYL6dKsEP19309tXzWhMlDf1xqispXhS4bc1Paz+WJWskVCyjUp:KnfVrt9MTGZSC8keQ
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............^.... ... ....@.. .......................`............@................................

                          File Icon

                          Icon Hash:00828e8e8686b000

                          Static PE Info

                          General

                          Entrypoint:0x4d045e
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                          Time Stamp:0x91B5E3D7 [Thu Jun 20 04:11:03 2047 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:v4.0.30319
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd040c0x4f.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd20000xfe5.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xd40000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000xce4640xce600False0.48092775212data4.06947033744IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                          .rsrc0xd20000xfe50x1000False0.396484375data4.99628295556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xd40000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountry
                          RT_VERSION0xd20a00x33cdata
                          RT_MANIFEST0xd23dc0xc09XML 1.0 document, UTF-8 Unicode (with BOM) text

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Version Infos

                          DescriptionData
                          Translation0x0000 0x04b0
                          LegalCopyrightCopyright 2019
                          Assembly Version1.0.0.0
                          InternalNameSymlink-Maker.exe
                          FileVersion1.0.0.0
                          CompanyName
                          LegalTrademarks
                          Comments
                          ProductNameSymlink-Maker
                          ProductVersion1.0.0.0
                          FileDescriptionSymlink-Maker
                          OriginalFilenameSymlink-Maker.exe

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jul 22, 2021 15:05:59.534951925 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:05:59.698244095 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:05:59.698402882 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:00.284007072 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.285490990 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:00.449172974 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.449270010 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.449773073 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:00.614298105 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.662841082 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:00.703207016 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:00.866774082 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.866801023 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.866821051 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.866836071 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.866852999 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:00.867183924 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:00.867213964 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:01.030495882 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:01.035595894 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:01.207036018 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:01.256036997 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:01.507761955 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:01.674191952 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:01.678570986 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:01.843699932 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:01.844660997 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.010176897 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.011212111 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.176107883 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.176580906 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.360199928 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.361067057 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.524844885 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.526426077 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.526604891 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.527448893 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.527561903 CEST49738587192.168.2.7208.91.199.225
                          Jul 22, 2021 15:06:02.689796925 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.690669060 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.789310932 CEST58749738208.91.199.225192.168.2.7
                          Jul 22, 2021 15:06:02.834201097 CEST49738587192.168.2.7208.91.199.225

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jul 22, 2021 15:03:59.972803116 CEST5084853192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:00.025115013 CEST53508488.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:01.794532061 CEST6124253192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:01.852119923 CEST53612428.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:12.693896055 CEST5856253192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:12.746890068 CEST53585628.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:13.709847927 CEST5659053192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:13.767812967 CEST53565908.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:15.124782085 CEST6050153192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:15.174043894 CEST53605018.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:16.156122923 CEST5377553192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:16.208539963 CEST53537758.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:17.777354002 CEST5183753192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:17.827471972 CEST53518378.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:19.340184927 CEST5541153192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:19.389429092 CEST53554118.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:21.554909945 CEST6366853192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:21.604010105 CEST53636688.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:24.487034082 CEST5464053192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:24.547174931 CEST53546408.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:26.189495087 CEST5873953192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:26.250736952 CEST53587398.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:26.372477055 CEST6033853192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:26.432322979 CEST53603388.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:28.536798000 CEST5871753192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:28.595110893 CEST53587178.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:29.805582047 CEST5976253192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:29.855804920 CEST53597628.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:30.771035910 CEST5432953192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:30.821212053 CEST53543298.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:31.735332966 CEST5805253192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:31.793848991 CEST53580528.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:32.777951956 CEST5400853192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:32.832200050 CEST53540088.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:33.991823912 CEST5945153192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:34.051959991 CEST53594518.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:35.164995909 CEST5291453192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:35.218954086 CEST53529148.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:35.814225912 CEST6456953192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:35.887300968 CEST53645698.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:36.433042049 CEST5281653192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:36.485438108 CEST53528168.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:37.572786093 CEST5078153192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:37.626529932 CEST53507818.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:38.823156118 CEST5423053192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:38.883908987 CEST53542308.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:40.408902884 CEST5491153192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:40.461357117 CEST53549118.8.8.8192.168.2.7
                          Jul 22, 2021 15:04:54.605417967 CEST4995853192.168.2.78.8.8.8
                          Jul 22, 2021 15:04:54.663815975 CEST53499588.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:02.136678934 CEST5086053192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:02.196635008 CEST53508608.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:03.112910032 CEST5045253192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:03.171888113 CEST53504528.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:03.914273977 CEST5973053192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:03.963807106 CEST53597308.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:03.973289013 CEST5931053192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:04.635366917 CEST5191953192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:04.693084955 CEST53519198.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:05.018073082 CEST5931053192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:05.111243010 CEST53593108.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:05.619879007 CEST6429653192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:05.680975914 CEST53642968.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:06.423779011 CEST5668053192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:06.481934071 CEST53566808.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:07.466336966 CEST5882053192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:07.515759945 CEST53588208.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:08.371182919 CEST6098353192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:08.421664000 CEST53609838.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:09.418557882 CEST4924753192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:09.467994928 CEST53492478.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:10.045176029 CEST5228653192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:10.104963064 CEST53522868.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:13.586437941 CEST5606453192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:13.647413015 CEST53560648.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:44.636132002 CEST6374453192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:44.713265896 CEST53637448.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:46.613745928 CEST6145753192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:46.673582077 CEST53614578.8.8.8192.168.2.7
                          Jul 22, 2021 15:05:59.297796965 CEST5836753192.168.2.78.8.8.8
                          Jul 22, 2021 15:05:59.370481014 CEST53583678.8.8.8192.168.2.7

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                          Jul 22, 2021 15:05:59.297796965 CEST192.168.2.78.8.8.80x2d4dStandard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                          Jul 22, 2021 15:05:59.370481014 CEST8.8.8.8192.168.2.70x2d4dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                          Jul 22, 2021 15:05:59.370481014 CEST8.8.8.8192.168.2.70x2d4dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                          Jul 22, 2021 15:05:59.370481014 CEST8.8.8.8192.168.2.70x2d4dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                          Jul 22, 2021 15:05:59.370481014 CEST8.8.8.8192.168.2.70x2d4dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)

                          SMTP Packets

                          TimestampSource PortDest PortSource IPDest IPCommands
                          Jul 22, 2021 15:06:00.284007072 CEST58749738208.91.199.225192.168.2.7220 us2.outbound.mailhostbox.com ESMTP Postfix
                          Jul 22, 2021 15:06:00.285490990 CEST49738587192.168.2.7208.91.199.225EHLO 899552
                          Jul 22, 2021 15:06:00.449270010 CEST58749738208.91.199.225192.168.2.7250-us2.outbound.mailhostbox.com
                          250-PIPELINING
                          250-SIZE 41648128
                          250-VRFY
                          250-ETRN
                          250-STARTTLS
                          250-AUTH PLAIN LOGIN
                          250-AUTH=PLAIN LOGIN
                          250-ENHANCEDSTATUSCODES
                          250-8BITMIME
                          250 DSN
                          Jul 22, 2021 15:06:00.449773073 CEST49738587192.168.2.7208.91.199.225STARTTLS
                          Jul 22, 2021 15:06:00.614298105 CEST58749738208.91.199.225192.168.2.7220 2.0.0 Ready to start TLS

                          Code Manipulations

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          Analysis Process: DOCS.exe PID: 4992 Parent PID: 5644

                          General

                          Start time:15:04:07
                          Start date:22/07/2021
                          Path:C:\Users\user\Desktop\DOCS.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\Desktop\DOCS.exe'
                          Imagebase:0x890000
                          File size:850432 bytes
                          MD5 hash:8E2AA51F45393D980A4D9B20947976B6
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.241626967.0000000002CB1000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, Author: Joe Security
                          Reputation:low

                          Chronological Activities

                          Analysis Process: DOCS.exe PID: 5928 Parent PID: 4992

                          General

                          Start time:15:04:12
                          Start date:22/07/2021
                          Path:C:\Users\user\Desktop\DOCS.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Desktop\DOCS.exe
                          Imagebase:0x6e0000
                          File size:850432 bytes
                          MD5 hash:8E2AA51F45393D980A4D9B20947976B6
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                          Reputation:low

                          Chronological Activities

                          Analysis Process: NXLun.exe PID: 5372 Parent PID: 3292

                          General

                          Start time:15:04:50
                          Start date:22/07/2021
                          Path:C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\AppData\Roaming\NXLun\NXLun.exe'
                          Imagebase:0x3a0000
                          File size:850432 bytes
                          MD5 hash:8E2AA51F45393D980A4D9B20947976B6
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp, Author: Joe Security
                          Antivirus matches:
                          • Detection: 100%, Joe Sandbox ML
                          • Detection: 52%, ReversingLabs
                          Reputation:low

                          Chronological Activities

                          Analysis Process: NXLun.exe PID: 5388 Parent PID: 5372

                          General

                          Start time:15:04:56
                          Start date:22/07/2021
                          Path:C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          Imagebase:0xa30000
                          File size:850432 bytes
                          MD5 hash:8E2AA51F45393D980A4D9B20947976B6
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, Author: Joe Security
                          Reputation:low

                          Chronological Activities

                          Analysis Process: NXLun.exe PID: 1660 Parent PID: 3292

                          General

                          Start time:15:04:58
                          Start date:22/07/2021
                          Path:C:\Users\user\AppData\Roaming\NXLun\NXLun.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\AppData\Roaming\NXLun\NXLun.exe'
                          Imagebase:0xbb0000
                          File size:850432 bytes
                          MD5 hash:8E2AA51F45393D980A4D9B20947976B6
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Reputation:low

                          Chronological Activities

                          Disassembly

                          Code Analysis

                          Reset < >

                            Analysis Process: DOCS.exe PID: 4992 Parent PID: 5644 DOCS.exeCOMMON

                            Executed Functions

                            Function 052D3F50, Relevance: .4, Instructions: 406COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 645256095e9c9031c1c90aa7dafe361416d578e38b964af40e0a6d909aac689e
                            • Instruction ID: e2db171b7804badbefbdb34a13f20b0936f192da4a9db5fa0200818a8f6d3f60
                            • Opcode Fuzzy Hash: 645256095e9c9031c1c90aa7dafe361416d578e38b964af40e0a6d909aac689e
                            • Instruction Fuzzy Hash: 1AF18D74B142158FCB14DF69C494AAEFBF2BF88314B158169E806EB361DB71EC41CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C85A88, Relevance: .3, Instructions: 317COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b53abedfe9ccaf0c1764c2f3eb9dca660c767a824bb66f7fc8b5ad1b12017626
                            • Instruction ID: 0e7fa091c4ce80b79205f6333283d9bb7d74e9fd7eb358d7269611fbe633ad3c
                            • Opcode Fuzzy Hash: b53abedfe9ccaf0c1764c2f3eb9dca660c767a824bb66f7fc8b5ad1b12017626
                            • Instruction Fuzzy Hash: 37F19274E01228DFDB64DFA9C980B9DBBB2FB48304F1181AAD909A7354EB705E85CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C85431, Relevance: .2, Instructions: 163COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 223d2e02b80b08722c5f6b482b5e4d6f2f01daadcdf3be622955cde5420513b9
                            • Instruction ID: 3c312c9e5482631a5b32e69eb21a92311db626820b5736e51c2d40b729023efd
                            • Opcode Fuzzy Hash: 223d2e02b80b08722c5f6b482b5e4d6f2f01daadcdf3be622955cde5420513b9
                            • Instruction Fuzzy Hash: BC71D274E002188FDB08DFA9D990A9EBBF2FF89304F208169E505BB364DB31A941CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C83F58, Relevance: .2, Instructions: 161COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f08952bd24a5299baa1db541dbb51d50c5b6be0de0310ef9362e11ee8640446c
                            • Instruction ID: 2346dc1d732291f27fd4e777a1dcde8c03878bb76a779a2c20e1ca9a487f2eed
                            • Opcode Fuzzy Hash: f08952bd24a5299baa1db541dbb51d50c5b6be0de0310ef9362e11ee8640446c
                            • Instruction Fuzzy Hash: CE71C374E002188FDB44DFA9D990A9EBBF2FF89304F208169E505BB364DB31A945CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C85440, Relevance: .2, Instructions: 159COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 325358f81b951b07fb7bb7c1e2b390cd12b516625fcd1445a39ec8b8632adaaa
                            • Instruction ID: bb41c6048c923c14af58bc56aa6f5e2e2f2aa5614e11ac1650e818b84c71da9b
                            • Opcode Fuzzy Hash: 325358f81b951b07fb7bb7c1e2b390cd12b516625fcd1445a39ec8b8632adaaa
                            • Instruction Fuzzy Hash: 8261B174E002189FDB48DFA9D990A9EBBF2FF89304F208169E505AB364DB31A945CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C83F68, Relevance: .2, Instructions: 159COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1388ead702e89df15e7819756ca7c73c2ffb005f7ccc0ce18ec19957f95a0466
                            • Instruction ID: 56716ab922291e4a353abdadc153baf5bfab6b02042d2ca68aa9626a0c004b3e
                            • Opcode Fuzzy Hash: 1388ead702e89df15e7819756ca7c73c2ffb005f7ccc0ce18ec19957f95a0466
                            • Instruction Fuzzy Hash: 3E61B274E002189FDB48DFA9D894ADEBBF2FF89304F208169E505AB364DB31A945CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D59D0, Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: d
                            • API String ID: 0-2564639436
                            • Opcode ID: e186257c5ab5bd2c60521072ce441cb849bc14164ecbf6cf0b7edc2ac0ae8123
                            • Instruction ID: d95822f737f7f989d24f5fff1d5413661e7cb1545bd53614e180f88d4b333427
                            • Opcode Fuzzy Hash: e186257c5ab5bd2c60521072ce441cb849bc14164ecbf6cf0b7edc2ac0ae8123
                            • Instruction Fuzzy Hash: 73C153357006068FC724CF18C580D6AFBF6FF88314B56CA69E55A9B661DB70F845CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D4650, Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: hC!l
                            • API String ID: 0-1704004601
                            • Opcode ID: 4c78bb76253cc90da0bf32733050b8ffe29d69316ff165a9b3afc5c87e9b395b
                            • Instruction ID: 40d0b7a28f7e5f885b3369677be3f6639bc92d6fbb8df807f1dddd357ec73d94
                            • Opcode Fuzzy Hash: 4c78bb76253cc90da0bf32733050b8ffe29d69316ff165a9b3afc5c87e9b395b
                            • Instruction Fuzzy Hash: 7D7188347142008FDB14EF39D458A29B7EABF89654B1541AAE50ACB3B1DFB1DC41CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D5E08, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: hC!l
                            • API String ID: 0-1704004601
                            • Opcode ID: b6409d0e6e64a8171b70fd00c7ba74a2928ea7a05616962bfb3de2a73f953b6d
                            • Instruction ID: 66eb4c4f45e48c9458fb22600d2c5fe24eb08a7feaa1c7abb39ed6df83a7442b
                            • Opcode Fuzzy Hash: b6409d0e6e64a8171b70fd00c7ba74a2928ea7a05616962bfb3de2a73f953b6d
                            • Instruction Fuzzy Hash: 33515D347145048FC318DB39D19882AB7E7BF9A30476685A8E146CF3A6DFB4EC41CB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D48B8, Relevance: .6, Instructions: 588COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de31b99a9fb655aa873955a4446f7bc10a519c4c589890893b2ee9d8ac7e05e5
                            • Instruction ID: 9cd7dabea183b8ea86466ebf36daa1950dced353014f5cc51ccaa9d12644ac6c
                            • Opcode Fuzzy Hash: de31b99a9fb655aa873955a4446f7bc10a519c4c589890893b2ee9d8ac7e05e5
                            • Instruction Fuzzy Hash: B6329B357146018FCB14EF39C494A6ABBF6FF88304B1584A9E50ADB3A5DB74EC45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C84758, Relevance: .4, Instructions: 367COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b2b09a5d8618bd1503032b13a32c5e8d251d326667418a44dc41c70489ae6dc5
                            • Instruction ID: 31569766902bc858657738a66d0962e2eb150218b2ced8ebd0076ad1e03f775d
                            • Opcode Fuzzy Hash: b2b09a5d8618bd1503032b13a32c5e8d251d326667418a44dc41c70489ae6dc5
                            • Instruction Fuzzy Hash: 47E18334B001499FCB28EFA5D950BAEB7B6FF88318F118468D506E7358DB75AD01CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8D610, Relevance: .4, Instructions: 352COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e981854b1da284558179ba4eb5235617b47a8cd2d808f5c771ca215b1c1e386f
                            • Instruction ID: 9870f9f3d0937adaec100715093bc87b219764d7e7d46a1f7242134be767f6ec
                            • Opcode Fuzzy Hash: e981854b1da284558179ba4eb5235617b47a8cd2d808f5c771ca215b1c1e386f
                            • Instruction Fuzzy Hash: FDE17B30A003019FD715EF74C084A5ABBF2FF89308B55C9A9D45A9B3A6DB70EE45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DD20, Relevance: .3, Instructions: 296COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c53215321340df2d388bbed7d471c41a01775db4f86e8a29e06a6a0d88fc7935
                            • Instruction ID: aead299330a0bd63ef986b840e774a82408b285ff2b8e1cb7b8e626cbd452617
                            • Opcode Fuzzy Hash: c53215321340df2d388bbed7d471c41a01775db4f86e8a29e06a6a0d88fc7935
                            • Instruction Fuzzy Hash: BCB18B31704601DFD721AE7AD58462AB7F6BF84208B148D2EE947C73D0DB75E941CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8E768, Relevance: .3, Instructions: 280COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0232ea6e7fb9f118473b84e3615c8186b4b04dba90d729a8cb966369e2f5d4d
                            • Instruction ID: e035fceb7ee94a0a45f4220e6da5bdaa760ab82721f205f8c2f8cff0b97f468a
                            • Opcode Fuzzy Hash: f0232ea6e7fb9f118473b84e3615c8186b4b04dba90d729a8cb966369e2f5d4d
                            • Instruction Fuzzy Hash: 72918A307141158BEB243A3A995477E7AAAAFD064DB14C03DF902D73D8DFB9C982CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8790B, Relevance: .3, Instructions: 264COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6e517baea69a07e947edffb20abb39b04fcd720c0650388c21eb033f207dd468
                            • Instruction ID: cfdaa718a5ffdbade7cbea6d7a3a8304b7536c7daed84aeae2607fe841111a04
                            • Opcode Fuzzy Hash: 6e517baea69a07e947edffb20abb39b04fcd720c0650388c21eb033f207dd468
                            • Instruction Fuzzy Hash: E2B18B34A043018FD714EF34D48495ABBB2FF89314B068A99E546DB3B6DB70EE49CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C87960, Relevance: .2, Instructions: 230COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ab0f8f62aa2b4a86b94f24d7521a19f6a889fc6a2d815c09ff53632d70d2b9bb
                            • Instruction ID: 732dbabf6b358e232a8879b5ced1459313f314b0419690df5e6d35d208ad8205
                            • Opcode Fuzzy Hash: ab0f8f62aa2b4a86b94f24d7521a19f6a889fc6a2d815c09ff53632d70d2b9bb
                            • Instruction Fuzzy Hash: DBA13734A006019FD714EF24D48485ABBF2FF893147528A98E54ADB3B6DB70FE45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D5100, Relevance: .2, Instructions: 208COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f90b5ba8cbb5c07f761832daf187aea3e3fdf679efdbdee9cb70018abc5f1e33
                            • Instruction ID: 8bb56545df1ddd3c0f5feec87cf89232a3537989cb08f979d76cd49ea290967e
                            • Opcode Fuzzy Hash: f90b5ba8cbb5c07f761832daf187aea3e3fdf679efdbdee9cb70018abc5f1e33
                            • Instruction Fuzzy Hash: 9A818375B142158FCB15DF68C4849AEFBF5FF88210B1580AAE809EB361D770ED45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C5A0, Relevance: .2, Instructions: 207COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0aca3d587164bd7bdc7851635475334b5eb837be1a3d7c16b2928aa2165e1096
                            • Instruction ID: 4cd47c6fc1bda6339090e9481cb4bff83a28d52efe92197c9e359751c44da70d
                            • Opcode Fuzzy Hash: 0aca3d587164bd7bdc7851635475334b5eb837be1a3d7c16b2928aa2165e1096
                            • Instruction Fuzzy Hash: 9D71A131A041009BD728BB71E5494AD7BF2EF80214786DE9AD507BF256DF74AF048BE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C590, Relevance: .2, Instructions: 203COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 51b1a66cb97be60f23ceb5537b9c7857c91c46a8da42dcb7c345046a5048acb8
                            • Instruction ID: aab811eebda443ab60919c0bdc6114e8b4a544396c1d6cf793e9b0a20c50945b
                            • Opcode Fuzzy Hash: 51b1a66cb97be60f23ceb5537b9c7857c91c46a8da42dcb7c345046a5048acb8
                            • Instruction Fuzzy Hash: 04718E31A041009BD728BB71E5854AD77F2EF80218786DE9AD507BF256DF78AF048BE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C89938, Relevance: .2, Instructions: 180COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 52a22bd46948b74c13b2f508c9c25fec54984442d3171b355c4bb25a951c3120
                            • Instruction ID: f363f3d8f2298548f83a3fa297317a2e430f22a165cf6b6fee9983ce1dbaa089
                            • Opcode Fuzzy Hash: 52a22bd46948b74c13b2f508c9c25fec54984442d3171b355c4bb25a951c3120
                            • Instruction Fuzzy Hash: EB618B31A042098FC714DF59D8809AEF7F6EF84318B15CA69D51AAB305DB71FE468BE0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D56E8, Relevance: .2, Instructions: 175COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ccfd8c1c794206d5ab6937b4748ffa5e64849c4d392b72e34d641aa9646c79e0
                            • Instruction ID: 23622c2c3ac787d05e912eb0315d2cf9a7cb629fa3118c8e168397748e63bd86
                            • Opcode Fuzzy Hash: ccfd8c1c794206d5ab6937b4748ffa5e64849c4d392b72e34d641aa9646c79e0
                            • Instruction Fuzzy Hash: 1451AD357042069FC715CF68D480CAAFBB6FF8A310B15C6AAE569CB261D730E959CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C3E8, Relevance: .2, Instructions: 168COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9272843f591f6bf09a6e48d560ca7212ac3810dd62424ee683e81810e234c8f7
                            • Instruction ID: 50a8678f7393618e80bdd2a059d25cbb18c1f80220d9c2eed40d07d2fe48dfdb
                            • Opcode Fuzzy Hash: 9272843f591f6bf09a6e48d560ca7212ac3810dd62424ee683e81810e234c8f7
                            • Instruction Fuzzy Hash: 5A5136327092108FC729AA65D880A6BB7E6EFC5668709C47FD50ADB741CB35ED01CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D5FF8, Relevance: .2, Instructions: 151COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cff8231c66257b9fef9f0165f9630477ed0c4da8bb08b2a2d788c1dda4e3ba19
                            • Instruction ID: 87e2f8836629ea039b6ec343e9f6624987d3fd3e1b3da27198d62807f371a8d3
                            • Opcode Fuzzy Hash: cff8231c66257b9fef9f0165f9630477ed0c4da8bb08b2a2d788c1dda4e3ba19
                            • Instruction Fuzzy Hash: 2551BD71B142058FCB54DF79D484A9AFBF6FF88214B1584AAD509DB322DB31EC05CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C84FD0, Relevance: .1, Instructions: 140COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eb710d99fd1829f209b239d2b7b2c07a28bd21ab2f1c831548c7c446b1399a27
                            • Instruction ID: 68ee0e0b530e501bf87935f2296488cab8dba94425bd195ac752d3387ee6ed43
                            • Opcode Fuzzy Hash: eb710d99fd1829f209b239d2b7b2c07a28bd21ab2f1c831548c7c446b1399a27
                            • Instruction Fuzzy Hash: 1A41C171F001158FCB18ABB8C8843BEB6E2AFC9248B96C469C405EB744EB769D418BD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C85A78, Relevance: .1, Instructions: 136COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f66e84a7a233166eb9a5a52c329a37f3e5689896d782972f4f2fe6df103d0b82
                            • Instruction ID: 78a450567013f30f332deb88a98175bdb940ad94c2cef0f83beed0e877172a82
                            • Opcode Fuzzy Hash: f66e84a7a233166eb9a5a52c329a37f3e5689896d782972f4f2fe6df103d0b82
                            • Instruction Fuzzy Hash: 0C717D78A012689FDB65EF68D980B98B7F0FB48314F10819AE908E7354E771AE85CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8B160, Relevance: .1, Instructions: 124COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 861444885d3a3c77eb9115d864478b314f80233c573133669ff6267fbffb1da2
                            • Instruction ID: 363d7a47476070d0f1a4d5b468c8cc808b63c9206554e5deef0a6530f3566439
                            • Opcode Fuzzy Hash: 861444885d3a3c77eb9115d864478b314f80233c573133669ff6267fbffb1da2
                            • Instruction Fuzzy Hash: 40418C353002009FE324AB30E495A6AB7E3EF88304B558E6CE1479B794DF75FE468B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8B170, Relevance: .1, Instructions: 118COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b3d24ab6aed52f497b6e6c8c33a58bfaeff5bc050aa5cfdefa25ac4d62f6958
                            • Instruction ID: 76ff4cbd3d6e2c6b71347aa8f3d986df55957d02702dcfed58e4f17cb4d98e5d
                            • Opcode Fuzzy Hash: 7b3d24ab6aed52f497b6e6c8c33a58bfaeff5bc050aa5cfdefa25ac4d62f6958
                            • Instruction Fuzzy Hash: 61415B343002009FE324AB34E495A2ABBE7EF89304B558E6CE1479B795DF75FD468B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A160, Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f595799a31498af5e052a5ebb0e8f6658e77d30bdd985104c95a7752d6c7e577
                            • Instruction ID: 93332f2a6189b2242abc274abde177bcda1931085823435df021af16a58480c0
                            • Opcode Fuzzy Hash: f595799a31498af5e052a5ebb0e8f6658e77d30bdd985104c95a7752d6c7e577
                            • Instruction Fuzzy Hash: 6A418E306007005FE364EB31E485B5A77E2EF85314F91DE5CD146AB666DBB4BA0D8B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C86030, Relevance: .1, Instructions: 114COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ec8ab5702d4c57e4719a3a448c0cb19e61780ee589e4854717996a491674cc2d
                            • Instruction ID: 2f7e13cb3aa90a109600d76cb663376759b901ff7a7e669e3d99aa313dbb1361
                            • Opcode Fuzzy Hash: ec8ab5702d4c57e4719a3a448c0cb19e61780ee589e4854717996a491674cc2d
                            • Instruction Fuzzy Hash: 60410274E002089FDB58DFA9D894BEDBBB2AF88305F208029E405BB3A4DB745A45CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A170, Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd335b960c65b41effd87c2549d2f1e19dd25e3b3d4a28beede3a2b30d782a35
                            • Instruction ID: c9edb310d1bb651b21c298fb50ea1360a662ffe7fd8c890e68c6cd30b9b5ed9c
                            • Opcode Fuzzy Hash: bd335b960c65b41effd87c2549d2f1e19dd25e3b3d4a28beede3a2b30d782a35
                            • Instruction Fuzzy Hash: 0F418E306007005FE364EF31E585B5A77E2EF85314F81DE5CD146AB666DBB4BA0D8B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C86040, Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a717a2a0d585de8c3d3c18be424524a5b8602ab5dbdbdaea609362a160b0702a
                            • Instruction ID: 386d7491fe0da0c606e4da8406ed7e4ae041e9e1a2b65168f078716ff564bb64
                            • Opcode Fuzzy Hash: a717a2a0d585de8c3d3c18be424524a5b8602ab5dbdbdaea609362a160b0702a
                            • Instruction Fuzzy Hash: 7E41F074E002189FDB18DFA9D894BEDBBF2AF89305F208029E405BB3A4DB746945CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C84168, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 13c28cdec8d87f0ff452386c5adf79ddc6344df9f99098b81f640034729ce76c
                            • Instruction ID: 14b96d6ec8b34e1e91cda0bffb7d00ed892bfb2deb6b432a2cb56511766c4d1c
                            • Opcode Fuzzy Hash: 13c28cdec8d87f0ff452386c5adf79ddc6344df9f99098b81f640034729ce76c
                            • Instruction Fuzzy Hash: 2D41F274E04219DBDB18DFAAE88099DFBB2FF89314F14D16AE814B7364DB306881CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D5580, Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ee7d4a2d5e1dcb30b21eedc1f4e8585db1236520b2a325525123547f77848741
                            • Instruction ID: 3ab339b5bf78cd368d18086b5aa5c8edc15000e71f61e984922e8a2cce0b49f2
                            • Opcode Fuzzy Hash: ee7d4a2d5e1dcb30b21eedc1f4e8585db1236520b2a325525123547f77848741
                            • Instruction Fuzzy Hash: 7E318935B102009FDB19DF34D49496ABBB6FF89310B0084A9E906CB399DB71ED41CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C9A0, Relevance: .1, Instructions: 89COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74abb5a65dd465af08b30095b3af5c988490617fad2d0be0be9e34c02a480761
                            • Instruction ID: 004630fd3ac3b31cee64d1dd7a56ad222fac72505bed83c4f2a19d6d2fb0ff39
                            • Opcode Fuzzy Hash: 74abb5a65dd465af08b30095b3af5c988490617fad2d0be0be9e34c02a480761
                            • Instruction Fuzzy Hash: A9317C75B002148FD714EB69D440AAEB3F6EF89324B108169E50AEB361DB35ED42CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A710, Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 64363c56c0e3fd9f1e21f2149c058e34b7898af0742d5f667551394582f2d844
                            • Instruction ID: 0150391e5008a20b716f1baf9447b4bec755adce5834eef705b83a190f548570
                            • Opcode Fuzzy Hash: 64363c56c0e3fd9f1e21f2149c058e34b7898af0742d5f667551394582f2d844
                            • Instruction Fuzzy Hash: F12153353442011BF728B772E9A27BE21A3DBC0614F498D28E517AB2C4DFB5AE0A47D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A720, Relevance: .1, Instructions: 81COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41c0544f08793d7c1dcfda23959b56ae984951a7382d09c4083af245becb04c3
                            • Instruction ID: ed97a41a592fa9bc4d3492aa892939589752fb17211130b1de8fa54660a9ad1f
                            • Opcode Fuzzy Hash: 41c0544f08793d7c1dcfda23959b56ae984951a7382d09c4083af245becb04c3
                            • Instruction Fuzzy Hash: 3D2110357442011BF728B772A9A177F22A3DBC0614F498D28E613AF2C4DFB5AE0A47D4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C84158, Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1edd8a33a654ca8df206358ca1548c31512154f4e33068b179fbce395734e095
                            • Instruction ID: fb8dd2ee69318199469930c34bac530f22d8cfe43b5ad9cacbc043e6a14bdfda
                            • Opcode Fuzzy Hash: 1edd8a33a654ca8df206358ca1548c31512154f4e33068b179fbce395734e095
                            • Instruction Fuzzy Hash: 0F21F475E046089FDB08CFAAE8809DDBBB2AF89314F15C16AE815BB3A4DB305841CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DA89, Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 730ffd66c74d93fcb6ac5c392a7751a467f27f739038d3870a4c2a8d20cf1878
                            • Instruction ID: 21d6710d1c1e71f35e69f6eb78ae3c53f6108bb27f3143a80a062b3754c7275e
                            • Opcode Fuzzy Hash: 730ffd66c74d93fcb6ac5c392a7751a467f27f739038d3870a4c2a8d20cf1878
                            • Instruction Fuzzy Hash: C4219A312153409FE324DF31D484A167FB6EF85318B1584AAE486CB2A2CB71ED85CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8E358, Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 377d840924253c4e2d0e17a9799562abbe65a2a96cb679a89c8bab16381a6025
                            • Instruction ID: 8b5096bcdf0bace7b15d579880d689133243cd05ea57a0e27c3e749628cb78ae
                            • Opcode Fuzzy Hash: 377d840924253c4e2d0e17a9799562abbe65a2a96cb679a89c8bab16381a6025
                            • Instruction Fuzzy Hash: 3E118A313101118BDB153B7AB45816EBBABEFC066A754807EF10AC7695CFB6DC82C791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DA98, Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8d8e77ff295a03455bf70730de8db405feb72303db93c72f1f4d1deef201ba8
                            • Instruction ID: ee9dc741273b7acbf9dd3903e9b16f08b6c4ebf8b5e9c9fbcdac117876a0f3cf
                            • Opcode Fuzzy Hash: c8d8e77ff295a03455bf70730de8db405feb72303db93c72f1f4d1deef201ba8
                            • Instruction Fuzzy Hash: 5B218B313043409FE325DF35D484A16BFB6EF85318B1584AAE586CB2A2CB71ED85CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8E500, Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9a0501c1b30ab3b6c30d752e26ecdc548463d7c88d2f18d478428b5f53c5c19e
                            • Instruction ID: b0bceb6f34fe438d6cb7b7473b6d4f77f3b6a3213a9e1f182f5b42bc2b17060a
                            • Opcode Fuzzy Hash: 9a0501c1b30ab3b6c30d752e26ecdc548463d7c88d2f18d478428b5f53c5c19e
                            • Instruction Fuzzy Hash: A211E6757003109FD335AF26E580A23BBE6EFC532C714C56AE54A8B262D735EC81CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A828, Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44b07600e39f1f206a0608da08f372e05953f19e1f936bda7660eedfa24411a5
                            • Instruction ID: 3fab264edf504cc47ced68d0f3c772f853f492a24589431034720a161174bb35
                            • Opcode Fuzzy Hash: 44b07600e39f1f206a0608da08f372e05953f19e1f936bda7660eedfa24411a5
                            • Instruction Fuzzy Hash: 0A11E6317043058FC720DB68D484A6FB7E2FFC4218B048929D606AB704EB75ED068BD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C84298, Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eb16aa701e4236cdfcfeb5b94c25ccd8ce7221da64cfb8142b268efeda2592eb
                            • Instruction ID: 3be198758872bb52e7b375b43cc7d43e5bf304977ba68a4f1c10d490003a8d8a
                            • Opcode Fuzzy Hash: eb16aa701e4236cdfcfeb5b94c25ccd8ce7221da64cfb8142b268efeda2592eb
                            • Instruction Fuzzy Hash: B1117730B041169FDB3CEB79A8147BF76A6ABC4758F04C139E90AD7345EB74890087D1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8E5B8, Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f6bbec90c870700519e1bc7c24fe373bed89256985d515edd071c40881bee38c
                            • Instruction ID: 62993e3e753a58fada95c47da4784a45cf8c88a00183c01dcc9bf2e8ad316711
                            • Opcode Fuzzy Hash: f6bbec90c870700519e1bc7c24fe373bed89256985d515edd071c40881bee38c
                            • Instruction Fuzzy Hash: 2701923130851947E724357F959873BA6DE9FC464CF18803AF506C7286DF68CD81D666
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C83E78, Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8a175850da0a71b427ab6ae287d55f5c7bd4a6f966c95f69978e4368e354e3a
                            • Instruction ID: ef8c48b9865c47154b154e20928b1d86093840b6f30981dc1a572abeebfd1832
                            • Opcode Fuzzy Hash: b8a175850da0a71b427ab6ae287d55f5c7bd4a6f966c95f69978e4368e354e3a
                            • Instruction Fuzzy Hash: 5F213775E002089FCB04DFA4D8516DEBBB6FF88304F218569D501B73A8EB355A86CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8CB90, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 39c77b51cf47b17ab1652b4a3f9694b22f879eaafa9d87fbd467411063fe92b9
                            • Instruction ID: 018452839fd9009b46c4653e357355a32e363a8d89be637bdd5b2d0b9b36a40f
                            • Opcode Fuzzy Hash: 39c77b51cf47b17ab1652b4a3f9694b22f879eaafa9d87fbd467411063fe92b9
                            • Instruction Fuzzy Hash: 84118234A0021A9FCB14DFA9D880AAEF7B5FF84318F0089A6D518D7651D771EA05CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C83E88, Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b472567256140db5db61b38619f2fedbe473c0ece52cbaab6df526f84a8142fe
                            • Instruction ID: 48aecf1e1ea859272596d32450bc413544788d5960c609efa0639e9813523237
                            • Opcode Fuzzy Hash: b472567256140db5db61b38619f2fedbe473c0ece52cbaab6df526f84a8142fe
                            • Instruction Fuzzy Hash: FC212974D002089FCB04EFA5D8506DEBBB6FF88304F218529D501A73A8EB355E85CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A838, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b88d0499859faabb6d674126fde7b137e45daf64420b180d952bf4213ffb539
                            • Instruction ID: 73c34c18d79bdfdb493827608533ff4c3e0ff7eefa4965ff8bfedd7982f863af
                            • Opcode Fuzzy Hash: 0b88d0499859faabb6d674126fde7b137e45daf64420b180d952bf4213ffb539
                            • Instruction Fuzzy Hash: 55119E70B043158FD720EB68D484A6BB7E6FFC4258B058A2DD6069B704EBB5AD058BD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C990, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 67ac95cdcaded5c697a47e3b44153b0665ae9fdf281567def2b8c1f0104fd8ec
                            • Instruction ID: 631c3ab29c60a73dcf1192e8ca6fb83355c2282a8551eec8693281bae1e2bd38
                            • Opcode Fuzzy Hash: 67ac95cdcaded5c697a47e3b44153b0665ae9fdf281567def2b8c1f0104fd8ec
                            • Instruction Fuzzy Hash: 5D11EF74B002049FC304EB78D881AAAB7E6EF89214F148169E509EB7A2CB34DD02CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DBC8, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: facde81b6841040737478446dcd4fd96809ebad5542da9c02d0cc0811a8528db
                            • Instruction ID: 54ab16931ab81d0fb663ab3880017d89f7f071dd6e02d1b7c0344e35b90f5234
                            • Opcode Fuzzy Hash: facde81b6841040737478446dcd4fd96809ebad5542da9c02d0cc0811a8528db
                            • Instruction Fuzzy Hash: 421188727142146FE714DF64EC45E6B7BE9FB84714F10852AF505DB280DBB1DD0587A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C89B40, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2ae8626dc5beb5d5a8f6c74df22d47ad6c38493e68b981d46eeafb8ef8b96eb4
                            • Instruction ID: 4900625e8db71c0943ea413579b238270fd60ea4d8fe371cd4acbec0757c707c
                            • Opcode Fuzzy Hash: 2ae8626dc5beb5d5a8f6c74df22d47ad6c38493e68b981d46eeafb8ef8b96eb4
                            • Instruction Fuzzy Hash: E011BF312043048BD324EF39E88084AB7E3EFC02287148E6CD15B9B695DFB1BA0687D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C8F8, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eaca9db587e437eac90fdc72c55914b3bbfb8b8c0f1925a6a66e5d3ec99ae781
                            • Instruction ID: 9402a7ba1b3cf74d16a57a67b42ac524271ad096b508028b213fa837002df754
                            • Opcode Fuzzy Hash: eaca9db587e437eac90fdc72c55914b3bbfb8b8c0f1925a6a66e5d3ec99ae781
                            • Instruction Fuzzy Hash: FB01D8717042146BD3289679A985B67B6EAEFC9210F50813DF20DE7380EE75DD41C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DBB8, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f06f00708d966e2c1402a71a28b9be7b6cc0ac57b019f5dcab8d31bcf44b2538
                            • Instruction ID: 5c685a16db11240ab19a86ea4f1c37d2032b5eeaf6407803291b72b11d16bb2a
                            • Opcode Fuzzy Hash: f06f00708d966e2c1402a71a28b9be7b6cc0ac57b019f5dcab8d31bcf44b2538
                            • Instruction Fuzzy Hash: 72118E72710214AFE714DF64D841BAA7BB9FB88714F14851AF505DB281DBB2ED0587A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C861D8, Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0fa9fbec4b519ce5890e8ff7bf1b8d8afee0fbacbe986e259bbd798dc985cc9
                            • Instruction ID: 57018ec04ede6e2dc8abce9cc6462e6b631e82d9591b033ce71fd270add06900
                            • Opcode Fuzzy Hash: f0fa9fbec4b519ce5890e8ff7bf1b8d8afee0fbacbe986e259bbd798dc985cc9
                            • Instruction Fuzzy Hash: 4C01283150D3954FC3119B6998A46BA7FB8DF82214F0549AFD685C7193C7289A08C371
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C89B50, Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2e12ea39a0e46ab3bdb48b7cfa35feb8af30b72fa0fc6fc9eda3f7532d72a8f3
                            • Instruction ID: 7e6def0c40f02514c870919971d102d2c4a065c508959a4bbd1cacc898558598
                            • Opcode Fuzzy Hash: 2e12ea39a0e46ab3bdb48b7cfa35feb8af30b72fa0fc6fc9eda3f7532d72a8f3
                            • Instruction Fuzzy Hash: B6119E302047058B9324EF25D48085AB7E3EFC0218314CE6DD15B9B695DFB1BA0A87C0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C908, Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c3651c4041de6dc2d58c1175c795c43ca54a919f7327f102ebe647fc34961d29
                            • Instruction ID: 7bb4619c1d1841642eaec1370731b2d6e2a55a82a2be6bf4c9fdef277d961962
                            • Opcode Fuzzy Hash: c3651c4041de6dc2d58c1175c795c43ca54a919f7327f102ebe647fc34961d29
                            • Instruction Fuzzy Hash: 2C01A7707042046BD318A67DA855B27BAEBEFCD250B50813DF609D7780EE71DC01C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C861F0, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 49582331aa131664602866888f6713d5d46855eaf5d796c952ac74873a9a49da
                            • Instruction ID: c7ad0fab8a1c2c726cde68ebec9bbc4ea8f856e04ade496a4684e04c2a97f2ea
                            • Opcode Fuzzy Hash: 49582331aa131664602866888f6713d5d46855eaf5d796c952ac74873a9a49da
                            • Instruction Fuzzy Hash: 33012D316043158FD7149E9AD4947BB77E9EF80358F10497EEA46C3281CB75AA54C371
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DC5B, Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ef4fe17d8b0d285b45c044513ce7fe309b0e52860656104c3be9014591e3c39
                            • Instruction ID: 2aeb5eaf985dfb8ca159c9155be9b3f166eb3100078dccc80ebe6a2fb76cf714
                            • Opcode Fuzzy Hash: 4ef4fe17d8b0d285b45c044513ce7fe309b0e52860656104c3be9014591e3c39
                            • Instruction Fuzzy Hash: E30152316047058FC724EF25E44094B77E2EF84314B018E69E58AC7765EBB0EE198BD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8DC68, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dd9125c13bffa5f6f3234abe5f8ab63ba3705df58cec1673c5d3fa80937ca908
                            • Instruction ID: e4a8f6a0185c10ea27ec9aaaa5bb2a898c9ad9d53ef84c677d61a7811c63cea7
                            • Opcode Fuzzy Hash: dd9125c13bffa5f6f3234abe5f8ab63ba3705df58cec1673c5d3fa80937ca908
                            • Instruction Fuzzy Hash: 47011E316047058FC724DF29E48084BB7E5EF853147418E69E54AC7765EBB0FE198BD0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D5500, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3180a5c877957b7c31bed59f0aed7820b0d0c300efdf31c9e033d28471c838ff
                            • Instruction ID: f9ff27bef26d09b01c90595067e14b8b4375cfe940c4783ff0f6a888eba908a7
                            • Opcode Fuzzy Hash: 3180a5c877957b7c31bed59f0aed7820b0d0c300efdf31c9e033d28471c838ff
                            • Instruction Fuzzy Hash: B6016D34724702CFDB269A25D504933F7EBBF84285F148829D44786624EAF5E481CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C84EE0, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c6418a505139a202073615a6fa0a99683950ab70066c9eacb15dc831ba0d6f96
                            • Instruction ID: d1e82d580d06cc5d74b96252d2d50ced087f04bb9dc505bc255fb6ae9f5aaf4a
                            • Opcode Fuzzy Hash: c6418a505139a202073615a6fa0a99683950ab70066c9eacb15dc831ba0d6f96
                            • Instruction Fuzzy Hash: 9EF09631E0411DD7DF18DA9AE5045EDFBB6EB8C329F00C069E41173284CF725A54CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D3EC8, Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 192640878521dcaa0a6e5ee522e2f21a44d201af3f225f1e1e39189a25d5e7c6
                            • Instruction ID: de27ae13b110d877e872b41d29fea65cf721f4dac63d6514134e90f22267ea2d
                            • Opcode Fuzzy Hash: 192640878521dcaa0a6e5ee522e2f21a44d201af3f225f1e1e39189a25d5e7c6
                            • Instruction Fuzzy Hash: CCF090313002004F4628F769E0919AE73E7CFC96147424929E10BDB754EF74BD4687E2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8E4F0, Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f7a0132212c38ac604bf032fef58cb237bd1e32b84c106d51d22163a8c63d54d
                            • Instruction ID: 9f366a4fd85978a76700c4c977856fef9e9333fba829cb980d1d8061357f1068
                            • Opcode Fuzzy Hash: f7a0132212c38ac604bf032fef58cb237bd1e32b84c106d51d22163a8c63d54d
                            • Instruction Fuzzy Hash: C0F027767083404FD3228F75E5408627FF6EF8621931984EBE948C7252E734DD45C721
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8E720, Relevance: .0, Instructions: 26COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2d954c597c89e95d8eda35ac7d889a2a995fb6f753b4aab37ad82ddf28cd297f
                            • Instruction ID: f77dd3d11547427c877096b44347794ae51c54e2518accbceb13371e321630e4
                            • Opcode Fuzzy Hash: 2d954c597c89e95d8eda35ac7d889a2a995fb6f753b4aab37ad82ddf28cd297f
                            • Instruction Fuzzy Hash: 8FE046363001249B87109A4EE404D9ABBAEDBD8775B04807BFA08CB360CB71DC528BA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A910, Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 071fbb11b02b22d6bd85f1561b4b48cdb9870fd454bda081996cca5cb0f8012c
                            • Instruction ID: 3e7961dd0053c2bc6459eea52cff4d8475353329e47107cfc14ad59589d7a05f
                            • Opcode Fuzzy Hash: 071fbb11b02b22d6bd85f1561b4b48cdb9870fd454bda081996cca5cb0f8012c
                            • Instruction Fuzzy Hash: 54E0C931E0420CABCB14EFA4E55569DBBB9EB44218F0045A99409E3380EE785B458F81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A920, Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ec330d78f8db3d8fbbdf5cfaf375be52ae51c78ca3c8110cfeed3f994685f7ec
                            • Instruction ID: fe8c8b217af0e4bd69a1b0f0e33f11cf12e3f0f5b93240a07989b6472fd04c1a
                            • Opcode Fuzzy Hash: ec330d78f8db3d8fbbdf5cfaf375be52ae51c78ca3c8110cfeed3f994685f7ec
                            • Instruction Fuzzy Hash: 55E09274E0420CAF8B44EFA8E45559DBBF5EB48208F0085E9A809E7344EA746A458F81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C83E40, Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ab9bf2cd2ccda64f7cfd71194a81d937c1a7d39da4a214f3a788f0a8bffdb8f4
                            • Instruction ID: 68833a6ef7ae32f50f30bc29c30b4dfcf4f91978e033b305513602112c45c99d
                            • Opcode Fuzzy Hash: ab9bf2cd2ccda64f7cfd71194a81d937c1a7d39da4a214f3a788f0a8bffdb8f4
                            • Instruction Fuzzy Hash: BDD05E70661209AFD3089F98E815B66B768E74630BF0096A8E508B72E0E731DC48C685
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C032, Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4d8b9558954203b55ca082aec4f9142fb3152c75942669cd1bcf80d1b66cc0d7
                            • Instruction ID: eaa6a663940e39c2b4612bbd994d101df310aa854e0f80eb897bad42f6fbe99b
                            • Opcode Fuzzy Hash: 4d8b9558954203b55ca082aec4f9142fb3152c75942669cd1bcf80d1b66cc0d7
                            • Instruction Fuzzy Hash: D9D0A7734012054FE2246750F8C6BE1772ADBC0795F884651A00CD719ADF59D7820741
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 052D5DC8, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a7879a69f5474c42944a10a77203c66d78a274f7e4c5ae1a9dfe3b21e340f9f2
                            • Instruction ID: 559bc4867cbf20a39fef586e543885b39275cb88dadfbe4d32596d32a0906991
                            • Opcode Fuzzy Hash: a7879a69f5474c42944a10a77203c66d78a274f7e4c5ae1a9dfe3b21e340f9f2
                            • Instruction Fuzzy Hash: D4D05E30618616478624962BE85089AB3DD9E842643068C69E95BC7668DFA0E8418794
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C86391, Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2ee756cb0de527fa4a3f500252c88ea0b687fd39525302213f04b1889330d694
                            • Instruction ID: 853bc788947557e5fab9ecb66f34881a4dc97fd8698e7cc1ad062d3afdb8af14
                            • Opcode Fuzzy Hash: 2ee756cb0de527fa4a3f500252c88ea0b687fd39525302213f04b1889330d694
                            • Instruction Fuzzy Hash: B1D0A9325002208FC224EB18E482A8933B29F84308F004E58E002AB288EBB85A244AC2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C558, Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ab4ac3aa8777ab97af422d22aaeab1c6e3e1972d6f17dd47af4ad0547cb7eb47
                            • Instruction ID: 65e9851be6ef7c8bf827246211305aa31bce4810a58398aaa8832639129cb778
                            • Opcode Fuzzy Hash: ab4ac3aa8777ab97af422d22aaeab1c6e3e1972d6f17dd47af4ad0547cb7eb47
                            • Instruction Fuzzy Hash: CBD0A7B61001005BE2109620CD807573AA2EBE4304F958415E144F5358CF7DC991C601
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C83E50, Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f235695c4fa135138ae05d4ff0a8c70839338248192cefecaa4e8308de5b9c6a
                            • Instruction ID: 4ebdb1c0d7b855ad1a3eefb6f9d51b4d1fb1d8d37b409cc80693e07fb41d60fe
                            • Opcode Fuzzy Hash: f235695c4fa135138ae05d4ff0a8c70839338248192cefecaa4e8308de5b9c6a
                            • Instruction Fuzzy Hash: 4AC01270955348AFC3189B95A819B29BA6CE74660BF0095A8E508631909B315D44C555
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8B400, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 877b845d09c41621193326798ca5d683e3e15f552fecebe9c1e93d7cfa2397fa
                            • Instruction ID: 11912058474a71dc37e398c258a81e8d6de34011e20efbb331a524215466d07b
                            • Opcode Fuzzy Hash: 877b845d09c41621193326798ca5d683e3e15f552fecebe9c1e93d7cfa2397fa
                            • Instruction Fuzzy Hash: 76C08C370002081BEA1226A0F8863CA7B5C8702758F514710E60CBCA05DE6867930244
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8B3D8, Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 73593fcd30695e44899c3224f83d430a598d102174996ee102a4ec34bf036fc7
                            • Instruction ID: 1b33e3cad9db95c7f61fc61ebb7faeb56ac285205043d0459aeeaa045bb5f386
                            • Opcode Fuzzy Hash: 73593fcd30695e44899c3224f83d430a598d102174996ee102a4ec34bf036fc7
                            • Instruction Fuzzy Hash: 16C09B1760400087F956D560DBE27D57765C381594F5986508304BD744DE3E8F57C340
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C008, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ba331b23da9b950197366d1560164b65e7ff8e9bbfa5333fc18a6093d0ae0b3a
                            • Instruction ID: 5066ee7908fed39ab8e97d335b0e8fc997096f27cb7d0b7d9e60687ebe1ec807
                            • Opcode Fuzzy Hash: ba331b23da9b950197366d1560164b65e7ff8e9bbfa5333fc18a6093d0ae0b3a
                            • Instruction Fuzzy Hash: 6FC08C2124E2804FCA02A2E089F67663A71CB42240FEC00C68240AF2C7E66C8D00C3C2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A8E8, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2849488e479747c60ce16e0afc9b023405a66e9b18275fc1f355dda052716d30
                            • Instruction ID: d5cd7f44078a385e5fec6447fc1b569b907992bebbad9add7e79cb3d56ee00e6
                            • Opcode Fuzzy Hash: 2849488e479747c60ce16e0afc9b023405a66e9b18275fc1f355dda052716d30
                            • Instruction Fuzzy Hash: 66D01275A4D3CC4FC711CBA865140493F70EF5661571809EFD844C7252D5274F188381
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8A8F8, Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6a828ee8c36c558180cdef67361054771b8f49c2d93099437895e1434e3116b1
                            • Instruction ID: aa20d773485f2b12455096a07bbf8a125d3ec68f4d942aa595e35e6bf269775d
                            • Opcode Fuzzy Hash: 6a828ee8c36c558180cdef67361054771b8f49c2d93099437895e1434e3116b1
                            • Instruction Fuzzy Hash: 73B01270A4930CAF8710DF99D80181AB7ACEF0A218B0405E9FE0CC7310DA33ED1057D2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8C040, Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 385d39cea59a8b5f627311ba15c9e10e8c9233424e82bcddf77298e8af4fd717
                            • Instruction ID: c18a5a21905e035401854e6eb73e2139432f804e4dbe4cda371c864954d740bc
                            • Opcode Fuzzy Hash: 385d39cea59a8b5f627311ba15c9e10e8c9233424e82bcddf77298e8af4fd717
                            • Instruction Fuzzy Hash: D8B0123042520E4FD5407B64F405514771DF640308FC00850E11D871996FB1399147C9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02C8B410, Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.241597326.0000000002C80000.00000040.00000001.sdmp, Offset: 02C80000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 963a7e459b5585e8c0d1ade96d946d27278ea1c1fdc46ac35ffbf3ed87646ef3
                            • Instruction ID: 3d91b4d25819944c7f3cad82fb58831a2e26275dfd0b05ad0591c6a5422e4e34
                            • Opcode Fuzzy Hash: 963a7e459b5585e8c0d1ade96d946d27278ea1c1fdc46ac35ffbf3ed87646ef3
                            • Instruction Fuzzy Hash: 2FB0123041430D4FC6407B50F405509371D564230CF408650E20D8D619AEB129514698
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 052C86F9, Relevance: .3, Instructions: 292COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.247879758.00000000052C0000.00000004.00000001.sdmp, Offset: 052C0000, based on PE: true
                            • Associated: 00000001.00000002.247900231.00000000052D0000.00000040.00000001.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3bf015b49f731ff638200eeee517b630654d96bfbbbcb93acb2bdcc904ecf9a
                            • Instruction ID: cb9cb2905c962dd001688696a92102fafaed36d75ea732bb8fcffe110dd1fe2b
                            • Opcode Fuzzy Hash: f3bf015b49f731ff638200eeee517b630654d96bfbbbcb93acb2bdcc904ecf9a
                            • Instruction Fuzzy Hash: 1FC19CA141E7C15FD3578B30ADA97527FB0AF17208F1A89DBD0C1CB1A3D628994AC722
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Analysis Process: DOCS.exe PID: 5928 Parent PID: 4992 DOCS.exeCOMMON

                            Executed Functions

                            Function 00F5A3B0, Relevance: 2.2, APIs: 1, Instructions: 688COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.500209439.0000000000F50000.00000040.00000001.sdmp, Offset: 00F50000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fe8fd9c83b6500c02140940d21412f0738e3165825bd7bbec5ea1bc3a33834e8
                            • Instruction ID: e352a0373114870988103469d8ed4112af93f0cb68ab5d6dbc7f3d356aafea59
                            • Opcode Fuzzy Hash: fe8fd9c83b6500c02140940d21412f0738e3165825bd7bbec5ea1bc3a33834e8
                            • Instruction Fuzzy Hash: 1C32D030B043458FCB05AB74D8547AE7BF2AF85305F1585A9E909DB392EB78DC09CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FD6B50, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                            Download Yara Rule
                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 00FD6BB0
                            • GetCurrentThread.KERNEL32 ref: 00FD6BED
                            • GetCurrentProcess.KERNEL32 ref: 00FD6C2A
                            • GetCurrentThreadId.KERNEL32 ref: 00FD6C83
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: 6a4bc8b09c0729ab6dff6dc4a3c8d72662ffe7113bc953eb1798c322c346f19e
                            • Instruction ID: addd8415f754f42e9d55d2438a5a0ca07aad3b28606cdaad77778b356bc3d392
                            • Opcode Fuzzy Hash: 6a4bc8b09c0729ab6dff6dc4a3c8d72662ffe7113bc953eb1798c322c346f19e
                            • Instruction Fuzzy Hash: 8A5154B09006488FDB24CFA9D688B9EBBF1FF88315F24845AE449A7360D775A844CF61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00F5CB50, Relevance: 1.7, APIs: 1, Instructions: 164COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.500209439.0000000000F50000.00000040.00000001.sdmp, Offset: 00F50000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 687b7bf71d8a725267ab4e3c444bc6112c973dbc53f5823327146ae80a4bec0c
                            • Instruction ID: 6ff48db8077c72b867bdd88efaf4cae6eaf9d453b50472443db00225a90fed95
                            • Opcode Fuzzy Hash: 687b7bf71d8a725267ab4e3c444bc6112c973dbc53f5823327146ae80a4bec0c
                            • Instruction Fuzzy Hash: 2C515C72E083858FC701CB74D81079ABFF0AF8A315F0985AAD944E7292DB789C45CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FD5190, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                            Download Yara Rule
                            APIs
                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00FD52A2
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: CreateWindow
                            • String ID:
                            • API String ID: 716092398-0
                            • Opcode ID: c5c7d0748e3bb0ecb493b98ae92e3b4fc5b0d963bb87ad34ef1c957b8e0058c2
                            • Instruction ID: fc74b4225038a229735287a72aa967a8a128097bbbcd94bc6f2e8ced3598b563
                            • Opcode Fuzzy Hash: c5c7d0748e3bb0ecb493b98ae92e3b4fc5b0d963bb87ad34ef1c957b8e0058c2
                            • Instruction Fuzzy Hash: 2141BFB1D107499FDF14CF99C884ADEBBB6BF48714F24822AE819AB310D775A845CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FD6964, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                            Download Yara Rule
                            APIs
                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 00FD7CF9
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: CallProcWindow
                            • String ID:
                            • API String ID: 2714655100-0
                            • Opcode ID: 3bf4c395ac98a6d973d9fc46ca54a7e6dacb4e3dc04798e52d48450cfe657e21
                            • Instruction ID: 96f9640e3056121b95e437db9718af530f797950b4d87167b11afdc0202f3a94
                            • Opcode Fuzzy Hash: 3bf4c395ac98a6d973d9fc46ca54a7e6dacb4e3dc04798e52d48450cfe657e21
                            • Instruction Fuzzy Hash: 6F414CB5904349CFCB14DF99C488BAABBF6FF88314F288459D519AB321D774A841DFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FD6D78, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00FD6DFF
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: 1d544c98ae9816ae2baa7b833687812fb34533e4e762988d02aa9e04f5d867fd
                            • Instruction ID: 2d30f2997d769b885344488a365b3aa2d85d578103cf1b75030c57c196c6fa8c
                            • Opcode Fuzzy Hash: 1d544c98ae9816ae2baa7b833687812fb34533e4e762988d02aa9e04f5d867fd
                            • Instruction Fuzzy Hash: 7C21C2B5D002489FDB10CFA9D984ADEBBF9EB48324F14841AE918A7310D378A954DFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00F85804, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00F86699,00000800), ref: 00F8672A
                            Memory Dump Source
                            • Source File: 00000004.00000002.500357813.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: 38614c29b91c54f34fe17b71bd006d34a9824d2dcc114ba69cb6fd63ffd17999
                            • Instruction ID: c952f66c5887a55478b179ccef1fa3afbca3bb01a33ad282c97c0cbd4467b78b
                            • Opcode Fuzzy Hash: 38614c29b91c54f34fe17b71bd006d34a9824d2dcc114ba69cb6fd63ffd17999
                            • Instruction Fuzzy Hash: E41114B6D002098FCB10DFAAD488BDEFBF4EB58324F10842AE415B7210C7B5A945CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00F866B8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00F86699,00000800), ref: 00F8672A
                            Memory Dump Source
                            • Source File: 00000004.00000002.500357813.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: ed0b3252c6cce23bdefb49a7cbdcfe743da63fde5ec67a976cb2c6fc41138116
                            • Instruction ID: e9df5cbc5d51846ff94d356c37c45b9ccd8fefb2bfe24838fd688a9d1af90540
                            • Opcode Fuzzy Hash: ed0b3252c6cce23bdefb49a7cbdcfe743da63fde5ec67a976cb2c6fc41138116
                            • Instruction Fuzzy Hash: BD1114B6D002498FCB14CFAAD488BDEFBF4AB98324F14852EE455A7600C775A545CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00F5B698, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                            Download Yara Rule
                            APIs
                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,00F5CC4A), ref: 00F5CD37
                            Memory Dump Source
                            • Source File: 00000004.00000002.500209439.0000000000F50000.00000040.00000001.sdmp, Offset: 00F50000, based on PE: false
                            Similarity
                            • API ID: GlobalMemoryStatus
                            • String ID:
                            • API String ID: 1890195054-0
                            • Opcode ID: 51258ca4af2ed4f202ec6408b877fb1ce17703e68b5b0e4ed169db6d2e1f0320
                            • Instruction ID: 814fbb1669cb98faf11bd828b69e1892d1aa4d38212d275893222a94cccdf6c5
                            • Opcode Fuzzy Hash: 51258ca4af2ed4f202ec6408b877fb1ce17703e68b5b0e4ed169db6d2e1f0320
                            • Instruction Fuzzy Hash: 121133B1C006599FCB10CF9AD48479EFBB4AF48324F11816AD918B7200D3B8A945CFE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FDC3B8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                            Download Yara Rule
                            APIs
                            • RtlEncodePointer.NTDLL(00000000), ref: 00FDC432
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: EncodePointer
                            • String ID:
                            • API String ID: 2118026453-0
                            • Opcode ID: 3648581193b46e972e22ce9b8979ae9124911ba8d89a8401c5dccbcc027bec53
                            • Instruction ID: 7bb0fdbc8d3c7b971eb8cc98149ca6825ff5bddde8ba9d06253e8cb91571adbd
                            • Opcode Fuzzy Hash: 3648581193b46e972e22ce9b8979ae9124911ba8d89a8401c5dccbcc027bec53
                            • Instruction Fuzzy Hash: 4411AC71D003068FDB20DFA9D64879EBBF5EB49324F24842AD409A3700C7796545DFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FD41AA, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNEL32(00000000), ref: 00FD4216
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: HandleModule
                            • String ID:
                            • API String ID: 4139908857-0
                            • Opcode ID: d74a8506b6291d6521898cb11dc161ade30986a9ee49fe85cf0efd091479d73d
                            • Instruction ID: 056f72f96e23d356b3eda838f95e2c354865884739c73b12e6f7b215925d38a0
                            • Opcode Fuzzy Hash: d74a8506b6291d6521898cb11dc161ade30986a9ee49fe85cf0efd091479d73d
                            • Instruction Fuzzy Hash: 2B1120B6C002498FCB10CF9AD484ADEFBF5EF89324F14851AD429B7200C375A546CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00FD2F44, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNEL32(00000000), ref: 00FD4216
                            Memory Dump Source
                            • Source File: 00000004.00000002.500492177.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false
                            Similarity
                            • API ID: HandleModule
                            • String ID:
                            • API String ID: 4139908857-0
                            • Opcode ID: 38f419870beaaa0aba867f633734c9230cc13686bdc6c5eca8b42141a8d527f5
                            • Instruction ID: c9d81c12ad0024a8fed41193f7b87598d158cc1d622d14eee1cfbb52ad9148bb
                            • Opcode Fuzzy Hash: 38f419870beaaa0aba867f633734c9230cc13686bdc6c5eca8b42141a8d527f5
                            • Instruction Fuzzy Hash: 911123B6C006498BCB10CF9AD484B9EBBF5EB49320F14851AE429B7300C374A545CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00F890A0, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                            Download Yara Rule
                            APIs
                            • OleInitialize.OLE32(00000000), ref: 00F8A045
                            Memory Dump Source
                            • Source File: 00000004.00000002.500357813.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                            Similarity
                            • API ID: Initialize
                            • String ID:
                            • API String ID: 2538663250-0
                            • Opcode ID: a9773e5cea0592c9356ffedee3a2c3f073b8741424f330001e7424892fae9318
                            • Instruction ID: 53154a4422f998f147d2b8ac6ab63afe9c0ed211fd0a5c2e61402f9f4fa9208f
                            • Opcode Fuzzy Hash: a9773e5cea0592c9356ffedee3a2c3f073b8741424f330001e7424892fae9318
                            • Instruction Fuzzy Hash: 4C1115B59046498FCB20DF99D888BDEBBF4EB48324F14845AD519B7200D7B9A944CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00F89FE8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                            Download Yara Rule
                            APIs
                            • OleInitialize.OLE32(00000000), ref: 00F8A045
                            Memory Dump Source
                            • Source File: 00000004.00000002.500357813.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                            Similarity
                            • API ID: Initialize
                            • String ID:
                            • API String ID: 2538663250-0
                            • Opcode ID: 6f9f3cad3fd07a157084e7d4e7a727d2927e962e8f0c267d37e6d5a0ac96ad2d
                            • Instruction ID: 7c3c52d25a543154ed328e613d7c03c12b437d5d5435c53416b1fd449813d447
                            • Opcode Fuzzy Hash: 6f9f3cad3fd07a157084e7d4e7a727d2927e962e8f0c267d37e6d5a0ac96ad2d
                            • Instruction Fuzzy Hash: E11118B58006488FCB20DF99D488BDEBFF4EB48324F14845AD519B7651D3B4A944CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Analysis Process: NXLun.exe PID: 5372 Parent PID: 3292 NXLun.exeCOMMON

                            Executed Functions

                            Function 04D2D688, Relevance: 8.8, Strings: 6, Instructions: 1313COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: (!l$(!l$(!l$4/$l$4/$l$<!l
                            • API String ID: 0-3813968173
                            • Opcode ID: 887d9c5c4957139189b33d61feb031605ec9c81cfbc7acb1907b056c7f2f83b7
                            • Instruction ID: 673b4c4a50c57845fb7e423c410fc769f702ab22fbd2cd06190b1d03383884a1
                            • Opcode Fuzzy Hash: 887d9c5c4957139189b33d61feb031605ec9c81cfbc7acb1907b056c7f2f83b7
                            • Instruction Fuzzy Hash: 1FC25974B002248FDB24DF29C694A69B7F2FF98309F1185A9E54ADB761DB30EC81CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2BC78, Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: ] l$ ] l$Xc!l$C3
                            • API String ID: 0-3639036298
                            • Opcode ID: 950cd209a3e9cc527298194677aead1e9ab8eb6d212d6a9f4410e54e0f88ce69
                            • Instruction ID: c78f80c55c0c20ea15b4948a71c7ac034cfcf722c248ff6eaa153eb71423d1a4
                            • Opcode Fuzzy Hash: 950cd209a3e9cc527298194677aead1e9ab8eb6d212d6a9f4410e54e0f88ce69
                            • Instruction Fuzzy Hash: 84A14A34B006158FCB14DFA4C64499EB7F2BF88308B11856AE9069B364DFB1FD06CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D28622, Relevance: 5.1, Strings: 4, Instructions: 107COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: K!l$K!l$K!l$K!l
                            • API String ID: 0-1378930341
                            • Opcode ID: 017e3da82fc47a674726f6cbb53f1c47f0458a332797e054e5e402678f6d1d3f
                            • Instruction ID: 6e2039a23a24f2c63af3562810eca8d1af3e2fe49a0bf47e8455c9edda72e33c
                            • Opcode Fuzzy Hash: 017e3da82fc47a674726f6cbb53f1c47f0458a332797e054e5e402678f6d1d3f
                            • Instruction Fuzzy Hash: 9F3132363041104F9B04AF3AA8942AEF7D6FFC936831141B9E609CBB51EF31DE058790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2A6C0, Relevance: 4.2, Strings: 3, Instructions: 427COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: +_Ih^$;_Ih^$^Ih^
                            • API String ID: 0-2075054404
                            • Opcode ID: dcc4abac217ef11613f3d5df46a13fb221df2671e9efb074fb32d19b6ecdc6b8
                            • Instruction ID: 8773431b62963c9f6d90c401f2b85537256f57034f122c55cf3dc45c571a6528
                            • Opcode Fuzzy Hash: dcc4abac217ef11613f3d5df46a13fb221df2671e9efb074fb32d19b6ecdc6b8
                            • Instruction Fuzzy Hash: 0AF1CD70B046269FDB10EF69D640A9A77E2FF9474CB108969D546DB348EF70EE05CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2BC68, Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: ] l$ ] l$C3
                            • API String ID: 0-3289295057
                            • Opcode ID: f31e794e70cf61fe017ed1bae2f1a530cb8ebaee2efaa76aed94c5fcf1ccf2e7
                            • Instruction ID: db89aeade1f14a45db675012a9c2e459090f944661356da36ddb323ffb8d0ea9
                            • Opcode Fuzzy Hash: f31e794e70cf61fe017ed1bae2f1a530cb8ebaee2efaa76aed94c5fcf1ccf2e7
                            • Instruction Fuzzy Hash: 7F713B34A006158FCB14DF64C64499EBBF2FF85304B15856AE91AAB364DFB0FD06CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25E08, Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: hC!l
                            • API String ID: 0-1704004601
                            • Opcode ID: a36638267888fc8733244e9f9c07a147aa684649e7ce6b8f8287e5fd2450dfd4
                            • Instruction ID: af6aef140f2850ed09b2fa84f9e95f9bab8ba597103ddb4637146f2533f44326
                            • Opcode Fuzzy Hash: a36638267888fc8733244e9f9c07a147aa684649e7ce6b8f8287e5fd2450dfd4
                            • Instruction Fuzzy Hash: 15C103347082509FC714DF39E554C6ABBF2FF9A218B1548AAE146CB362DB31EC45CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2A070, Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: d
                            • API String ID: 0-2564639436
                            • Opcode ID: 3a53aeb26d2bcb95a2f7e9a3c824d09aae02e934694755f36ba0f4c318a40c94
                            • Instruction ID: 9ded70f65d03c628ddf28b29a68c389e33895e4373132ba9d74b0b4e0ca3b5c0
                            • Opcode Fuzzy Hash: 3a53aeb26d2bcb95a2f7e9a3c824d09aae02e934694755f36ba0f4c318a40c94
                            • Instruction Fuzzy Hash: B7D16B312006168FCB11CF58CA80D6AFBF2FF8431875AC969E5598B7A6E730F855CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D259C1, Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: d
                            • API String ID: 0-2564639436
                            • Opcode ID: 7ed92c3637fb9a468cb4cb2f2b601f5f43e50c3a225ea52778dc21c7e1805ed8
                            • Instruction ID: 9cc1495b3c6b9cea02312db37a4553d6b9c0968c64fcccfe08d3eb7a418b4f30
                            • Opcode Fuzzy Hash: 7ed92c3637fb9a468cb4cb2f2b601f5f43e50c3a225ea52778dc21c7e1805ed8
                            • Instruction Fuzzy Hash: C2C16834600612DFCB14CF18D690D6AB7F2FF88318B56CAA9E55A9B761E730F845CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D24650, Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: hC!l
                            • API String ID: 0-1704004601
                            • Opcode ID: 1194118307380757b93dbb157d05d4bfaf0203387a5f02a642a06185dd6c5aee
                            • Instruction ID: ad914c6ef5fcf362d078a3c01679cccf4724d9c29ff8116b0b8be150d27abb73
                            • Opcode Fuzzy Hash: 1194118307380757b93dbb157d05d4bfaf0203387a5f02a642a06185dd6c5aee
                            • Instruction Fuzzy Hash: 887194347146108FC7189F39D558A29BBFABF9971971540AAE906CB3B2DF71EC01CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2D348, Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: <!l
                            • API String ID: 0-686964068
                            • Opcode ID: 9be47b36da33ab33c36353ca2b098f615d5db61111d04525b445c2a48cfb5826
                            • Instruction ID: c8888014106f92f0e35dd12096a653e6d3c7c0aee4e3e998317f7e808125e62e
                            • Opcode Fuzzy Hash: 9be47b36da33ab33c36353ca2b098f615d5db61111d04525b445c2a48cfb5826
                            • Instruction Fuzzy Hash: 144120357046218FDB25DE69D94096FBBA6FFC5318B1580AAD909CB311DB34FC0287A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25DF8, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: hC!l
                            • API String ID: 0-1704004601
                            • Opcode ID: 9c4cfa4a753e5de7323f6516f557e23fe1657fd12c7707d798818b64b1ee5c33
                            • Instruction ID: dae020b2d409a39b172a6ec9ce900a57e24df2280b6ab512dc2da06380ef534c
                            • Opcode Fuzzy Hash: 9c4cfa4a753e5de7323f6516f557e23fe1657fd12c7707d798818b64b1ee5c33
                            • Instruction Fuzzy Hash: 6E417E347085149FC718DB39E264C2677E6FFAA21971244A9E246CF365DF71EC01CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2D679, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: <!l
                            • API String ID: 0-686964068
                            • Opcode ID: 7f15dba6eb5644b13ac53b313b471cd3cc002cb9b0955b3dc302f07eaf48adcf
                            • Instruction ID: d08a4be971bf9ed64d89b60aa22c570830c9415d2b5caaa6ce3f0c14eef7369a
                            • Opcode Fuzzy Hash: 7f15dba6eb5644b13ac53b313b471cd3cc002cb9b0955b3dc302f07eaf48adcf
                            • Instruction Fuzzy Hash: 1B21D670A01629DFDB14CF28CA84A2AB7F5FF55319F1580A9D8099B361D730FD41CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D248A8, Relevance: .5, Instructions: 503COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f2effac7b00c163019b7fb4178926c8834a8607c9f0969b2638078549eac684c
                            • Instruction ID: 21eed81dd4ab2aadd08fd1176c7c98c45e84086110943f374f12d9dc4e9cc497
                            • Opcode Fuzzy Hash: f2effac7b00c163019b7fb4178926c8834a8607c9f0969b2638078549eac684c
                            • Instruction Fuzzy Hash: D2123878B006158FCB14DF39C584A6ABBF2FF99308B1584A9E946CB366DB31EC45CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2C520, Relevance: .4, Instructions: 399COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 72ca10b47a681af9ba619db3e7c30c0f19d96aa99d6188c48d7802a6d26d65e4
                            • Instruction ID: ef0cbb668cab80e704f5e9525d14a021e94c6b8093a7ca02300a6d9c8788b525
                            • Opcode Fuzzy Hash: 72ca10b47a681af9ba619db3e7c30c0f19d96aa99d6188c48d7802a6d26d65e4
                            • Instruction Fuzzy Hash: 2BF15578B106008FCB54CF2AC589A6EBBE2FF95718F1984A9E542CB761DB34ED00CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D23F50, Relevance: .4, Instructions: 399COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1bb72f959017bbc73c075f396254c47dc9c7ab3013f5eadeeb981190971c363e
                            • Instruction ID: c742625749d8cddcdb8a73940c716d9ef3faded15aeaba247a975940778457bb
                            • Opcode Fuzzy Hash: 1bb72f959017bbc73c075f396254c47dc9c7ab3013f5eadeeb981190971c363e
                            • Instruction Fuzzy Hash: 5EE19134B002258FCB14DF69C654AAEB7F6BF98708B158169E906EB365DB70EC01CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2B418, Relevance: .3, Instructions: 349COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4b8531f65b7a3681bac13b08e8af5d15f997f16462165d6a7707a977b8bf7c90
                            • Instruction ID: d8dddd0addaad3bb3333533bb8bc87582b94226e099167e156bf2694c6d14f08
                            • Opcode Fuzzy Hash: 4b8531f65b7a3681bac13b08e8af5d15f997f16462165d6a7707a977b8bf7c90
                            • Instruction Fuzzy Hash: 84C1B374B05721CFDB258F20C61862AB7E2BF94709F19856AD9468F395DBB1FC41CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F980, Relevance: .3, Instructions: 252COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a35e33b5f115ba140e8a55d288c161d2f74ca5553f2de07b459386166db3ca14
                            • Instruction ID: aea53fc8df084b35c39bff14d83b2d3cf5d83dbd1739d3669d5b4f56fc923fed
                            • Opcode Fuzzy Hash: a35e33b5f115ba140e8a55d288c161d2f74ca5553f2de07b459386166db3ca14
                            • Instruction Fuzzy Hash: 6991B135B00614AFDB04EFA5D954AAE7BF3FF88304B008869E906D7351DF749E468B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2ADE7, Relevance: .3, Instructions: 251COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41ba5d8df2ce6193396180a88d478357d4f61e7326686dcd1b5db648dbc6b814
                            • Instruction ID: 56480629d6f4414e2d23f36177a01ee0c33d63a1dc44872d47126cb26d8ef40c
                            • Opcode Fuzzy Hash: 41ba5d8df2ce6193396180a88d478357d4f61e7326686dcd1b5db648dbc6b814
                            • Instruction Fuzzy Hash: 198123747042158FDB159F39C61092B77ABFF99308B11846AEA42CB399DFB4EC41C761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D299B0, Relevance: .2, Instructions: 240COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e58baa712f78b98122b195c4ec4b3053a95b20d42df3de6dd5e8ca616d72d4c0
                            • Instruction ID: e8305f11ccd08895d924a02a2623401a33fae6968f1c59cf68c46048cdb6e58d
                            • Opcode Fuzzy Hash: e58baa712f78b98122b195c4ec4b3053a95b20d42df3de6dd5e8ca616d72d4c0
                            • Instruction Fuzzy Hash: 9781E3F1B05331DBDB214A29826022AB6E2BFA4B18F1545DACD86DB348E770FC41C7E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F3D0, Relevance: .2, Instructions: 236COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3008ba941e8d09594ec55d3047d55b19bc5343cdcef98ff2785ead62a8340f7c
                            • Instruction ID: 122a4e0e700dd97386b257b8be2ce5ded22241ce3847947dc6c2f4a389b0aa38
                            • Opcode Fuzzy Hash: 3008ba941e8d09594ec55d3047d55b19bc5343cdcef98ff2785ead62a8340f7c
                            • Instruction Fuzzy Hash: AF81CA357006108FCB04DF79C64896AB7F6EF88618B1588A9D90ADB365EF70EC02CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2A441, Relevance: .2, Instructions: 221COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f6f52fd3860b0b33a672b919969b4b5e5af78f2bc2f4de1cc20d2bb644565b13
                            • Instruction ID: 839a9899f68e64a6397234434de1006386ed61a1eb3a34e92a8ae6dde296f475
                            • Opcode Fuzzy Hash: f6f52fd3860b0b33a672b919969b4b5e5af78f2bc2f4de1cc20d2bb644565b13
                            • Instruction Fuzzy Hash: ED81FF70A006168FC710CF68C6C496ABBF5FF98318B11C9A9D659CB765E730F986CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D29818, Relevance: .2, Instructions: 211COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 75dfb527f0b14a8a5f9b01c1f99334af08409d42bd19099bd587245e7c71e618
                            • Instruction ID: 1d7b6fd64a089458295afc1d328c510968b28f91fbd65bb9b8b4bd4e35a8c372
                            • Opcode Fuzzy Hash: 75dfb527f0b14a8a5f9b01c1f99334af08409d42bd19099bd587245e7c71e618
                            • Instruction Fuzzy Hash: F171E175B042149FCB05DF64D8549AEBBB6EFC9310F15809AEA06DB3A2CB70DD01CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25100, Relevance: .2, Instructions: 192COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 607a6dbd52567026f213ce947a77bdbd0e789b4ca80ba09169416dbcce3741ce
                            • Instruction ID: 088c8be018a13e88e96fb9771cebb1850da78f0b5a4b2ac656784eaeb8f7c06a
                            • Opcode Fuzzy Hash: 607a6dbd52567026f213ce947a77bdbd0e789b4ca80ba09169416dbcce3741ce
                            • Instruction Fuzzy Hash: FE718D75B002259FCB05DF68D5949AEBBF5FF89318B1540AAE805EB361DB30ED41CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D23F40, Relevance: .2, Instructions: 180COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f86281001a30a8f0b626569005119816e60a9749dd8a31124d21a8202b62c8ea
                            • Instruction ID: 5dfd50042cc7bbe161df19a499293101643e687db08ba7901b38ba5a43ad08fa
                            • Opcode Fuzzy Hash: f86281001a30a8f0b626569005119816e60a9749dd8a31124d21a8202b62c8ea
                            • Instruction Fuzzy Hash: F061B074F006258FCB14DF69C6406AEB7F6BF98308B15816ADA05EB365EB70EC01CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D256E8, Relevance: .2, Instructions: 179COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4c4b46fb130303e94c9c40261b0bb57ed14e6241f6fae4f9e89392f8af9fe61b
                            • Instruction ID: 329173f3d5735d2bddc2287c321a5eb26de7c9c3dd2f9b9c3ee1ff5e767ac502
                            • Opcode Fuzzy Hash: 4c4b46fb130303e94c9c40261b0bb57ed14e6241f6fae4f9e89392f8af9fe61b
                            • Instruction Fuzzy Hash: 7B61CC35604216AFC701CF68D590C9AFBF2FF8A31471689AAE559CB261E730F915CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F967, Relevance: .2, Instructions: 177COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 516ad90337c1fa0d91ce06c252d36498f9a8e329a7b9d2fc80a245af39216e79
                            • Instruction ID: 1a0f0c9a0f67daf60d431f4fa63922aca346280aaf0e71fae1496a6b19ace816
                            • Opcode Fuzzy Hash: 516ad90337c1fa0d91ce06c252d36498f9a8e329a7b9d2fc80a245af39216e79
                            • Instruction Fuzzy Hash: C551BD75B00215AFDB04DFB5D958AAEBBB6FF88305F148029E906D7390DF349D428BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2B8B8, Relevance: .2, Instructions: 174COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4f03b9b25daf23e8d1ff761e6785b1f45361f2ffc6688a3d811e9d5914816c15
                            • Instruction ID: 546cb8a1764bd83aceaeeb13fdbbace2337049ec3402454a7eb573d505b207e8
                            • Opcode Fuzzy Hash: 4f03b9b25daf23e8d1ff761e6785b1f45361f2ffc6688a3d811e9d5914816c15
                            • Instruction Fuzzy Hash: 87616835A00624DFCB14DFA5D698AADB7B1FF88309F10806AD506E72A0DBB0FC41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2B1E1, Relevance: .2, Instructions: 174COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 55566c5fa0bf07128e2b20505f6c721a244ea6a8d3495423ed2e24e806a5062d
                            • Instruction ID: 998a5b9b2617a1374973fb9ab7ee84861fd5f68e1a86fbc0de177cc80f17bf45
                            • Opcode Fuzzy Hash: 55566c5fa0bf07128e2b20505f6c721a244ea6a8d3495423ed2e24e806a5062d
                            • Instruction Fuzzy Hash: 2F51A334B046268FDF249E65C69422F77A2FFA5208F24847BC642C7255EBF4F885C792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2A6B0, Relevance: .1, Instructions: 129COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4fc81037f2694b00a69625a5fbf859d500c58166ea13a3416f24dcab1f47b88
                            • Instruction ID: c34015c50adaf7a2c8f69832aac34ab533ccbaf2321752389047d480c3916683
                            • Opcode Fuzzy Hash: a4fc81037f2694b00a69625a5fbf859d500c58166ea13a3416f24dcab1f47b88
                            • Instruction Fuzzy Hash: 97417B74A002159FDB14DFA9D99099EBBF2FF94318B008569E506EB360EF70AD05CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2B0A8, Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e03044b2beef7e683f917598ebf9b266d7a32202bc2c692e46dd4a6d24663fac
                            • Instruction ID: e2275c5fada9e94e52eddf71cedceff19bb064c54ad1f73563e224f46c6a7f38
                            • Opcode Fuzzy Hash: e03044b2beef7e683f917598ebf9b266d7a32202bc2c692e46dd4a6d24663fac
                            • Instruction Fuzzy Hash: 793126373041204FDB268FA9E940666B7D6EFA9238B048477E74ACB355CAB2FC41C791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2EEB0, Relevance: .1, Instructions: 114COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 623f653bdf9da83c40a3c3af04529197a510785851d0d763d9218569f2da93d8
                            • Instruction ID: 062da91a3aef01b95dbbc58a86f05a4a577063d30a9530a0bdcebe9fdc85cb47
                            • Opcode Fuzzy Hash: 623f653bdf9da83c40a3c3af04529197a510785851d0d763d9218569f2da93d8
                            • Instruction Fuzzy Hash: C8417C75F002189FDB04DFA4D984AAEFBB6FF88314F548165EA04AB355CB30AD45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D259D0, Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3804d2d74bfbd9d7304e4b086b3273a15b9c90f1495aea97a18a94e9da83b852
                            • Instruction ID: 43e7148ad9b1d1072cea675dd68173e642c2947392441dc616a5da4564939b72
                            • Opcode Fuzzy Hash: 3804d2d74bfbd9d7304e4b086b3273a15b9c90f1495aea97a18a94e9da83b852
                            • Instruction Fuzzy Hash: 86415534600616EFCB14CF59C594D6AB7F2FF89318B1589A8E559AB261E730F800CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D290CB, Relevance: .1, Instructions: 110COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 410165d0cf86c641fd5f29bda4f4e44aafbc8a822ba57f32d28d65ae9ec0cb2d
                            • Instruction ID: f147fa642c30c670816a43a27fc39ca047675d9a5c0248e9e29881dfb4d85c07
                            • Opcode Fuzzy Hash: 410165d0cf86c641fd5f29bda4f4e44aafbc8a822ba57f32d28d65ae9ec0cb2d
                            • Instruction Fuzzy Hash: 64417E35B002248FCB14DBA4D994AAEB7F3BFC9248F254469E406AB395DF35ED42CB41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25571, Relevance: .1, Instructions: 101COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e89225791c1232b753fa84d01bf7a8623701af00fbaf70ef74d502713bf84816
                            • Instruction ID: 7dc8cb27c119e3c15442b9197938fa35f0296325f0530ef7cb0d5af82ebf9a62
                            • Opcode Fuzzy Hash: e89225791c1232b753fa84d01bf7a8623701af00fbaf70ef74d502713bf84816
                            • Instruction Fuzzy Hash: 9C31AF38B002109FDB15DF34D49896ABBB6FF99314B1088AAED06CB395DB31ED15CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25580, Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d5a224aa4bd467fe628704edc6a360b0374f55acfa654d940a6d89b8b9b49740
                            • Instruction ID: db0b36a0c758df1eb755c64fcc8575967f13dad450ec1313721547c06136cb0c
                            • Opcode Fuzzy Hash: d5a224aa4bd467fe628704edc6a360b0374f55acfa654d940a6d89b8b9b49740
                            • Instruction Fuzzy Hash: 03317E38B002109FDB15DF34D49896ABBB6FF99314B1088AAED06CB395DB71ED15CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2B408, Relevance: .1, Instructions: 94COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 126255f0ce576b39684d5285378e156d72d3d6460ea12530b18e5f227fcd4749
                            • Instruction ID: f21dc31a389c17506adb85e98aea065459a70dc802b125dabc0913a6f58b78c6
                            • Opcode Fuzzy Hash: 126255f0ce576b39684d5285378e156d72d3d6460ea12530b18e5f227fcd4749
                            • Instruction Fuzzy Hash: 213104B4B007218FDB049F709954A2EB7A5FF98309B144539EA02CB391DFB1EC06CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2D481, Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0ca5ba2948eb39852bb33979d78f1c2f7a28cc59750c9b32825a5a598e12a4c9
                            • Instruction ID: 2091c98bc0141e57cb27d3fe8a7c29b32115d45ff0db25f33deab8e24fa86dcd
                            • Opcode Fuzzy Hash: 0ca5ba2948eb39852bb33979d78f1c2f7a28cc59750c9b32825a5a598e12a4c9
                            • Instruction Fuzzy Hash: 57217F757005208FC714DF3ED598A2A77EABF9960872540BAE506CB3B1DB70EC41CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2AD10, Relevance: .1, Instructions: 78COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: acf82fbc0103a2adb148fc89153c092416fc145a9f31197b921220b6441147ee
                            • Instruction ID: ea3cc93d8b8578775258ec164ec286df184664eb0e14ba3ca2d432cfc7222bc6
                            • Opcode Fuzzy Hash: acf82fbc0103a2adb148fc89153c092416fc145a9f31197b921220b6441147ee
                            • Instruction Fuzzy Hash: 1431CE35700219CFC714DF68D988AAA7BF6FF59319B214469E806DB361EB71EC41CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D24E28, Relevance: .1, Instructions: 77COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82b62d77ba54c9b067fc52a4c240685e3aad7ef52b1fefac9d2d07b8d5666557
                            • Instruction ID: 65b44e6efaf55ef2b672244c89cd98134b122f8b2b582672078f463aca0e3663
                            • Opcode Fuzzy Hash: 82b62d77ba54c9b067fc52a4c240685e3aad7ef52b1fefac9d2d07b8d5666557
                            • Instruction Fuzzy Hash: 382141386047904FD7208F7AC64065BBBE2AFE4208B04882EDE86C77A1DB30E905C7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A1D63C, Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.335881952.0000000000A1D000.00000040.00000001.sdmp, Offset: 00A1D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 173ec15c6ca77936a91eb00818c83a29eb0ae0419581e056e51948560e266416
                            • Instruction ID: cbe5bb11e0b05178aaefc7706785adeaec7c8b0d2a1b18da57ca3b62eb834da3
                            • Opcode Fuzzy Hash: 173ec15c6ca77936a91eb00818c83a29eb0ae0419581e056e51948560e266416
                            • Instruction Fuzzy Hash: 122134B6504240EFCB00DF10D9C0F66BB76FB98324F2485A9E9094B24AC336D896CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25C98, Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c6ad888ac1bea12a40a6744835d5d8fb85914b58150bca7d497261f963f31c6
                            • Instruction ID: 1511b5e9ddbc9287332bbaac9fa7a8a1db4dfa2c7ab421e81e1c6b2523e8292d
                            • Opcode Fuzzy Hash: 1c6ad888ac1bea12a40a6744835d5d8fb85914b58150bca7d497261f963f31c6
                            • Instruction Fuzzy Hash: AC21A1353046005F9314EF29D590C56BBE6FF9932832586ADE259CB351EB71FC028B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D26301, Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28ef8c320c87db6fcc3152f4ff1b49fbe5d2458b18cf5360a0fb9221b30c4ba3
                            • Instruction ID: 9cb06017688c48dfd540a81f643388ab7ef3847933da7df4143e98d2028070a4
                            • Opcode Fuzzy Hash: 28ef8c320c87db6fcc3152f4ff1b49fbe5d2458b18cf5360a0fb9221b30c4ba3
                            • Instruction Fuzzy Hash: F2218B35B002258FCB15DF68D5908AEB7F6EF9920871440AAE40ADB361DB31EC02CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2C9E0, Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 557a7557bf5ffbebc4e9ea4000cc5500d19e6a5d91a5c5947622ae74ba9f711c
                            • Instruction ID: 377de5bd3909241aeba7a1de3b60a9d92449cffb6ba36525746d7eedabdbcb3e
                            • Opcode Fuzzy Hash: 557a7557bf5ffbebc4e9ea4000cc5500d19e6a5d91a5c5947622ae74ba9f711c
                            • Instruction Fuzzy Hash: F2110676B046245FD325CA289990E2F77E6EF98B64F25413AE605CB3A0DE70EC0283D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D26198, Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c1f3da7cf12431fbebf0d104695d6c53446ed4da341f623de495223ecf8fc608
                            • Instruction ID: 5a776926f5257e506c57e80abc72e90f749b7b4d65aeb06b4d434c38fd650000
                            • Opcode Fuzzy Hash: c1f3da7cf12431fbebf0d104695d6c53446ed4da341f623de495223ecf8fc608
                            • Instruction Fuzzy Hash: C8112132B002148BCB14DFA5D958BEEBBB5BB98315F140029D506F3290DE705C498BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D263D0, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 438f8ed7836ff278a3e698d09f628f159bfd2a357462bdb1e6638d486a6dff46
                            • Instruction ID: 306db08b635096421d284d6b7d4fa7e29a09c7bc3ad7dea8f9c7f71a31d5d512
                            • Opcode Fuzzy Hash: 438f8ed7836ff278a3e698d09f628f159bfd2a357462bdb1e6638d486a6dff46
                            • Instruction Fuzzy Hash: 481106327083409FD720CB68D805F927BA4EF82324F0585AAE295CF6A6D7F0E806CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25FE9, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8ba21760d5a15f5ecfc6606718fac723db94a50cf69637d595b13db2a3900d9
                            • Instruction ID: 5b5988074ff2254b38a773dd7381b0fc78b90603493e617409c6d98dc18388f4
                            • Opcode Fuzzy Hash: c8ba21760d5a15f5ecfc6606718fac723db94a50cf69637d595b13db2a3900d9
                            • Instruction Fuzzy Hash: 20110471A002199FCB50DFB8D69599DBBF5EB49294B2040AAE409E7311E731E946CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A1D637, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.335881952.0000000000A1D000.00000040.00000001.sdmp, Offset: 00A1D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b88a7ec900b8d9d152df82f6a6fdb144c596dfe53c5a765c19d03004c3cb1d32
                            • Instruction ID: 4396f2ae12e987a7aeadcecccbc25e3f31cb0681b7373efb67ba576f8fe6c504
                            • Opcode Fuzzy Hash: b88a7ec900b8d9d152df82f6a6fdb144c596dfe53c5a765c19d03004c3cb1d32
                            • Instruction Fuzzy Hash: 3011B676504280DFCF15CF10D9C4B56BF72FB98324F24C6A9D8494B656C33AD896CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D29EA0, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9adf9328a2483f51036a8a0c4e33b607384b3fb5533a40a2f4eaa3b9805bfb2b
                            • Instruction ID: 44e2430f3f814547d07dd3d73a4653492b6c0ff24d043719466a1aeff21bbb10
                            • Opcode Fuzzy Hash: 9adf9328a2483f51036a8a0c4e33b607384b3fb5533a40a2f4eaa3b9805bfb2b
                            • Instruction Fuzzy Hash: D11123B8B002159FCB04DF25C451B6BB7BAFB88214F00445AEA42D7395DFB0EC0087A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D296F1, Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c64b1a91303385e584709185bffd8bc413697580d275d10ca06d9c11fab1df95
                            • Instruction ID: efe81f9d971a2bcad301178dafc3ccab9d39c6ede9f80b96ad857d5cfc663405
                            • Opcode Fuzzy Hash: c64b1a91303385e584709185bffd8bc413697580d275d10ca06d9c11fab1df95
                            • Instruction Fuzzy Hash: 3D113074E002599FDB04CFA5D950AEEBBF2AF88314F1484A9E401B7350DB755D45CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D23EB9, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cc05d6f917f43e4f22171df383a036132dd0f385dcede270464acedf2ede1c1e
                            • Instruction ID: dbfce48bc847540fcc4da1ec78b5c1b3d2e2509fcda0521bbfd32ab0eed209d7
                            • Opcode Fuzzy Hash: cc05d6f917f43e4f22171df383a036132dd0f385dcede270464acedf2ede1c1e
                            • Instruction Fuzzy Hash: 980126393042000F8B14FB34D4614AE3BD79FC66143424469D246CB764EFB0EE0687E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D285B8, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44baf954e4b8abe7b83f85d94ba2b73896e8efa45b272d64b9cf00b3a655df9a
                            • Instruction ID: d0e656351cf1d5fc2ee7706ac4b029849c0bd41c0b0721c6eddd964ba66d6183
                            • Opcode Fuzzy Hash: 44baf954e4b8abe7b83f85d94ba2b73896e8efa45b272d64b9cf00b3a655df9a
                            • Instruction Fuzzy Hash: 58F08136700219AF9F10EE59EC448BFBBEEFB99624314852AF519C7240DB3198159764
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25500, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fcd933ead6796afc41fe0ab712be5c7f26bd6c275f8d33dea5601ef7250c5d79
                            • Instruction ID: 9110148f612c6701cafda4ba2b5eefae430c7c9e7f07c10dbbf6a9f14458d4c5
                            • Opcode Fuzzy Hash: fcd933ead6796afc41fe0ab712be5c7f26bd6c275f8d33dea5601ef7250c5d79
                            • Instruction Fuzzy Hash: 31016D34A00723EFC7249E25E628927B7E7BB9430DB148C2DD58286A14EBB1F581CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D29700, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed4741a7c2e24de58404574159687abf5dc6408ca43b375be680991a97e6d8ed
                            • Instruction ID: 53d672836412972730ab44ccc9542c8e2d1764e8896a778757913a32cdd18629
                            • Opcode Fuzzy Hash: ed4741a7c2e24de58404574159687abf5dc6408ca43b375be680991a97e6d8ed
                            • Instruction Fuzzy Hash: DB012D74E04258AFDB04CFA5DA54ADDBBF2BF48314F1484A9E805B7350DB715A04CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D27DB0, Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fca2455df8bab7d33668f749df6319d5352b8ad57f0208d2837b58a4cc9bd1d2
                            • Instruction ID: 3721b2ced6a3edbb3fe23f91b90046a6fed317274c5385c994d0e0d824f84843
                            • Opcode Fuzzy Hash: fca2455df8bab7d33668f749df6319d5352b8ad57f0208d2837b58a4cc9bd1d2
                            • Instruction Fuzzy Hash: 7DF0595B70C2E05FC72303782C614BEBF64DDE725034984EBE581CB2A6D560984BD361
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D26E9A, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 73c44adbcd3ba5dc05759e3fbfce585e3f49021aa2e2d4159faa13f31f788202
                            • Instruction ID: 3d5a92d59531a226c98fcd9b47c287ccd4136c7d025928c50ab5be6cb9cc223f
                            • Opcode Fuzzy Hash: 73c44adbcd3ba5dc05759e3fbfce585e3f49021aa2e2d4159faa13f31f788202
                            • Instruction Fuzzy Hash: 50F054762041983F8B124E9A6C10CFB7FEDDA8E1617044056FAD8D2251C529C961D7B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D23EC8, Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3e937cd447e79e6988876610128b84760e8e7889796679f34503f3f741a253d
                            • Instruction ID: 53b93e8fabadf52baf7b754e132c0cc8f1e18b786a635c3338908ed169a4759a
                            • Opcode Fuzzy Hash: f3e937cd447e79e6988876610128b84760e8e7889796679f34503f3f741a253d
                            • Instruction Fuzzy Hash: 29F0BB353005004F4A14E769D09199F73D7CBC95143124869D10BCB754EFB0FE4687E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D263C1, Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 37c7a08c16d8db6973436dd584313a98e96e0bc53a6637305c9dc0cc6ae9e080
                            • Instruction ID: 969e5aaa6dee04e8c9b2d274e0ec246bcb097cd9deea492262a5c2f1c9c5de5d
                            • Opcode Fuzzy Hash: 37c7a08c16d8db6973436dd584313a98e96e0bc53a6637305c9dc0cc6ae9e080
                            • Instruction Fuzzy Hash: 8CF024317487008FC7208E78E944FA53BE1EB80728F15826AE254CF2E2D3F0E8138700
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F370, Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a0aafd439c5ae8344e7ea77c2959e4edcec007e02d26acd34094fb65e2755039
                            • Instruction ID: 382862e0cbcfa4a43a4d90d4d900dfaa0f63833789dcbe046c79a72170760087
                            • Opcode Fuzzy Hash: a0aafd439c5ae8344e7ea77c2959e4edcec007e02d26acd34094fb65e2755039
                            • Instruction Fuzzy Hash: 9CF0FE397109104F8B48DB3ED45486E77EBAFCD61535584B9E606CB370EFB1DC019A40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D26EA0, Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f3f690b676f29829e1471e37232199dd2c89208495ab5f48f875d06cf873514
                            • Instruction ID: 207f2bda4487c0671c7eda4011a18e8e43a2b42af2300b7478360c18c45e7a5a
                            • Opcode Fuzzy Hash: 9f3f690b676f29829e1471e37232199dd2c89208495ab5f48f875d06cf873514
                            • Instruction Fuzzy Hash: 1DF012762041E83F8B514E9A6C10CFB7FEDDA8E1617084056FF98D2141C529CA209BB0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D256D9, Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4ba3156e3a7443d7ad5567c163821f67298f9c77e4bae5649b18960b35b8e56
                            • Instruction ID: 46804a8eee2bdbaa8e1425620e4d1ead2441b6cb4e29841632a3a48f72dc0870
                            • Opcode Fuzzy Hash: b4ba3156e3a7443d7ad5567c163821f67298f9c77e4bae5649b18960b35b8e56
                            • Instruction Fuzzy Hash: 7AF0E23A6041439FD715CB08E0E0CC5BBB2EF9A32030AC4AAE545CB266DB70E955CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F260, Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82257fd7aeb706ed4c0dc5134d06c95130d4e9ef2bc45eb406a2f613f9dcd259
                            • Instruction ID: 94b8c4bc1640713602b47b757681f2c0a1b1313650226921f727ef68e5774e01
                            • Opcode Fuzzy Hash: 82257fd7aeb706ed4c0dc5134d06c95130d4e9ef2bc45eb406a2f613f9dcd259
                            • Instruction Fuzzy Hash: DBF082752042089FD701DF48C840C86BBE9FF5A308315849AE588CF322D771EC10DBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25868, Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 57fabba47fd61a465a6963aafd3b9affe4e4c86cfaf41431e4749874f506d445
                            • Instruction ID: 8531b7bd49527747edf8ab6eb8c3a220dcd25e99b1f36281f36ed0a2465f1a66
                            • Opcode Fuzzy Hash: 57fabba47fd61a465a6963aafd3b9affe4e4c86cfaf41431e4749874f506d445
                            • Instruction Fuzzy Hash: 46F082317087428FC714DF29E94184BB7E1EFC5614701CDADE14AC7669EA70AD0A8791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F270, Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1cea0eacbf4b7202548efb35ff901d22695fe8e5997e391766f5320e06da024
                            • Instruction ID: ecf11af65faadd14ad751b7bb42b5d9982b2a73b7a6ca97fe0bc2af7afb7374f
                            • Opcode Fuzzy Hash: a1cea0eacbf4b7202548efb35ff901d22695fe8e5997e391766f5320e06da024
                            • Instruction Fuzzy Hash: 5EE0ED392041099FD701DF59C980C927BE6FF59258715859AE548CF322D771EC11DB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2F102, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 909c19aaa29ff549ac769c015cbee4a9bae1a0aa8f6f73bf19a950c45e9a3cdf
                            • Instruction ID: 903bfcd2f3962f89cb25cf196ecb9298eca6e401a3a46bd3d19bb7ea7b5d73c3
                            • Opcode Fuzzy Hash: 909c19aaa29ff549ac769c015cbee4a9bae1a0aa8f6f73bf19a950c45e9a3cdf
                            • Instruction Fuzzy Hash: 31E04F7320D3209EA355EA24F800897B7E5EF94324B118C2EE444C7200E731E841C765
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2BFFB, Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fb79adbb7d978c86226908475d46ef890a390ae37bba9f1ae2c5af57b71c5a93
                            • Instruction ID: 391e72f02def1ff667e74b928fb92cbcd57732d6ea18bb919d95ddd824baf06a
                            • Opcode Fuzzy Hash: fb79adbb7d978c86226908475d46ef890a390ae37bba9f1ae2c5af57b71c5a93
                            • Instruction Fuzzy Hash: 30E06D70A102498FCB14CF90CA92A9EBFB1BF54208F204055C405AB655EF34AD06CF80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D27D77, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a797cf7cfe78e0cdb6fe154980fbee542f6e10f2086758c0f85e43dce80133ca
                            • Instruction ID: 4269ffc14ed39cde70d47d438ab6ac5f075f6787cd2a2673d2d4fc4432d8021d
                            • Opcode Fuzzy Hash: a797cf7cfe78e0cdb6fe154980fbee542f6e10f2086758c0f85e43dce80133ca
                            • Instruction Fuzzy Hash: 7BE0C22A70C2901FC71217696C5149EBFA9CECA22030984BBE944C73A2C930488AC362
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D262D0, Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 828a16ea9bb908f42b46d6bd8d544951a3d0e4d0d70ae9042e0d1aa56ce01588
                            • Instruction ID: b027fe5ba196e9a8fb2017f37e44743b03c0396f17f9ed6f519b1a606e38d31b
                            • Opcode Fuzzy Hash: 828a16ea9bb908f42b46d6bd8d544951a3d0e4d0d70ae9042e0d1aa56ce01588
                            • Instruction Fuzzy Hash: 8BE02E34018B049FC3018B68C486A84BBF8AF06604F8540E2E084CB2F3DA28DC86C352
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D2EE97, Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8fde64fc268b03d32b863b8bce03f3e462cc42d5e8e34dce7c3f6653859cf34f
                            • Instruction ID: a80a2631e25221bfa26a642f7c2b940d535313af1b7289f48fe1d27c1f0e2147
                            • Opcode Fuzzy Hash: 8fde64fc268b03d32b863b8bce03f3e462cc42d5e8e34dce7c3f6653859cf34f
                            • Instruction Fuzzy Hash: 76D0A7327092945FDB024E106C1A6EC7F32DFF1258F2480D3D64086093D124152783B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D25DC8, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ee9d83c15372bb929dbb78448e984baf37dac38e159b320673ba83ae69b9ff1
                            • Instruction ID: c8c620276e4d9cf4f2800223a81531ac4da0d04d5994c20aacaced9026c6de56
                            • Opcode Fuzzy Hash: 9ee9d83c15372bb929dbb78448e984baf37dac38e159b320673ba83ae69b9ff1
                            • Instruction Fuzzy Hash: D4D0A730704726579724972BE85089BB3DEDF842643068C29DA5BC7A64DFB4F85187C4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D262E0, Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 61b846d6df5b19b18c21c76c7b88bb8dd6cb1c4a2613306f6a3d8274e6a65b3a
                            • Instruction ID: 688467d7b15e8a24fd87afbbf4e4fdcfd41a18f98aa05a8286204dcf5005739d
                            • Opcode Fuzzy Hash: 61b846d6df5b19b18c21c76c7b88bb8dd6cb1c4a2613306f6a3d8274e6a65b3a
                            • Instruction Fuzzy Hash: ABC08C352603048FC708CF5AC008E6477E9AF44B15F8580E4E0088B2B2C734ED40CA00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04D23720, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000011.00000002.349278822.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dbb656cb0b38f3f52e2f317db93abb31848466046e3ccdd792b737ac033bca0d
                            • Instruction ID: bade69125d2230f729c60748f1c9169dd9afd48a7c9eb8c7b52ec230e5a9d13b
                            • Opcode Fuzzy Hash: dbb656cb0b38f3f52e2f317db93abb31848466046e3ccdd792b737ac033bca0d
                            • Instruction Fuzzy Hash: A1C080F9944309EBE7030F508D11EC4BF71D711700F014CE1D2C08C162D3B10856D762
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Analysis Process: NXLun.exe PID: 5388 Parent PID: 5372 NXLun.exeCOMMON

                            Executed Functions

                            Function 02E66B50, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                            Download Yara Rule
                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 02E66BB0
                            • GetCurrentThread.KERNEL32 ref: 02E66BED
                            • GetCurrentProcess.KERNEL32 ref: 02E66C2A
                            • GetCurrentThreadId.KERNEL32 ref: 02E66C83
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: 7eb032ac9a1c60f7d88763f023871da7ed2433f15a5d29900ea1379380064f93
                            • Instruction ID: f6785b9a632c624caabc3dbea46c72cd63e1d788edb7caba3b86758eed11bbfa
                            • Opcode Fuzzy Hash: 7eb032ac9a1c60f7d88763f023871da7ed2433f15a5d29900ea1379380064f93
                            • Instruction Fuzzy Hash: AF5157B09106498FDB14CFA9D6897DEBBF5EF48314F20845AE019A7360DB749844CF65
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E65184, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                            Download Yara Rule
                            APIs
                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02E652A2
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: CreateWindow
                            • String ID:
                            • API String ID: 716092398-0
                            • Opcode ID: 99819745927ea54f10186e717c7f9011665f08963f5d5dfc079afa9fe36f71f6
                            • Instruction ID: d2c9d48825807a5371b218af0a84cc890acbaf4b8d22e6a84e0ec9fc8ca59a9a
                            • Opcode Fuzzy Hash: 99819745927ea54f10186e717c7f9011665f08963f5d5dfc079afa9fe36f71f6
                            • Instruction Fuzzy Hash: DA51DEB1D403099FDB14CFA9C984ADEBBB5BF48354F64822AE819AB210D7749885CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E65190, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                            Download Yara Rule
                            APIs
                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02E652A2
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: CreateWindow
                            • String ID:
                            • API String ID: 716092398-0
                            • Opcode ID: 7daa8204c5cc498be2d26f9540d9d72df8e9e3a91119b1f5c01f0b75dde4dba0
                            • Instruction ID: 9055b83fc82f9e7ee4470e64e6e34a973305e6e812ad8b356ba93b4715d70037
                            • Opcode Fuzzy Hash: 7daa8204c5cc498be2d26f9540d9d72df8e9e3a91119b1f5c01f0b75dde4dba0
                            • Instruction Fuzzy Hash: 6241BFB1D503099FDB14CF99C884ADEBFB5BF48354F64812AE819AB210D775A885CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E66964, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                            Download Yara Rule
                            APIs
                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 02E67CF9
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: CallProcWindow
                            • String ID:
                            • API String ID: 2714655100-0
                            • Opcode ID: a618a44a75bd6562ba7241bd7835497f339c0bfc024dcb10928b47a29b35fccd
                            • Instruction ID: 0cbaeb3271c156453d52678a86e933f49e5b7d26570fe2b1c1e3660ca261b99d
                            • Opcode Fuzzy Hash: a618a44a75bd6562ba7241bd7835497f339c0bfc024dcb10928b47a29b35fccd
                            • Instruction Fuzzy Hash: 5D4139B4A403058FDB14CF99C488BAAFBF5FB89358F15C459E419A7321D774A841CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E6C3A9, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                            Download Yara Rule
                            APIs
                            • RtlEncodePointer.NTDLL(00000000), ref: 02E6C432
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: EncodePointer
                            • String ID:
                            • API String ID: 2118026453-0
                            • Opcode ID: 2ac53eb10b9af5148c5a33fe5c7d1dae7c85d27f41afeb574d932f1250ecab29
                            • Instruction ID: ce5fb83f06838f63876f71b1e6972f367d79502c2ff564e76a09211fdde1b8fd
                            • Opcode Fuzzy Hash: 2ac53eb10b9af5148c5a33fe5c7d1dae7c85d27f41afeb574d932f1250ecab29
                            • Instruction Fuzzy Hash: 7831EB718883448EDB10DFA8D94D3EEBFF0EB46358F28905AD488A3652C7795846CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E66D72, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02E66DFF
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: e6def93734dd9d204204710a01e3079d9a86a320c3ef3c89d0518c016751e893
                            • Instruction ID: 538f851974eac063164640621c023f81a6e1dbeaa065336d5bedfc8ef466160e
                            • Opcode Fuzzy Hash: e6def93734dd9d204204710a01e3079d9a86a320c3ef3c89d0518c016751e893
                            • Instruction Fuzzy Hash: 3121E4B59002089FDB10CFA9D988ADEFBF8EB48324F14841AE954B3310D379A955CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E66D78, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02E66DFF
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: ecae08ecad038e8bb2417a2e55de5850a83e5953c61458afb2741f7542130650
                            • Instruction ID: 20b378cc64d4ecee3ecfff5e952293412b3825280f95abc0cd8571f3d837fe1c
                            • Opcode Fuzzy Hash: ecae08ecad038e8bb2417a2e55de5850a83e5953c61458afb2741f7542130650
                            • Instruction Fuzzy Hash: E721E4B59002089FDB10CFA9D588ADEFBF8EB48324F14841AE914B3310D378A955CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 02E6C3B8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                            Download Yara Rule
                            APIs
                            • RtlEncodePointer.NTDLL(00000000), ref: 02E6C432
                            Memory Dump Source
                            • Source File: 00000012.00000002.500448025.0000000002E60000.00000040.00000001.sdmp, Offset: 02E60000, based on PE: false
                            Similarity
                            • API ID: EncodePointer
                            • String ID:
                            • API String ID: 2118026453-0
                            • Opcode ID: 50e077b67f32e4f5b1b455a370fd800204f75e5d9cf94afdb87cf9f02357802c
                            • Instruction ID: ea4048cb7fb05baf81e70a65c0f5f7bd8066004c3fc70eb73fd5720a967a690c
                            • Opcode Fuzzy Hash: 50e077b67f32e4f5b1b455a370fd800204f75e5d9cf94afdb87cf9f02357802c
                            • Instruction Fuzzy Hash: 731158719803058ECB10DFA9C54C7EABBF4EB48354F20842AD444A3A00C7796946CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 011FD53C, Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000012.00000002.499700971.00000000011FD000.00000040.00000001.sdmp, Offset: 011FD000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f6a4b1d88f04c0cf1f1a7672c815afbcefeb7a95e4f1e4fc7e0f52349fb53fe7
                            • Instruction ID: e7ee535c2140de04e912a399e91f2c391b18737c7af2e187c42b67d0d43964d5
                            • Opcode Fuzzy Hash: f6a4b1d88f04c0cf1f1a7672c815afbcefeb7a95e4f1e4fc7e0f52349fb53fe7
                            • Instruction Fuzzy Hash: 6E2106B1504240DFDF09DF54E9C4B36BF75FB84328F2485ADEA094B256C336D856CAA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 011FD450, Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000012.00000002.499700971.00000000011FD000.00000040.00000001.sdmp, Offset: 011FD000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65a1887334e57a97d82c611f8e76bea28c52e26682403830b61807d11ac0a327
                            • Instruction ID: 3f314d9a90b79c72f3c5c1521089a8f3905557fefcd08a02f9a2345d58a00c30
                            • Opcode Fuzzy Hash: 65a1887334e57a97d82c611f8e76bea28c52e26682403830b61807d11ac0a327
                            • Instruction Fuzzy Hash: 3B2124B1504240DFDF19DF54E9C4B76BB65FB88324F2085ACEA054B616C336E805CAA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0120D01C, Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000012.00000002.499769273.000000000120D000.00000040.00000001.sdmp, Offset: 0120D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41d614081c316b662d9671e685a471ec1c0f359e89e41f70042c312062eb47dd
                            • Instruction ID: 684d617586b8c80d5621b0ebdb31c6998e777f438eb140f58daf327a25350924
                            • Opcode Fuzzy Hash: 41d614081c316b662d9671e685a471ec1c0f359e89e41f70042c312062eb47dd
                            • Instruction Fuzzy Hash: 2B2125B5514248DFDB12CFA4D9C0B26BB66FB84354F20CAA9D90D4B287C377D806CA61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 011FD537, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000012.00000002.499700971.00000000011FD000.00000040.00000001.sdmp, Offset: 011FD000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b88a7ec900b8d9d152df82f6a6fdb144c596dfe53c5a765c19d03004c3cb1d32
                            • Instruction ID: 764c02f879d85ae1047abe8832eb1b8d6c18a6c39c51f26b32aad3c83bb2710c
                            • Opcode Fuzzy Hash: b88a7ec900b8d9d152df82f6a6fdb144c596dfe53c5a765c19d03004c3cb1d32
                            • Instruction Fuzzy Hash: 18119D76404280CFCF16CF54D5C4B26BF72FB84324F2486A9D9094B616C336D456CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 011FD44B, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000012.00000002.499700971.00000000011FD000.00000040.00000001.sdmp, Offset: 011FD000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b88a7ec900b8d9d152df82f6a6fdb144c596dfe53c5a765c19d03004c3cb1d32
                            • Instruction ID: 2ef1eed974eebe2bb02373bbed7c92207ee21a47bdca07b44dc0393aa40168cf
                            • Opcode Fuzzy Hash: b88a7ec900b8d9d152df82f6a6fdb144c596dfe53c5a765c19d03004c3cb1d32
                            • Instruction Fuzzy Hash: 6A119D76404280CFDF16CF54E5C8B26BF71FB84324F2486ADD9090B626C336D45ACBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0120D017, Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000012.00000002.499769273.000000000120D000.00000040.00000001.sdmp, Offset: 0120D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4025d37efdfbce0e093f44a05613069a3d82dc03039e765c907437c890d8199e
                            • Instruction ID: d0b02bb7fc85deb594623452a486d642b929d667f34ba7fe41feb2e8bc202901
                            • Opcode Fuzzy Hash: 4025d37efdfbce0e093f44a05613069a3d82dc03039e765c907437c890d8199e
                            • Instruction Fuzzy Hash: 6511BE75504284CFCB12CF54D5C4B15BB72FB44324F24C6A9D9094B697C33AD44ACBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Analysis Process: NXLun.exe PID: 1660 Parent PID: 3292 NXLun.exeCOMMON

                            Executed Functions

                            Function 030C5A88, Relevance: .3, Instructions: 317COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bbd3d12600351918a58ebb64d95af948a490a953ff236168167964ff86a8716b
                            • Instruction ID: 66532ba50f1bbd6c4fa4dcea7e47a07641544a436c15b295c06ee935119bf826
                            • Opcode Fuzzy Hash: bbd3d12600351918a58ebb64d95af948a490a953ff236168167964ff86a8716b
                            • Instruction Fuzzy Hash: 77F17074E012299FDB64CFA9C980B9DBBF2FB48300F1081AAD909A7354EB755E85CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C5431, Relevance: .2, Instructions: 169COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4fa0f69345a8d8cfb13836069dbe20a2170eaf9062060224b208a27124291943
                            • Instruction ID: dd425481d6128433aaa25558bb01de3c500f0f17cd13bdb37e141a7a22a184d6
                            • Opcode Fuzzy Hash: 4fa0f69345a8d8cfb13836069dbe20a2170eaf9062060224b208a27124291943
                            • Instruction Fuzzy Hash: 8271E674E012188FDB04DFA9D990ADDBBF2FF89314F248069E505AB364DB35A942CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C3F58, Relevance: .2, Instructions: 161COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f312cb1e15bb13949a8b8102cd30b7323de464a077ff4bb21e177da7f4ba5a6d
                            • Instruction ID: 70fdf8f3cf53779eb3509faa66fb3909dd1c2be56e7b105539b54aa3baa3e17b
                            • Opcode Fuzzy Hash: f312cb1e15bb13949a8b8102cd30b7323de464a077ff4bb21e177da7f4ba5a6d
                            • Instruction Fuzzy Hash: 0471C2B4E002188FDB04DFA9D990ADDBBF2FF89310F208169E505AB364DB35A946CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C4C90, Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: D0!l
                            • API String ID: 0-3653422454
                            • Opcode ID: 2a86b07e2e6adc5006122cd32c940b851444a080fc122825dc5d388f3a613238
                            • Instruction ID: f9e3cfbc553c1d866186643f16e3926bdd1432547a05b3726f4ac5c175fb958c
                            • Opcode Fuzzy Hash: 2a86b07e2e6adc5006122cd32c940b851444a080fc122825dc5d388f3a613238
                            • Instruction Fuzzy Hash: 9F513335B1511A8BCF19EB7488712AEB6F2FF84208B26457ED502EB384DF399C028790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C4758, Relevance: .4, Instructions: 365COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7d46ef695df3771bd087421873d092775d998cfd18fd29c786c6e5aa7debdb6d
                            • Instruction ID: f501985c5b62b57f2413b27479570277c53ea6fcfc240e467bd9381bebf97664
                            • Opcode Fuzzy Hash: 7d46ef695df3771bd087421873d092775d998cfd18fd29c786c6e5aa7debdb6d
                            • Instruction Fuzzy Hash: 10E1D134B141499FCB15DFA6DA507AEBBB2FF88304F2580A8D506B7364CB39AD41CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C790C, Relevance: .3, Instructions: 259COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bfba2dc78edf1edb08bed60fc9aedae7bf3047c756bc51506ca6c534422946dd
                            • Instruction ID: ffbd8da58fb14c3406014ffcbb615cc1f1404ae1c58e263c3edcb2577fe2d50e
                            • Opcode Fuzzy Hash: bfba2dc78edf1edb08bed60fc9aedae7bf3047c756bc51506ca6c534422946dd
                            • Instruction Fuzzy Hash: 08B15B75A047028FC704EF28C48499EBBB2FF89314B158999E546CB776DB70ED4ACB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C7960, Relevance: .2, Instructions: 230COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b5ace0f204cf89ec8081594a0820f97dc31a0dd40a1ba90dedb037c09d86c420
                            • Instruction ID: 985e6ef963e3801db83b399b9fdf82786fbad81743e1249b230c2be963832a97
                            • Opcode Fuzzy Hash: b5ace0f204cf89ec8081594a0820f97dc31a0dd40a1ba90dedb037c09d86c420
                            • Instruction Fuzzy Hash: 35A12375A006029FC704EF28C48485EBBF2FF893147528999E54A8B766DB70ED4ACB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C5A78, Relevance: .1, Instructions: 136COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 83855dab750ed2a7404519324e2621c2765589e1876b70c665fefbbc3f4826d5
                            • Instruction ID: 4caec45cb836a22981092b745b437d055c2a77e308f948cb1dbab3bf6e4db48e
                            • Opcode Fuzzy Hash: 83855dab750ed2a7404519324e2621c2765589e1876b70c665fefbbc3f4826d5
                            • Instruction Fuzzy Hash: A4717C78A012289FDBA4CF69D980B98BBF0FB49710F1081DAE919E7355D735AE81CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C99C0, Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14824b56806f5f04067c1fb07b4ef79bc0caa8dc20b78326424e64c913d13795
                            • Instruction ID: 35eff331baf51873184eec56512d863afe8f445e2517d96e605baea475d9aa2d
                            • Opcode Fuzzy Hash: 14824b56806f5f04067c1fb07b4ef79bc0caa8dc20b78326424e64c913d13795
                            • Instruction Fuzzy Hash: F5414D71A042098FCB10DF59D880AAEB7F6FF84314B19C999D50A9B355DB71FD068BE0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CC460, Relevance: .1, Instructions: 124COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bc222be6b9a0178f7fd07ac472adef3ba527e294b6a984b0de040b01021cedaf
                            • Instruction ID: a492bea6631409bd4d4a85c8352d3ca12b5791eacf1ba914efed00caee6547d6
                            • Opcode Fuzzy Hash: bc222be6b9a0178f7fd07ac472adef3ba527e294b6a984b0de040b01021cedaf
                            • Instruction Fuzzy Hash: 5331F23270A6508FD725DB19D880A9FB7E5EB8566071DC5AEC54ECB742CA31EC06CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CB160, Relevance: .1, Instructions: 124COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f431026443aa51bb4d466c73e01578e812a2b5fc1422bada622a2312c767a33
                            • Instruction ID: cf56392c3f99a5869674c9b10ebaf279730d4f0587ec5959e7853c83d0e0ef1b
                            • Opcode Fuzzy Hash: 1f431026443aa51bb4d466c73e01578e812a2b5fc1422bada622a2312c767a33
                            • Instruction Fuzzy Hash: 7A419A752003018FD314AB74D494A1ABBF3FB88218B448A6DE1478B794DF75FD0B9B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CB170, Relevance: .1, Instructions: 118COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bfbaafcd5cd200d34537139348d996ae1c1f43da47a20fae03ac0c142b3f03e1
                            • Instruction ID: d86f8119901b3bb5a2f9c1678458d2af41ef35d7650ae5e94b53d92e761a1409
                            • Opcode Fuzzy Hash: bfbaafcd5cd200d34537139348d996ae1c1f43da47a20fae03ac0c142b3f03e1
                            • Instruction Fuzzy Hash: 67417B352003018FD314AB74D494A1ABBF3FF88208B448A6DE1478B794DF75FD0A9B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA160, Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 13f7c00aa75a38dad813f2cad543b9de29d02f6a3b251c8c657ea54bae24c75f
                            • Instruction ID: c0fd0186a99139906baa6e2400d211dc4a8d4436eefc0a4fe7f3735b5d1820b6
                            • Opcode Fuzzy Hash: 13f7c00aa75a38dad813f2cad543b9de29d02f6a3b251c8c657ea54bae24c75f
                            • Instruction Fuzzy Hash: 68416C706047009FD354EB65D484A5A7BE2BF91318F81CD9CC1478B7A5DFB8E90A8B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C6030, Relevance: .1, Instructions: 114COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b7246ab6699f7be66d7f574d020b7fc330fe3e29516fffb5f118b05a517889ea
                            • Instruction ID: b661583a317445ad44deddc428bec6890f123175215f33722e6c18dbe543e669
                            • Opcode Fuzzy Hash: b7246ab6699f7be66d7f574d020b7fc330fe3e29516fffb5f118b05a517889ea
                            • Instruction Fuzzy Hash: 30410374E012089FDB58CFA9D894BDDBBF2BF48305F148029E405BB3A4DB755945CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA170, Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 668575c1a2381bd1e30c6e6eda59bb8b8293322b2c3d7ffe79fca377a4512579
                            • Instruction ID: 2a44f894c2a89a276ea45c427c6e0ab91c2710f63be63ee346794b7d6ca7c234
                            • Opcode Fuzzy Hash: 668575c1a2381bd1e30c6e6eda59bb8b8293322b2c3d7ffe79fca377a4512579
                            • Instruction Fuzzy Hash: CD4137706007019FD354EB65D484A5ABBE2BF81718F81CD9CC1478BBA5DFB8E90A8B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C4168, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 86f5ab88cd5a71e30f08ff5c8e155186171886cab0e6696960e8ef49a197157e
                            • Instruction ID: 00932fae758171c15982f70d1c883328e00a43a5118d55b2fccf651daece149b
                            • Opcode Fuzzy Hash: 86f5ab88cd5a71e30f08ff5c8e155186171886cab0e6696960e8ef49a197157e
                            • Instruction Fuzzy Hash: 1D41F275E10608DBCB08DFAAE8809DDFBB2FF89310F14816AE815B7364DB306841CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA710, Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 52d61b6c9df87eef43427356e0e5b20f766149acd9ab62bc27694108b62527a5
                            • Instruction ID: 4ed33576e883bd510419b1884399ea1d55de1ff1d7b701ec427fa16d139dcba9
                            • Opcode Fuzzy Hash: 52d61b6c9df87eef43427356e0e5b20f766149acd9ab62bc27694108b62527a5
                            • Instruction Fuzzy Hash: AD2160753403011FE708B7B6E8A177A26A3EBD0614F498D68D5039F684DEB5AD0B17D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C4158, Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 94dbb5e1591dd95b2acd7b2a290a72a5058bd11c7862bcae29873db0bc155a87
                            • Instruction ID: bf730b03e0319db92ad553d6035772a62d33b40baaf7645c99ad118a36125218
                            • Opcode Fuzzy Hash: 94dbb5e1591dd95b2acd7b2a290a72a5058bd11c7862bcae29873db0bc155a87
                            • Instruction Fuzzy Hash: BF31F475E142089FDB08CFAAE8909DDBBB2FF89310F15C16AE815BB364DB3158468B50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C4286, Relevance: .1, Instructions: 69COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5556a2216faecc383a932477365cf5e50c0793c7ceddf9ab7d0926143bb7bdff
                            • Instruction ID: b45da620201d3431bda71ed84ee39c5daa60ffcbf85e528f1a714b95a865d4e6
                            • Opcode Fuzzy Hash: 5556a2216faecc383a932477365cf5e50c0793c7ceddf9ab7d0926143bb7bdff
                            • Instruction Fuzzy Hash: C911B130B211558BDB69DBBA88217BF76EAFBC4664B48812DD906DB340EB3888018795
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C3E78, Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bdf586e5a2a5e26c31d58f016c230afe6878d99ed9a172cbbb29b4f163949776
                            • Instruction ID: 05c9319a3815b90d8875991811e5efa245bc900a49eac9e833d7f748f66021e2
                            • Opcode Fuzzy Hash: bdf586e5a2a5e26c31d58f016c230afe6878d99ed9a172cbbb29b4f163949776
                            • Instruction Fuzzy Hash: EE215C74D002089FDB04DFA5D9506DEBBB2FF88314F208169C501B7364DB395A82CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA828, Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c5470435c128f29f03e433720bfcd775ccd6cb4e9359356edfb42417cda199ec
                            • Instruction ID: 0e775ded29a399e4cb8cf590b34301b48f6a54d754550a973ad97c580972d722
                            • Opcode Fuzzy Hash: c5470435c128f29f03e433720bfcd775ccd6cb4e9359356edfb42417cda199ec
                            • Instruction Fuzzy Hash: D611EE30B043458FC710DB68D48496FBBF6FF85218B05896DD6468B700DBB5AD0A8BA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C3E88, Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a622a3ca308964806a65b153a2b50e9d2f33027da13fa60ea942bade76b66076
                            • Instruction ID: 34ceca25059f3e65d917ab0941e7890ad145cea604081c5a650c760ace4f3026
                            • Opcode Fuzzy Hash: a622a3ca308964806a65b153a2b50e9d2f33027da13fa60ea942bade76b66076
                            • Instruction Fuzzy Hash: BE21E774E002089FDB04DFA5D95059EBBB2FF88314F208169D505B7364DB795A86CFA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA838, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9e3f03147cd2ce75348ad6ceabeb01fc374929fbb70f806a2c5e60781a299a18
                            • Instruction ID: 4fe8946a5aa866769bd89d440b0d95849f88945a2c5ea7327c7bd5f06d537993
                            • Opcode Fuzzy Hash: 9e3f03147cd2ce75348ad6ceabeb01fc374929fbb70f806a2c5e60781a299a18
                            • Instruction Fuzzy Hash: BB11E070B0470A8FC720DB68D48496FB7E6FFC4218B04892DD6068B700EFB1ED0A8B94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C9B40, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d5a75048079b47829917fce1a43aaf93ba3f7933c984053c1dfe58149170e29
                            • Instruction ID: a4be2bf20478e99b1b3accf79d5ce45a7eda446434f7eb5d58f46234ba5d07ae
                            • Opcode Fuzzy Hash: 5d5a75048079b47829917fce1a43aaf93ba3f7933c984053c1dfe58149170e29
                            • Instruction Fuzzy Hash: 9D119D312003058BC314AF29E88485ABBE2FFC02287148E6DD15B8B754DFB2FA0B87D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C61D8, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dde10ec512710ce9636bfdfd4d35528f95820472714db399aa68d5bbfecabd29
                            • Instruction ID: 5e342c90909c57b75a38b3324d6779f38316f228543f34546d8164c932ec6fac
                            • Opcode Fuzzy Hash: dde10ec512710ce9636bfdfd4d35528f95820472714db399aa68d5bbfecabd29
                            • Instruction Fuzzy Hash: C301263260E7944FD3108BA9D8A86BE7FF4DB42224F0808AFD542CB293C62D9908D371
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C508F, Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 404d0192c6aa5f38d0631622741d7b48e31987ee674af99b061095e29c6eeb1c
                            • Instruction ID: d5d5bdf05878fe4113916ae68b876e69d76286868af845da114fb98f0555cbe3
                            • Opcode Fuzzy Hash: 404d0192c6aa5f38d0631622741d7b48e31987ee674af99b061095e29c6eeb1c
                            • Instruction Fuzzy Hash: 9A115574E102598FCB44DBB8D8546EDBBF0FF89314F1041AED416AB750DB3A6802CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C50F3, Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d0b74a0c3c53fe9ee8b07d77ab50f505034b48819ea5dee93363af1d80562d06
                            • Instruction ID: 36763552b4ea16d22d3a7fcb51e7a247e42e3b4c794309dd11c0030b3ac67f7b
                            • Opcode Fuzzy Hash: d0b74a0c3c53fe9ee8b07d77ab50f505034b48819ea5dee93363af1d80562d06
                            • Instruction Fuzzy Hash: B8011274E102198FCB44EFA8C8146EEBBF4BF48204F10456AD405E7750EB396A01CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C4EE0, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ada4e3e3d3b54d28c6789bfcf921364b9f01fd4b3ea10425818e056d52cec0b7
                            • Instruction ID: 78258c69febdc8875824e2e7b6a691f537c7557b0cb34cbc48f2e12e67d6ffb8
                            • Opcode Fuzzy Hash: ada4e3e3d3b54d28c6789bfcf921364b9f01fd4b3ea10425818e056d52cec0b7
                            • Instruction Fuzzy Hash: E8F06D31E251589BDB19CBAAE8245EDFBB6FB8C321F04846AE41173244CB7159198BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C50E1, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: da0bf3a45e238c7db4fd40ab5dae4397205bb3cedef09da14bce5cb7289cef67
                            • Instruction ID: 6858c1db3651037eb265c151f73cbb3cfc72e847ec43c2990e12fdb0ce8b53e5
                            • Opcode Fuzzy Hash: da0bf3a45e238c7db4fd40ab5dae4397205bb3cedef09da14bce5cb7289cef67
                            • Instruction Fuzzy Hash: 7BF08C39A24114CFCF04DB68D8166ED77F5FF4D314B2001AAD416A77A1CB39AD05CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA910, Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f2534e885939a3c0bc953e65870e222cb4197da643599c2f1201b62b6974ef9a
                            • Instruction ID: b4bd1d1e6195a12d6258624c483c9f936e4eb62652af95e8cdb20a14c632b374
                            • Opcode Fuzzy Hash: f2534e885939a3c0bc953e65870e222cb4197da643599c2f1201b62b6974ef9a
                            • Instruction Fuzzy Hash: 55E0ED31E0420CAFCB04DFA4E455A9DBBF9EB45315F0045F9D805D3340EA796A099F85
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CC032, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65a27a08d4b69a49b5b26c8ff6e5c0844509318c9223b9eb399685f749026c7e
                            • Instruction ID: 6846243c7d15fba6c4b71814adecd53be5131f241241c5b2fc40bb26377631d2
                            • Opcode Fuzzy Hash: 65a27a08d4b69a49b5b26c8ff6e5c0844509318c9223b9eb399685f749026c7e
                            • Instruction Fuzzy Hash: B5E0C2734562468FE3008760EC497983B75EF80320F8945EBD8088B967DA5D59978B92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA920, Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0bb0074ff7cc7d4aff44c8badae8e7e3cea5b0a38e777e91d53d488f914eedd1
                            • Instruction ID: 55a781005b80822a9dbe5e2f2b74fa40411c0775b51d0e1c78c4f5cb0714d8eb
                            • Opcode Fuzzy Hash: 0bb0074ff7cc7d4aff44c8badae8e7e3cea5b0a38e777e91d53d488f914eedd1
                            • Instruction Fuzzy Hash: 9CE09274E0420CAF8B44EFA8E45599DBBF5EB49304F0085E9A809E7344EA746A098F85
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C3E40, Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c4374a9b97c8b8e7f766599d36b7b038143bf15b82010e67bc63211c061ad541
                            • Instruction ID: 9bf9ea1c25daffaa117e1e51228d6ef0fa4423393d9c6a9630f1efc19e2f6f12
                            • Opcode Fuzzy Hash: c4374a9b97c8b8e7f766599d36b7b038143bf15b82010e67bc63211c061ad541
                            • Instruction Fuzzy Hash: E5D05E30566609DFC314CB68E41572AB7ACFB0630BF0086E8E508A7291E7369859C784
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C6391, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ea0a1361ca919071434b2b426c6d8d2c5a5ad91622fc8c8c1573edf649f9d90
                            • Instruction ID: b6e547230d0ea604a46982cfcd9198ad738c927ec94c67b5ae42349e5f735603
                            • Opcode Fuzzy Hash: 6ea0a1361ca919071434b2b426c6d8d2c5a5ad91622fc8c8c1573edf649f9d90
                            • Instruction Fuzzy Hash: 2DD05E324093504FD742AB24E9829C87B709E955153064DD6D0018F65BD7289A0F8BB6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CC558, Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af254a9dd054018a8d744aa517baf1566ec6d156f2a79a144c7544e2191e0d3e
                            • Instruction ID: c85b79831022b5cae51b21747e8d2607edbca58bfe9b471681bddb0c0546fd21
                            • Opcode Fuzzy Hash: af254a9dd054018a8d744aa517baf1566ec6d156f2a79a144c7544e2191e0d3e
                            • Instruction Fuzzy Hash: 6ED0A9B61002002BE3008A20CC9075B3FA2FBE4358F96842BE40499328CEBDC806D695
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030C3E50, Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 40d6fd17aff4aeb3ee2dfcee4e6fd7832e4c6a795f19392755ab7f02f995fa1f
                            • Instruction ID: 8157703c3d6efadda4d960a2f09c2469d527d9658d3990c917faf71bc03c9ca8
                            • Opcode Fuzzy Hash: 40d6fd17aff4aeb3ee2dfcee4e6fd7832e4c6a795f19392755ab7f02f995fa1f
                            • Instruction Fuzzy Hash: C6C012308262089BC314DBA8A419729BAACE706347F0095D9E50852140DB325444C655
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CB400, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 20afa5348608996ab53865e2acf49201326cce4169c45903527270910d018f12
                            • Instruction ID: 6c092c9270701c2e94a639788859c023abc883559795a165fbc609fea3b6847b
                            • Opcode Fuzzy Hash: 20afa5348608996ab53865e2acf49201326cce4169c45903527270910d018f12
                            • Instruction Fuzzy Hash: 2FC08C334402091BDA411720F8873C87BADE74176CF614412EE0899A10DA6D7A8B2164
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CA8E8, Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 950238fe85526d5199e11650a0d4346ebceed70c37bc095bcd480d14cd0bd2c7
                            • Instruction ID: 5f46b9fb519fcf69999d34f8e824decfede4b02afd81869e7354fe6716f6f9cb
                            • Opcode Fuzzy Hash: 950238fe85526d5199e11650a0d4346ebceed70c37bc095bcd480d14cd0bd2c7
                            • Instruction Fuzzy Hash: F4C01261A493884FC711CA989A590953B20DF4221671809DBD804DB652D5278E104746
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CB3D8, Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c267af1879342ad03436440efee0662175980b8c9e5f52c2fe8c7f89bfb74db8
                            • Instruction ID: 3a97b39d200d0ae6612d8c30c847e6ee2032e500fbd999e8ed7a1549b6c4b70c
                            • Opcode Fuzzy Hash: c267af1879342ad03436440efee0662175980b8c9e5f52c2fe8c7f89bfb74db8
                            • Instruction Fuzzy Hash: F1C04C2354800443EA458121DAE23D967B6E3805A4F6A84518B015D654D92EA9479150
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CC008, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 25118e164a5f5de182130933c8cce2e405a7094fcd0b38619cb8cf3948ad2e10
                            • Instruction ID: c906ea90fc58b6e2c728dbb9c1d4c6622e719f8ade9552f67b900cfe64ae8d55
                            • Opcode Fuzzy Hash: 25118e164a5f5de182130933c8cce2e405a7094fcd0b38619cb8cf3948ad2e10
                            • Instruction Fuzzy Hash: EEC08C3268E2808FDB0182908CBA31A2BB2EB81311BE800CAC6008F293E94C8C44C3D1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CC040, Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b62aac8d7ae209bc2bf098f158796c627493b940b2224bcf673aaeebea767196
                            • Instruction ID: 461165edbdd978c5748e92b39e723f492fc1d4ca5d73d6b130a3ce54910ab282
                            • Opcode Fuzzy Hash: b62aac8d7ae209bc2bf098f158796c627493b940b2224bcf673aaeebea767196
                            • Instruction Fuzzy Hash: 07B0123143460ECF86406B61F4054043B2EF6803087C00491E10D465259FB829954BC8
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 030CB410, Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000014.00000002.348280942.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8f0b30ef9d7f68bef437a741a9049c8bd259aebffb3ebed7b1e470892df0a731
                            • Instruction ID: 6bf43d2038a23465de1182ab6e1054c5840f5f5b10175fa6fadbb85e29599dd9
                            • Opcode Fuzzy Hash: 8f0b30ef9d7f68bef437a741a9049c8bd259aebffb3ebed7b1e470892df0a731
                            • Instruction Fuzzy Hash: 98B0123081430E4F86806B51F406408372E968130CB408451E20D49625AFB42D555698
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions